SELinux policy failure - missing policycoreutils-devel

I just setup my new work computer with Bluefin, and am loving it so far. The issue I have is that I need to install “ESET Management Agent” for security and compliance.

I’ve run the script, and it makes it all the way through, but then fails with the error:
“Failed to install SELinux policy due to missing dependencies (policycoreutils-devel).: Current locale settings are invalid”

In cockpit, I can see that the agent service is enabled, but has failed to start. I’ve updated the OS and rebooted just to be sure, but nothing changes. When I look at the support docs for ESET, it confirms that I need to install the package:

Install the policycoreutils-devel package:

yum install policycoreutils-devel (CentOS, Red-Hat, Fedora distributions)

I’ve checked, but policycoreutils is not available via brew, so I am assuming that I need to do something a bit more involved. Since I’m new to Bluefin, I’m unsure of how to proceed. Any advice?

Is the source to this script publically available so we can take a look?

looks like it is available via rpm-ostree -

% rpm-ostree search policycoreutils-devel 

===== Name Matched =====
policycoreutils-devel : SELinux policy core policy devel utilities

Not sure what that pulls in but might be worth layering it via rpm-ostree install and see if the script completes?

The shell script that I was given does reference another shell script on the ESET CDN, but it looks to be encrypted. So, I believe the shell script I have is validating and running it, but I’m not able to see it in plain text.

So, it sounds like I need to use rpm-ostree install for that package and then run the script again. I didn’t know that was a thing! Thanks… I’ll give it a shot and report back.

This DID allow the script to complete, and now the service is listed… but it fails to start. I get this error in the logs:

eraagent.service: Control process exited, code=exited, status=203/EXEC

I think this might be a problem with permissions. So, the service is there and it tries to start, but it just fails with the 203 status.

Interesting note - I just tried disabling SELinux, and then starting the service… it works! Then I can enable SELinux again.

So, any ideas on what the issue may be?

Probably need to run restorecon on the files that were installed via that script.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.