Hide Forgot
On upgrading to this version: Upgrading : selinux-policy-targeted-3.13.1-180.fc25.noarch 32/84 neverallow check failed at line 8831 of /var/lib/selinux/targeted/tmp/modules/100/base/cil (neverallow base_typeattr_12 unlabeled_t (file (entrypoint))) <root> allow at line 545 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil (allow spc_t unlabeled_t (file (entrypoint))) <root> allow at line 828 of /var/lib/selinux/targeted/tmp/modules/100/sandboxX/cil (allow sandbox_x_domain exec_type (file (entrypoint))) <root> allow at line 1591 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil (allow virtd_lxc_t exec_type (file (entrypoint))) <root> allow at line 1968 of /var/lib/selinux/targeted/tmp/modules/100/virt/cil (allow svirt_sandbox_domain exec_type (file (entrypoint))) Failed to generate binary /usr/sbin/semodule: Failed!
This problem is caused because you have also docker-selinux package on your system. Policy in this package contains some rules which we don't want to allow. This semanage failure is right behaviour. While docker policy is broken, you can use following workround: In /etc/selinux/semanage.conf file, change expand-check=1 option to expand-check=0. Moving to docker component.
Should work fine in Rawhide now.