semanage_get_lock fails on NFSv4 filesystems

[cryptoknight]

The semanage_get_lock function in libsemanage attempts to acquire exclusive file locks with flock on read-only file descriptors. On labeled NFSv4 root filesystems, this leads to errors like:

# mount -t nfs4
192.168.122.166:/prov on / type nfs4 (rw,relatime,seclabel,vers=4.2,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.19,local_lock=none,addr=192.168.122.166)
# ll /var/lib/selinux/targeted/
total 4
drwx------. 3 root root 4096 Apr 27 18:15 active
-rw-------. 1 root root    0 Apr  4 05:31 semanage.read.LOCK
-rw-------. 1 root root    0 Apr  4 05:31 semanage.trans.LOCK
# semodule -l
libsemanage.semanage_get_lock: Error obtaining direct read lock at /var/lib/selinux/targeted/semanage.read.LOCK. (Bad file descriptor).

(RHEL 8 userspace, 5.10 LTS-based kernel)

Based on available documentation, it appears that lock files must be opened read-write to successfully acquire exclusive locks on NFSv4 (which does not support the local_lock option) with modern kernels. This would change line 1893 of semanage_store.c from

if ((fd = open(lock_file, O_RDONLY)) == -1)

to

if ((fd = open(lock_file, O_RDWR)) == -1)

[fsimula]

I was bit by this very same problem right now, is there any update?