SystemEDGE Upgrade on RHEL Fails with "lsm returned with exit code 7"

Document ID : KB000073569
Last Modified Date : 15/03/2018
Show Technical Document Details
Issue:
SystemEDGE Upgrade from 5.x to 5.9 on RHEL fails with CASETUP:BOOTSTRAP:ERR:30811: Installation failed - lsm returned with exit code 7

1. Rerun setup as follows to get more verbose logging:
./ca-setup.sh EULA_ACCEPTED="yes" CA_SETUP_LOG_FILE=/tmp/sysedge.log
CA_SETUP_VERBOSE="yes" CA_SETUP_TRACE="yes"


2.  Check the created sysedge.log for the presence of the following message "Operation not permitted"

/opt/CA/SharedComponents/csutils/scripts/install.csutils: line 237: /opt/CA/SharedComponents/csutils/bin/casrvc: Operation not permitted
error: %post(ca-cs-utils-11.2.12166.0-0000.noarch) scriptlet failed, exit status 126
Script or command "rpm -U "/tmp/ca-setup.jSVC4607/ca-cs-utils-11.2.12166.0-0000.noarch.rpm"" failed with exit code 1.
Reason:         The script or command encountered a problem.
Action:         Find further details in the installation log file
                /opt/CA/SharedComponents/installer/log/CA_SystemEDGE_Core.log.


3.   The Operation not permitted message if the user has root permissions is indicative of an application blocking security product, in this instance CA PIM/Access Control.
Resolution:
  • The first command will set blockrun to no, which means that PIM will not prevent it from running when it becomes untrusted.
# selang -s -c “er PROGRAM ______ blockrun-“

Example:
# selang -s -c “er PROGRAM /opt/CA/SharedComponents/csutils/bin/casrvc blockrun-“

((perform the upgrade))
  • After the upgrade this command will retrust the program.
# selang -s -c “er PROGRAM ______ trust“

Example:
# selang -s -c “er PROGRAM /opt/CA/SharedComponents/csutils/bin/casrvc trust“
  • This command will reinsate blockrun: 
# selang -s -c “er PROGRAM ______  blockrun“

Example:
# selang -s -c “er PROGRAM /opt/CA/SharedComponents/csutils/bin/casrvc blockrun“
 
Additional Information:
​How to Use Seretrust to List Selang Commands That Will Retrust Programs:
https://comm.support.ca.com/kb/PROGRAM-Execution-Denied/KB000031036

How to Prevent PIM from Untrusting a program:
https://comm.support.ca.com/kb/How-can-I-make-PROGRAM-resources-not-be-untrusted-every-time-I-do-a-modification-to-them/KB000015887

How to Determine Why PIM Untrusted a Program:
https://communities.ca.com/thread/241734477