Bug 1596409

Summary: scriptlet failed on dnf upgrade: neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9013
Product: [Fedora] Fedora Reporter: Dimitris <dimitris.on.linux>
Component: container-selinuxAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: amurdaca, dwalsh, fkluknav, glyffa, jchaloup, lsm5
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-04 12:12:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
debug log from the dnf install process. none

Description Dimitris 2018-06-28 21:21:53 UTC 
Description of problem:

  Running scriptlet: container-selinux-2:2.65-1.gitbf5b26b.fc27.noarch                                                                                                                  17/34 
neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9013
  (neverallow base_typeattr_7 unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1489
      (allow spc_t unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/sandboxX/cil:866
      (allow sandbox_x_domain exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:1671
      (allow virtd_lxc_t exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:2062
      (allow svirt_sandbox_domain exec_type (file (entrypoint)))

Failed to generate binary
/usr/sbin/semodule:  Failed!

Version-Release number of selected component (if applicable):

2:2.65-1.gitbf5b26b.fc27

How reproducible:

One time when I "dnf upgrade"d my F27 VM

Steps to Reproduce:
1. Ran "dnf --refresh upgrade"
2. Saw above error

Actual results:


Expected results:


Additional info:
Comment 1 Brian Naasz 2018-06-29 19:41:06 UTC 
Created attachment 1455570 [details]
debug log from the dnf install process.

generated by 'dnf reinstall -y --rpmverbosity=debug container-selinux'
Comment 2 Brian Naasz 2018-07-02 13:23:38 UTC 
Not an expert, but this looks to be covered in Bugzilla ticket #1595316.  The libsemanage-2.7-3 update looks to have silenced it for me.
Comment 3 Daniel Walsh 2018-07-04 12:12:13 UTC 
Yup.