Skip to content

[teleport-update] Fix SELinux warning and error breaking teleport-update remove#59977

Merged
sclevine merged 2 commits intomasterfrom
sclevine/fix-selinux-warning
Oct 6, 2025
Merged

[teleport-update] Fix SELinux warning and error breaking teleport-update remove#59977
sclevine merged 2 commits intomasterfrom
sclevine/fix-selinux-warning

Conversation

@sclevine
Copy link
Copy Markdown
Member

@sclevine sclevine commented Oct 6, 2025
edited
Loading

The selinux.ModuleInstalled function fails when it cannot find SELinux configuration. This function was recently introduced in teleport-update to support installing the SELinux SSH service module. It is called on systems that do not support SELinux.

As a result:

  • A number of teleport-update subcommands now emit a loud warning on systems without SELinux.
  • teleport-update remove no longer works with these systems, as the error is fatal
2025-10-02T22:23:35.520Z WARN [UPDATER]   Failed to remove SELinux module. error:[
ERROR REPORT:
Original Error: *fs.PathError open /etc/selinux/config: no such file or directory
Stack Trace:
/home/ubuntu/mounts/teleport/lib/selinux/read_config_linux.go:31 github.com/gravitational/teleport/lib/selinux.readConfig
/home/ubuntu/mounts/teleport/lib/selinux/selinux_linux.go:222 github.com/gravitational/teleport/lib/selinux.ModuleInstalled
/home/ubuntu/mounts/teleport/lib/autoupdate/agent/setup.go:426 github.com/gravitational/teleport/lib/autoupdate/agent.(*Namespace).removeSELinux
/home/ubuntu/mounts/teleport/lib/autoupdate/agent/setup.go:274 github.com/gravitational/teleport/lib/autoupdate/agent.(*Namespace).Setup
/home/ubuntu/mounts/teleport/lib/autoupdate/agent/updater.go:1238 github.com/gravitational/teleport/lib/autoupdate/agent.(*Updater).Setup
/home/ubuntu/mounts/teleport/tool/teleport-update/main.go:495 main.cmdSetup
/home/ubuntu/mounts/teleport/tool/teleport-update/main.go:255 main.Run
/home/ubuntu/mounts/teleport/tool/teleport-update/main.go:73 main.main
/home/ubuntu/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.linux-arm64/src/runtime/proc.go:285 runtime.main
/home/ubuntu/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.linux-arm64/src/runtime/asm_arm64.s:1268 runtime.goexit
User Message: failed to check if SELinux module is installed
failed to find SELinux type
open /etc/selinux/config: no such file or directory] agent/setup.go:275

changelog: fix selinux warning in teleport-update output and error during remove

Goal (internal): https://github.com/gravitational/cloud/issues/14225

@sclevine sclevine requested a review from capnspacehook October 6, 2025 18:30
@capnspacehook capnspacehook added the selinux Issues related to SELinux module label Oct 6, 2025
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from probakowski October 6, 2025 21:46
@sclevine sclevine added this pull request to the merge queue Oct 6, 2025
Merged via the queue into master with commit 14c0da1 Oct 6, 2025
39 of 43 checks passed
@sclevine sclevine deleted the sclevine/fix-selinux-warning branch October 6, 2025 22:56
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Oct 6, 2025

@sclevine See the table below for backport results.

Branch Result
branch/v16 Failed
branch/v17 Failed
branch/v18 Create PR

@sclevine sclevine mentioned this pull request Oct 7, 2025
Merged
rhammonds-teleport pushed a commit that referenced this pull request Nov 6, 2025
@sclevine @rhammonds-teleport
[teleport-update] Fix SELinux warning and error breaking `teleport-up…
2cce937 
…date remove` (#59977)

* Fix selinux warning

* Update selinux_linux.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bernardjkim bernardjkim bernardjkim approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

@capnspacehook capnspacehook capnspacehook approved these changes

Assignees

No one assigned

Labels

backport/branch/v18 selinux Issues related to SELinux module size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sclevine @bernardjkim @hugoShaka @capnspacehook