Bug 2071939

Summary: container runtimes not starting due to selinux
Product: [Fedora] Fedora Reporter: Simon Putt <lemonzest>
Component: container-selinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 36CC: amurdaca, dwalsh, dweomer5, jchaloup, lsm5, pehunt, rh.container.bot
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-05 14:29:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
restorecon -Rvn /
none
restorecon -Rv /
none
sudo dnf reinstall container-selinux none

Description Simon Putt 2022-04-05 09:31:55 UTC 
Created attachment 1870820 [details]
restorecon -Rvn /

Description of problem:

Container runtimes such as lxc/lxc/moby-engine/podman are not starting due to not being labeled by selinux, I think so not sure it might be this package

Version-Release number of selected component (if applicable):

container-selinux-2.181.0-1.fc36.noarch

How reproducible:

Always

Steps to Reproduce:
1. Upgrade from Fedora 35 to 36 Beta
2. Reboot and container runtimes do not start due to being denied because not labeled correctly
3.

Actual results:

Containers not being able to start their services

Expected results:

To be able to use lxc/lxd/docker/podman
Additional info:

Fedora 36 Beta/Workstation Edition

also this might be a part of the issue

https://bugzilla.redhat.com/show_bug.cgi?id=2069102
Comment 1 Simon Putt 2022-04-05 09:32:35 UTC 
Created attachment 1870821 [details]
restorecon -Rv /
Comment 2 Simon Putt 2022-04-05 09:35:57 UTC 
Created attachment 1870822 [details]
sudo dnf reinstall container-selinux
Comment 3 Simon Putt 2022-04-05 10:09:29 UTC 
[    9.756776] SELinux:  Context system_u:object_r:container_unit_file_t:s0 is not valid (left unmapped).
[   33.125507] SELinux:  Context system_u:object_r:container_var_lib_t:s0 is not valid (left unmapped).
[   33.213093] SELinux:  Context system_u:object_r:container_runtime_exec_t:s0 is not valid (left unmapped).
[   33.439133] SELinux:  Context system_u:object_r:tabrmd_exec_t:s0 is not valid (left unmapped).
[  161.776462] SELinux:  Context system_u:object_r:flatpak_helper_exec_t:s0 is not valid (left unmapped).
[  161.945236] SELinux:  Context system_u:object_r:vnc_session_exec_t:s0 is not valid (left unmapped).
[  194.716357] SELinux:  Context system_u:object_r:container_log_t:s0 is not valid (left unmapped).
[  287.313712] SELinux:  Context unconfined_u:object_r:vnc_home_t:s0 is not valid (left unmapped).
[ 1518.845746] SELinux:  Context system_u:object_r:conmon_exec_t:s0 is not valid (left unmapped).
[ 1518.849016] SELinux:  Context system_u:object_r:swtpm_exec_t:s0 is not valid (left unmapped).
[ 1518.850845] SELinux:  Context system_u:object_r:osbuild_exec_t:s0 is not valid (left unmapped).
[ 1584.971276] SELinux:  Context system_u:object_r:container_config_t:s0 is not valid (left unmapped).
Comment 4 Daniel Walsh 2022-04-05 14:29:17 UTC 

*** This bug has been marked as a duplicate of bug 2070764 ***