Bug 1596409 - scriptlet failed on dnf upgrade: neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9013
Summary: scriptlet failed on dnf upgrade: neverallow check failed at /var/lib/selinux/...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: container-selinux
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lokesh Mandvekar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-28 21:21 UTC by Dimitris
Modified: 2018-07-04 12:12 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-07-04 12:12:13 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
debug log from the dnf install process. (10.93 KB, text/plain)
2018-06-29 19:41 UTC, Brian Naasz 		no flags Details
View All

Description Dimitris 2018-06-28 21:21:53 UTC 
Description of problem:

  Running scriptlet: container-selinux-2:2.65-1.gitbf5b26b.fc27.noarch                                                                                                                  17/34 
neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9013
  (neverallow base_typeattr_7 unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1489
      (allow spc_t unlabeled_t (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/sandboxX/cil:866
      (allow sandbox_x_domain exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:1671
      (allow virtd_lxc_t exec_type (file (entrypoint)))
    <root>
    allow at /var/lib/selinux/targeted/tmp/modules/100/virt/cil:2062
      (allow svirt_sandbox_domain exec_type (file (entrypoint)))

Failed to generate binary
/usr/sbin/semodule:  Failed!

Version-Release number of selected component (if applicable):

2:2.65-1.gitbf5b26b.fc27

How reproducible:

One time when I "dnf upgrade"d my F27 VM

Steps to Reproduce:
1. Ran "dnf --refresh upgrade"
2. Saw above error

Actual results:


Expected results:


Additional info:
Comment 1 Brian Naasz 2018-06-29 19:41:06 UTC 
Created attachment 1455570 [details]
debug log from the dnf install process.

generated by 'dnf reinstall -y --rpmverbosity=debug container-selinux'
Comment 2 Brian Naasz 2018-07-02 13:23:38 UTC 
Not an expert, but this looks to be covered in Bugzilla ticket #1595316.  The libsemanage-2.7-3 update looks to have silenced it for me.
Comment 3 Daniel Walsh 2018-07-04 12:12:13 UTC 
Yup.
Note You need to log in before you can comment on or make changes to this bug.