Last Modified: Feb 13, 2019
See more info
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
11.2.1, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7
11.6.1 HF1, 11.6.0 HF8, 11.5.4 HF3, 11.5.1 HF11, 11.4.1 HF10
Opened: Nov 04, 2015
Related AskF5 Article: K36285422
Once an installation has been booted into, applying a hotfix over that installation does not change the SELinux policy, but instead uses the previously installed SELinux policy.
Sync of file objects might fail with an error similar to the following: 01071488:3: Remote transaction for device group [name] to commit id [number] failed with error 01070712:3: Caught configuration exception (0), verify_sync_result:() :Failed to sync files. - sys/validation/FileObject.cpp, line 6276..
This affects installations of a later hotfix atop an earlier hotfix, or onto a base build of the same software version. Installation onto a new volume is unaffected. To determine whether the configuration will experience this issue, use md5sum to see whether the following have the same checksums: -- /etc/selinux/targeted/modules/active/modules/f5_mcpd.pp -- /usr/share/selinux/targeted/f5_mcpd.pp. If the checksums are the same, the system will use the SELinux policy installed with the previous hotfix, and this issue will occur.
Instead of installing the hotfix over an existing installation of the base build of that version (or an earlier hotfix), install the base ISO (for example 11.5.4) into a volume, and then install the hotfix onto that volume, without booting the volume in between.
Installing a hotfix over an existing base install now rebuilds the SELinux policy as expected.