Bug 2070702
| Summary: | dnf fails to upgrade packages due to SELinux | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matti Linnanvuori <mattilinnanvuori> |
| Component: | dnf | Assignee: | rpm-software-management |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 36 | CC: | daniel.mach, jmracek, jrohel, mblaha, mhatina, packaging-team-maint, pkratoch, rpm-software-management, vmukhame |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-04-05 07:33:42 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 2056303 *** |
Description of problem: dnf fails to upgrade packages Version-Release number of selected component (if applicable): 4.11.1-1 How reproducible: always Steps to Reproduce: 1. Run dnf upgrade Actual results: dnf fails to upgrade packages. Expected results: dnf succeeds in upgrading packages. Additional info: Running transaction Preparing : 1/1 Upgrading : crun-1.4.4-1.fc36.x86_64 1/16 error: lsetfilecon: (/usr/bin/crun;6245dc11, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package crun-1.4.4-1.fc36.x86_64 Upgrading : containers-common-4:1-53.fc36.noarch 2/16 error: unpacking of archive failed on file /usr/bin/crun;6245dc11: cpio: (error 0x2) error: crun-1.4.4-1.fc36.x86_64: install failed error: lsetfilecon: (/var/lib/containers/sigstore, system_u:object_r:container_var_lib_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package containers-common-4:1-53.fc36.noarch Upgrading : conmon-2:2.1.0-2.fc36.x86_64 3/16 error: unpacking of archive failed on file /var/lib/containers/sigstore: cpio: (error 0x2) error: containers-common-4:1-53.fc36.noarch: install failed error: lsetfilecon: (/usr/bin/conmon;6245dc11, system_u:object_r:conmon_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package conmon-2:2.1.0-2.fc36.x86_64 Upgrading : podman-3:4.0.2-1.fc36.x86_64 4/16 error: unpacking of archive failed on file /usr/bin/conmon;6245dc11: cpio: (error 0x2) error: conmon-2:2.1.0-2.fc36.x86_64: install failed error: lsetfilecon: (/usr/bin/podman;6245dc11, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package podman-3:4.0.2-1.fc36.x86_64 Upgrading : openssl1.1-1:1.1.1n-1.fc36.x86_64 5/16 error: unpacking of archive failed on file /usr/bin/podman;6245dc11: cpio: (error 0x2) error: podman-3:4.0.2-1.fc36.x86_64: install failed Upgrading : swtpm-0.7.2-1.20220307git21c90c1.fc36.x86_64 6/16 error: lsetfilecon: (/usr/bin/swtpm;6245dc11, system_u:object_r:swtpm_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package swtpm-0.7.2-1.20220307git21c90c1.fc36.x86_64 Upgrading : snapd-2.54.4-1.fc36.x86_64 7/16 error: unpacking of archive failed on file /usr/bin/swtpm;6245dc11: cpio: (error 0x2) error: swtpm-0.7.2-1.20220307git21c90c1.fc36.x86_64: install failed error: lsetfilecon: (/etc/sysconfig/snapd;6245dc11, system_u:object_r:snappy_config_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package snapd-2.54.4-1.fc36.x86_64 Running scriptlet: flatpak-1.12.7-1.fc36.x86_64 8/16 error: unpacking of archive failed on file /etc/sysconfig/snapd;6245dc11: cpio: (error 0x2) error: snapd-2.54.4-1.fc36.x86_64: install failed Upgrading : flatpak-1.12.7-1.fc36.x86_64 8/16 error: lsetfilecon: (/usr/libexec/flatpak-system-helper;6245dc11, system_u:object_r:flatpak_helper_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package flatpak-1.12.7-1.fc36.x86_64 Cleanup : openssl1.1-1:1.1.1i-3.fc35.x86_64 9/16 error: unpacking of archive failed on file /usr/libexec/flatpak-system-helper;6245dc11: cpio: (error 0x2) error: flatpak-1.12.7-1.fc36.x86_64: install failed error: podman-3:3.4.4-1.fc35.x86_64: erase skipped error: containers-common-4:1-45.fc35.noarch: erase skipped error: crun-1.4.3-1.fc35.x86_64: erase skipped error: conmon-2:2.1.0-2.fc35.x86_64: erase skipped Running scriptlet: openssl1.1-1:1.1.1i-3.fc35.x86_64 9/16 error: swtpm-0.7.2-1.20220307git21c90c1.fc35.x86_64: erase skipped error: snapd-2.54.4-1.fc35.x86_64: erase skipped error: flatpak-1.12.7-1.fc35.x86_64: erase skipped Mar 31 19:51:31 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:31 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:container_runtime_exec_t:s0" Mar 31 19:51:31 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:31 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:container_var_lib_t:s0" Mar 31 19:51:31 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:31 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:conmon_exec_t:s0" Mar 31 19:51:32 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:32 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:container_runtime_exec_t:s0" Mar 31 19:51:33 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:33 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:swtpm_exec_t:s0" Mar 31 19:51:34 fedora dbus-broker-launch[1704]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 31 19:51:37 fedora kernel: SELinux: Context system_u:object_r:snappy_var_cache_t:s0 is not valid (left unmapped). Mar 31 19:51:37 fedora kernel: SELinux: Context system_u:object_r:snappy_var_t:s0 is not valid (left unmapped). Mar 31 19:51:34 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:34 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:snappy_config_t:s0" Mar 31 19:51:36 fedora audit[3714]: AVC avc: denied { mac_admin } for pid=3714 comm="dnf" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcl> Mar 31 19:51:36 fedora audit: SELINUX_ERR op=setxattr invalid_context="system_u:object_r:flatpak_helper_exec_t:s0"