SELinux policy failure - missing policycoreutils-devel

Ron_Northcutt · November 6, 2024, 12:24am

I just setup my new work computer with Bluefin, and am loving it so far. The issue I have is that I need to install “ESET Management Agent” for security and compliance.

I’ve run the script, and it makes it all the way through, but then fails with the error:
“Failed to install SELinux policy due to missing dependencies (policycoreutils-devel).: Current locale settings are invalid”

In cockpit, I can see that the agent service is enabled, but has failed to start. I’ve updated the OS and rebooted just to be sure, but nothing changes. When I look at the support docs for ESET, it confirms that I need to install the package:

Install the policycoreutils-devel package:

yum install policycoreutils-devel (CentOS, Red-Hat, Fedora distributions)

I’ve checked, but policycoreutils is not available via brew, so I am assuming that I need to do something a bit more involved. Since I’m new to Bluefin, I’m unsure of how to proceed. Any advice?

j0rge · November 6, 2024, 1:24am

Is the source to this script publically available so we can take a look?

defeated · November 6, 2024, 2:54am

looks like it is available via rpm-ostree -

% rpm-ostree search policycoreutils-devel 

===== Name Matched =====
policycoreutils-devel : SELinux policy core policy devel utilities

j0rge · November 6, 2024, 3:18am

Not sure what that pulls in but might be worth layering it via rpm-ostree install and see if the script completes?

Ron_Northcutt · November 6, 2024, 2:16pm

The shell script that I was given does reference another shell script on the ESET CDN, but it looks to be encrypted. So, I believe the shell script I have is validating and running it, but I’m not able to see it in plain text.

So, it sounds like I need to use rpm-ostree install for that package and then run the script again. I didn’t know that was a thing! Thanks… I’ll give it a shot and report back.

Ron_Northcutt · November 7, 2024, 10:45pm

This DID allow the script to complete, and now the service is listed… but it fails to start. I get this error in the logs:

eraagent.service: Control process exited, code=exited, status=203/EXEC

I think this might be a problem with permissions. So, the service is there and it tries to start, but it just fails with the 203 status.

Ron_Northcutt · November 7, 2024, 11:09pm

Interesting note - I just tried disabling SELinux, and then starting the service… it works! Then I can enable SELinux again.

So, any ideas on what the issue may be?

m2Giles · November 10, 2024, 4:39pm

Probably need to run restorecon on the files that were installed via that script.

system · February 8, 2025, 4:39pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bluefin/Aurora is not working out for me. Why? General	4	1183	April 20, 2024
LXD or incus without disabling SELinux on Bluefin? Bluefin	2	379	March 24, 2024
Why devbox has been discarded? Bluefin developer-experience	9	500	October 26, 2024
Anyone got Microsoft Intune to work? General	3	59	February 23, 2025
Belgian eid Bluefin	2	66	September 4, 2024

SELinux policy failure - missing policycoreutils-devel

Related topics