Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

A virtual machine patch deployment error occurs with some UNIX patches on a Red Hat Enterprise Linux machine (2016037)

Details

After you patch a Red Hat Enterprise Linux machine, VCM reports that the deployment fails for one or more patches even though the packages are available in the mounted patch repository and the patch files are installed correctly. The error occurs because the SELinux policy denies access requested by the RPM. VCM treats such access as an indication of an intrusion attempt or of a change in the version or configuration of the SELinux policy.

Solution

To allow access, generate a local policy override.

  1. On the Red Hat machine, create a policy file named rpmlocal.te and add the following content to the file.
    module rpmlocal 1.0;
    require {
            type inetd_t;
            type rpm_script_t;
            class process transition;
    }
    #============= inetd_t ==============
    allow inetd_t rpm_script_t:process transition;
  2. Run the following command to compile the policy file.
    # checkmodule -M -m -o rpm.mod  rpmlocal.te
  3. Run the following command to create the policy package.
    #  semodule_package -o rpmlocal.pp -m rpm.mod
  4. Run the following command to load the policy into the kernel.
    # semodule -i rpmlocal.pp
The local policy override is persistent and allows the patch deployment without changing the overall policy enforcement.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: