| Summary: | selinux-policy-targeted-3.13.1-180.fc25 scriptlet errors | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kevin Fenzi <kevin> |
| Component: | docker | Assignee: | Lokesh Mandvekar <lsm5> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | rawhide | CC: | adimania, admiller, amurdaca, dominick.grift, dwalsh, ichavero, jcajka, jchaloup, lsm5, lvrabec, marianne, mgrepl, miminar, nalin, plautrba, vbatts |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-03 19:41:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This problem is caused because you have also docker-selinux package on your system. Policy in this package contains some rules which we don't want to allow. This semanage failure is right behaviour. While docker policy is broken, you can use following workround: In /etc/selinux/semanage.conf file, change expand-check=1 option to expand-check=0. Moving to docker component. Should work fine in Rawhide now. |
On upgrading to this version: Upgrading : selinux-policy-targeted-3.13.1-180.fc25.noarch 32/84 neverallow check failed at line 8831 of /var/lib/selinux/targeted/tmp/modules/100/base/cil (neverallow base_typeattr_12 unlabeled_t (file (entrypoint))) <root> allow at line 545 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil (allow spc_t unlabeled_t (file (entrypoint))) <root> allow at line 828 of /var/lib/selinux/targeted/tmp/modules/100/sandboxX/cil (allow sandbox_x_domain exec_type (file (entrypoint))) <root> allow at line 1591 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil (allow virtd_lxc_t exec_type (file (entrypoint))) <root> allow at line 1968 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil (allow svirt_sandbox_domain exec_type (file (entrypoint))) Failed to generate binary /usr/sbin/semodule: Failed!