Bug 1780129

Summary: Should Requires: selinux-policy >= 3.14.5-18
Product: [Fedora] Fedora Reporter: Ed Santiago <santiago>
Component: container-selinuxAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 32CC: amurdaca, dwalsh, jchaloup, lsm5, rh.container.bot
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: container-selinux-2.144.0-2.fc32 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-01 19:30:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ed Santiago 2019-12-05 13:19:52 UTC 
container-selinux-2:2.123.0-0.3.dev.git0b25a4a.fc32, with selinux-policy-3.14.5-5.fc32, does not work at all: 'podman run alpine date' (or anything) results in an AVC.

Trying to reinstall container-selinux gives a hint:

    # dnf reinstall container-selinux
    ...
    Running scriptlet: container-selinux-2:2.123.0-0.3.dev.git0b25a4a.fc32.noarch                                                                             1/2
    libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed with code: 255. (No such file or directory).
    container: libsepol.policydb_read: policydb module version 20 does not match my version range 4-19
    container: libsepol.sepol_module_package_read: invalid module in module package (at section 0)
    container: Failed to read policy package
    libsemanage.semanage_direct_commit: Failed to compile hll files into cil files.
 (No such file or directory).
    /usr/sbin/semodule:  Failed!


dnf-upgrading to selinux-policy-3.14.5-18.fc32 (and, implicitly, libselinux-3.0-0.r1.1.fc32) and dnf-reinstalling containers-selinux gets podman working again.
Comment 1 Ben Cotton 2020-02-11 17:38:05 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.
Comment 2 Fedora Update System 2020-08-28 16:06:18 UTC 
FEDORA-2020-c1a814b41d has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-c1a814b41d
Comment 3 Fedora Update System 2020-08-29 17:08:09 UTC 
FEDORA-2020-c1a814b41d has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-c1a814b41d`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-c1a814b41d

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2020-09-01 19:30:46 UTC 
FEDORA-2020-c1a814b41d has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.