Description of problem:
With the changes to selinux (docker-selinux -> container-selinux), and other recent changes, some packages that are installed with a yum update still break the cluster.
The following packages seem to cause the issue:
As soon as these were applied to the cluster, it went down because docker lost all of its SElinux labeling. By running:
yum reinstall -y container-selinux; systemctl restart docker; systemctl restart atomic-openshift-node
The labels were restored.
I have marked this bug for the Installer in order to exclude the packages that break using atomic-openshift-excluder as the selinux issues should be fixed in bugs:
I'm closing this NOTABUG because it should always be safe to update to the latest selinux-policy and container-selinux and there are bugs open to address problems there. If the docker team decides that we need to exclude selinux-policy and container-selinux from updates we'll revisit this but I think that's an exceptionally risky proposition.
*** This bug has been marked as a duplicate of bug 1411316 ***