Bug 1596868

Summary: neverallow check fails when upgrading container-selinux
Product: [Fedora] Fedora Reporter: David <davidmenhur>
Component: container-selinuxAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: amurdaca, dwalsh, fkluknav, jchaloup, lsm5
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: container-selinux-2.68-1.git25277c8.fc28 container-selinux-2.69-1.git452b90d.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-27 16:46:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dnf list of upgrades none

Description David 2018-06-29 20:38:44 UTC 
Created attachment 1455574 [details]
dnf list of upgrades

Description of problem:

In the process of updating my computer, the following errors were shown by dnf:

  Upgrading        : container-selinux-2:2.65-1.gitbf5b26b.fc27.noarch                                                                                           47/94 
  Running scriptlet: container-selinux-2:2.65-1.gitbf5b26b.fc27.noarch                                                                                           47/94 
neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9013
  (neverallow base_typeattr_7 unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1489
      (allow spc_t unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/sandboxX/cil:866
      (allow sandbox_x_domain exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:1671
      (allow virtd_lxc_t exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:2062
      (allow svirt_sandbox_domain exec_type (file (entrypoint)))

Failed to generate binary
/usr/sbin/semodule:  Failed!

The rest of the transaction worked, including the verifying step for dnf update

Version-Release number of selected component (if applicable): container-selinux-2:2.61-1.git9b55129.fc27 -> 2:2.65-1.gitbf5b26b.fc27

Steps to Reproduce:
1. dnf update
2. wait for running the scriptlet in the upgrading phase 


Additional info:
The complete dnf transaction can be found attached.
Comment 1 Fedora Update System 2018-07-09 11:03:41 UTC 
container-selinux-2.67-1.git0407867.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a6ebba054
Comment 2 Fedora Update System 2018-07-11 23:40:53 UTC 
container-selinux-2.67-1.git0407867.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a6ebba054
Comment 3 Fedora Update System 2018-07-16 16:43:43 UTC 
container-selinux-2.68-1.git25277c8.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e57fd96913
Comment 4 Fedora Update System 2018-07-19 20:17:33 UTC 
container-selinux-2.68-1.git25277c8.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e57fd96913
Comment 5 Fedora Update System 2018-07-26 11:52:36 UTC 
container-selinux-2.69-1.git452b90d.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-42991b7a1d
Comment 6 Fedora Update System 2018-07-26 16:33:54 UTC 
container-selinux-2.69-1.git452b90d.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-42991b7a1d
Comment 7 Fedora Update System 2018-07-27 16:46:48 UTC 
container-selinux-2.68-1.git25277c8.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2018-08-02 16:21:35 UTC 
container-selinux-2.69-1.git452b90d.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.