Bug 2371159
| Summary: | passt-selinux update scriplet fails | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | lemmingnr13 <lemmingnr13> |
| Component: | passt | Assignee: | Stefano Brivio <sbrivio> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 42 | CC: | dreua, dwalsh, lvrabec, mmalik, omosnacek, pkoncity, ppywlkiqletw, sbrivio, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | passt-0^20250611.g0293c6f-1.fc42 passt-0^20250611.g0293c6f-1.fc41 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-06-16 02:52:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
lemmingnr13
2025-06-09 13:16:06 UTC
Same here, thanks for already creating the issue. Additionally I got one for the the gvfs directory:
[On upgrade]
>>> Running post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch
>>> Finished post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch
>>> Scriptlet output:
>>> restorecon: Could not stat /run/user/1000/doc: Permission denied.
>>> restorecon: Could not stat /run/user/1000/gvfs: Permission denied.
>>>
Logged in on my regular account (1000) I can stat these but when I switch to root, indeed the stat fails and ls -l output shows some questionmarks:
[root@David-UB 1000]# stat doc
stat: cannot statx 'doc': Permission denied
[root@David-UB 1000]# stat gvfs
stat: cannot statx 'gvfs': Permission denied
[root@David-UB 1000]# ll
ls: cannot access 'doc': Permission denied
ls: cannot access 'gvfs': Permission denied
total 4
[...regular ls -l output ...]
d?????????? ? ? ? ? ? doc
[...]
d?????????? ? ? ? ? ? gvfs
[...]
[root@David-UB 1000]# mount | grep 1000
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=3259760k,nr_inodes=814940,mode=700,uid=1000,gid=1000,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
I'm curious on why that is, meaning a file(system) being not accessible by root unless you su to the correct user.
Thanks lemmingnr13 and David for reporting this! I haven't reproduced the issue yet, but I would suggest that you have a look at https://bodhi.fedoraproject.org/updates/FEDORA-2025-f454466bb6 and specifically https://bodhi.fedoraproject.org/updates/FEDORA-2025-f454466bb6#comment-4112179 meanwhile. I think what's missing here is a dependency on 'container-selinux'. Patches just posted upstream for review: https://archives.passt.top/passt-dev/20250610151130.3425150-1-sbrivio@redhat.com/ https://archives.passt.top/passt-dev/20250610151135.3425210-1-sbrivio@redhat.com/ (In reply to David Auer from comment #1) > Same here, thanks for already creating the issue. Additionally I got one for > the the gvfs directory: > > [On upgrade] > >>> Running post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch > >>> Finished post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch > >>> Scriptlet output: > >>> restorecon: Could not stat /run/user/1000/doc: Permission denied. > >>> restorecon: Could not stat /run/user/1000/gvfs: Permission denied. > >>> > These are special fuse file systems and have their own rules for permission. So it is normal you get these permission denials. FEDORA-2025-4072ac07d4 (passt-0^20250611.g0293c6f-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-4072ac07d4 FEDORA-2025-6b926450ac (passt-0^20250611.g0293c6f-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-6b926450ac FEDORA-2025-6b926450ac has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-6b926450ac` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-6b926450ac See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2025-4072ac07d4 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4072ac07d4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4072ac07d4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2025-6b926450ac (passt-0^20250611.g0293c6f-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2025-4072ac07d4 (passt-0^20250611.g0293c6f-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report. |