Systemd+selinux vs iptables on centos7, round 2

See Ibcb27199f0ecf3b1e3d927be42112e2ebcb5cd79 for part 1 So it turns out that installing the latest systemd and restarting isn't enough to get this working. It seems that a "systemctl daemon-reload" is required between installing iptables-services and enabling iptables (note, this should *not* be required; the iptables-services .spec file does a "systemctl preset iptables.service" which is documented as being equivalent to a daemon-reload. You can see this failing in the selinux denials in the referenced bug). What does seem to work is upgrading to the latest selinux-policy before installing iptables, so add this in. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1261747 Change-Id: I4c1983019834d676f99becfde4ffd3f8de19c3a6
2015-09-17 15:40:01 +10:00 · 2015-09-17 15:40:01 +10:00 · 043650e805
commit 043650e805
parent ec38cbb341
1 changed files with 3 additions and 2 deletions
--- a/install_puppet.sh
+++ b/install_puppet.sh
@ -55,8 +55,9 @@ function is_opensuse {
 function _systemd_update {
    # there is a bug (rhbz#1261747) where systemd can fail to enable
    # services due to selinux errors after upgrade.  A work-around is
-    # to install the latest version here and restart the daemon after
-    # it is upgraded.
+    # to install the latest version of selinux and systemd here and
+    # restart the daemon for good measure after it is upgraded.
+    yum install -y selinux-policy
    yum install -y systemd
    systemctl daemon-reload
 }