Hide Forgot
+++ This bug was initially created as a clone of Bug #1388616 +++ Description of problem: I'm seeing the following warning/error while installing docker: ########## Installing : policycoreutils-python-2.5-8.el7.x86_64 11/15 Installing : docker-selinux-1.10.3-46.el7.14.x86_64 12/15 Re-declaration of boolean virt_sandbox_use_fusefs Failed to create node Bad boolean declaration at /etc/selinux/targeted/tmp/modules/100/virt/cil:159 /usr/sbin/semodule: Failed! libsemanage.semanage_direct_install_info: Overriding docker module at lower priority 100 with module at priority 400. Installing : docker-common-1.10.3-46.el7.14.x86_64 13/15 ########## Version-Release number of selected component (if applicable): docker-selinux-1.10.3-46.el7.14.x86_64 docker-1.10.3-46.el7.14.x86_64 selinux-policy-3.13.1-102.el7.noarch How reproducible: Always Steps to Reproduce: 1. Install RHEL 7.3 RC build 2. Subscribe to the relevant repos 3. #yum install docker Actual results: Expected results: Additional info: --- Additional comment from Red Hat Bugzilla Rules Engine on 2016-10-25 14:45:21 EDT --- This bug is automatically being proposed for the current release of Red Hat Gluster Storage 3 under active development, by setting the release flag 'rhgs‑3.2.0' to '?'. If this bug should be proposed for a different release, please manually change the proposed release flag.
This should be fixed in docker-selinux package, right?
(In reply to Milos Malik from comment #1) > This should be fixed in docker-selinux package, right? Yea, looks like. Is that handled by a different team? If so, please feel free to re-assign this BZ to the appropriate team or let me know to whom it should be assigned to.
Yes, docker policy is shipped by docker team.
Lokesh I thought we were shipping a later version of docker and docker-selinux with a fix for this. Is this a problem with the release?
7.2.7 had 1.10.3-46, 7.3.0 has 1.10.3-57
This works for me with the latest docker-selinux build. Hence closing this BZ.
Yes this is an ordering problem. container-selinux disables docker.pp when it installs. This looks like you had a previous bad container-selinux installed. Older versions of container SELinux would remove the docker.pp file, which would just get installed on the next selinux-policy update. The latest container-selinux should disable docker.pp and replace it with container.pp. Then if a new update of selinux-policy comes along with docker.pp, it will get installed but still be disabled, preventing this issue. You can verify this by looking at # semanage module --list -C You can also reinstall selinux-policy dnf -y reinstall selinux-policy-targeted And see that it does not complain about docker module. Bottom line, I think this is fixed and on a fresh install it should not happen. If this is not true then this is a bug.