During update to UCS 5.1-0 the nslcd.poistinst failed on one test system (student09): === Setting up nslcd (0.9.11-1) ... Adding system user `nslcd' (UID 122) ... Adding new group `nslcd' (GID 129) ... Adding new user `nslcd' (UID 122) with group `nslcd' ... chage: Permission denied. Stopped: `/bin/chage -M 99999 nslcd' returned error code 1. Exiting. Removing user `nslcd' ... Removing group `nslcd' ... groupdel: group 'nslcd' does not exist adduser: `groupdel nslcd' returned error code 6. Exiting. dpkg: error processing package nslcd (--configure): installed nslcd package post-installation script subprocess returned error exit status 1 === apparently while running this command: === root@dn1:~# adduser --system --group --home /var/run/nslcd/ \ --gecos "nslcd name service LDAP connection daemon" \ nslcd Adding system user `nslcd' (UID 122) ... Adding new group `nslcd' (GID 129) ... Adding new user `nslcd' (UID 122) with group `nslcd' ... chage: Permission denied. Stopped: `/bin/chage -M 99999 nslcd' returned error code 1. Exiting. Removing user `nslcd' ... Removing group `nslcd' ... groupdel: group 'nslcd' does not exist adduser: `groupdel nslcd' returned error code 6. Exiting. === strace indicates that this file might be part of the cause: === root@dn1:~# cat /sys/fs/selinux/deny_unknown 1 1root@dn1:~# ls -ld/sys/fs/selinux/deny_unknownn -r--r--r-- 1 root root 0 Jan 17 12:26 /sys/fs/selinux/deny_unknow === With the fix for Bug #56005 we intended to disable selinux. Maybe a reboot was missing on this system? uptime is 10 days, matching the timestamp of the selinuxfs mountpoint.
After rebooting the system, the file /sys/fs/selinux/deny_unknon is gone and the selinuxfs filesystem not mounted any longer. And I can again run "chage -l statd", e.g. So, we should add a check into the 5.1-0 preup.
48bccba7104 | Add preup check for selinuxfs Successful build Package: univention-updater Version: 16.0.39 Branch: 5.1-0
18f89e3ef31 | Add preup check for selinuxfs Package: univention-updater Version: 17.0.30 Branch: 5.2-0