Symptoms
Once an installation has been booted into, applying a hotfix over that installation does not change the SELinux policy, but instead uses the previously installed SELinux policy.
Impact
Sync of file objects might fail with an error similar to the following:
01071488:3: Remote transaction for device group [name] to commit id [number] failed with error 01070712:3: Caught configuration exception (0), verify_sync_result:() :Failed to sync files. - sys/validation/FileObject.cpp, line 6276..
Conditions
This affects installations of a later hotfix atop an earlier hotfix, or onto a base build of the same software version. Installation onto a new volume is unaffected.
To determine whether the configuration will experience this issue, use md5sum to see whether the following have the same checksums:
-- /etc/selinux/targeted/modules/active/modules/f5_mcpd.pp
-- /usr/share/selinux/targeted/f5_mcpd.pp.
If the checksums are the same, the system will use the SELinux policy installed with the previous hotfix, and this issue will occur.
Workaround
Instead of installing the hotfix over an existing installation of the base build of that version (or an earlier hotfix), install the base ISO (for example 11.5.4) into a volume, and then install the hotfix onto that volume, without booting the volume in between.
Fix Information
Installing a hotfix over an existing base install now rebuilds the SELinux policy as expected.
