Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
11.6.1, 11.6.0, 11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.2.1
Fixed In:
11.6.1 HF1, 11.6.0 HF8, 11.5.4 HF3, 11.5.1 HF11, 11.4.1 HF10
Opened: Nov 04, 2015 Severity: 3-Major Related Article:
K36285422
Once an installation has been booted into, applying a hotfix over that installation does not change the SELinux policy, but instead uses the previously installed SELinux policy.
Sync of file objects might fail with an error similar to the following: 01071488:3: Remote transaction for device group [name] to commit id [number] failed with error 01070712:3: Caught configuration exception (0), verify_sync_result:() :Failed to sync files. - sys/validation/FileObject.cpp, line 6276..
This affects installations of a later hotfix atop an earlier hotfix, or onto a base build of the same software version. Installation onto a new volume is unaffected. To determine whether the configuration will experience this issue, use md5sum to see whether the following have the same checksums: -- /etc/selinux/targeted/modules/active/modules/f5_mcpd.pp -- /usr/share/selinux/targeted/f5_mcpd.pp. If the checksums are the same, the system will use the SELinux policy installed with the previous hotfix, and this issue will occur.
Instead of installing the hotfix over an existing installation of the base build of that version (or an earlier hotfix), install the base ISO (for example 11.5.4) into a volume, and then install the hotfix onto that volume, without booting the volume in between.
Installing a hotfix over an existing base install now rebuilds the SELinux policy as expected.