A virtual machine patch deployment error occurs with some UNIX patches on a Red Hat Enterprise Linux machine (2016037)
After you patch a Red Hat Enterprise Linux machine, VCM reports that the deployment fails for one or more patches even though the packages are available in the mounted patch repository and the patch files are installed correctly. The error occurs because the SELinux policy denies access requested by the RPM. VCM treats such access as an indication of an intrusion attempt or of a change in the version or configuration of the SELinux policy.
To allow access, generate a local policy override.
- On the Red Hat machine, create a policy file named rpmlocal.te and add the following content to
module rpmlocal 1.0;
class process transition;
#============= inetd_t ==============
allow inetd_t rpm_script_t:process transition;
- Run the following command to compile the policy file.
# checkmodule -M -m -o rpm.mod rpmlocal.te
- Run the following command to create the policy package.
# semodule_package -o rpmlocal.pp -m rpm.mod
- Run the following command to load the policy into the kernel.
# semodule -i rpmlocal.pp