Bug 2068085

Summary: Invalid cross-device link when renaming files on a container
Product: Red Hat Enterprise Linux 9 Reporter: Petr Lautrbach <plautrba>
Component: libsemanageAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0CC: dwalsh, jmarrero, lvrabec, mmalik, plautrba, ssekidde, vmojzis
Target Milestone: rcKeywords: AutoVerified, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: libsemanage-3.3-3.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 11:15:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Lautrbach 2022-03-24 12:35:43 UTC 
Description of problem:
https://github.com/SELinuxProject/selinux/issues/343

Reproducer:

    $ cd selinux1

    $ cat Dockerfile
    FROM fedora:35
    RUN dnf install -y selinux-policy selinux-policy-targeted

    $ podman build -t localhost/selinux . --no-cache

    $ cd ../selinux2

    $ cat Dockerfile
    FROM localhost/selinux
    RUN semodule -B

    $ podman build -t localhost/selinux2 . --no-cache
    STEP 2/2: RUN semodule -B
    libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link).
    semodule:  Failed!
    Error: error building at STEP "RUN semodule -B": error while running runtime: exit status 1





Additional info:
Comment 1 Petr Lautrbach 2022-03-24 12:39:19 UTC 
https://lore.kernel.org/selinux/20220324120034.1570408-1-plautrba@redhat.com/T/#u
Comment 11 Joseph Marrero 2022-05-03 16:38:30 UTC 
Tested using dockerfiles as the example above but using quay.io/centos/centos:stream9 as base and installed the new libsemanage-3.3-3 and python3-libsemanage-3.3-3 and the fix works as expected. Thank you!
Comment 13 errata-xmlrpc 2022-11-15 11:15:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libsemanage bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8293