Description of problem: on runnning podman command Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.4-42.fc31.noarch selinux-policy-3.14.4-42.fc31.noarch podman-1.6.2-2.fc31.x86_64 How reproducible: Always Steps to Reproduce: 1. run a container in podman 2. 3. Actual results: Error Expected results: run as always Additional info: sudo dnf downgrade podman Running transaction Preparing : Running scriptlet: podman-2:1.6.1-5.fc31.x86_64 Downgrading : podman-2:1.6.1-5.fc31.x86_64 error: lsetfilecon: (/usr/bin/podman;5dd922c9, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package podman-2:1.6.1-5.fc31.x86_64 Verifying : podman-2:1.6.1-5.fc31.x86_64 1/2 Verifying : podman-2:1.6.2-2.fc31.x86_64 2/2 Failed: podman-2:1.6.1-5.fc31.x86_64 podman-2:1.6.2-2.fc31.x86_64 I also downgrade selinux without success
Is container-selinux installed?
yes it does container-selinux-2.119.0-2.fc31.noarch Regards.,
Please reinstall it, I think something went wrong when it was installed. dnf reinstall container-selinux
Running transaction Preparing : 1/1 Reinstalling : container-selinux-2:2.119.0-2.fc31.noarch 1/2 Running scriptlet: container-selinux-2:2.119.0-2.fc31.noarch 1/2 Conflicting name type transition rules Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1786 Failed to generate binary /usr/sbin/semodule: Failed! /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:container_var_lib_t:s0 Cleanup : container-selinux-2:2.119.0-2.fc31.noarch 2/2 Running scriptlet: container-selinux-2:2.119.0-2.fc31.noarch 2/2 Verifying : container-selinux-2:2.119.0-2.fc31.noarch 1/2 Verifying : container-selinux-2:2.119.0-2.fc31.noarch 2/2 Reinstalled: container-selinux-2:2.119.0-2.fc31.noarch Complete! Running podman again same result.... Regards.,
as a Addiotnal info I updated from Updating-testing repo: Last metadata expiration check: 0:00:36 ago on Sun Nov 24 13:30:42 2019. Installed package selinux-policy-3.14.4-42.fc31.noarch (from updates-testing) not available. Installed package selinux-policy-targeted-3.14.4-42.fc31.noarch (from updates-testing) not available. Error: No packages marked for reinstall. Downgrade --> SELinux Running transaction Running scriptlet: selinux-policy-targeted-3.14.4-40.fc31.noarch 1/1 Preparing : 1/1 Downgrading : selinux-policy-3.14.4-40.fc31.noarch 1/4 Running scriptlet: selinux-policy-3.14.4-40.fc31.noarch 1/4 Conflicting name type transition rules Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1786 Failed to generate binary semodule: Failed! Running scriptlet: selinux-policy-targeted-3.14.4-40.fc31.noarch 2/4 Downgrading : selinux-policy-targeted-3.14.4-40.fc31.noarch 2/4 Running scriptlet: selinux-policy-targeted-3.14.4-40.fc31.noarch 2/4 Cleanup : selinux-policy-targeted-3.14.4-42.fc31.noarch 3/4 Running scriptlet: selinux-policy-targeted-3.14.4-42.fc31.noarch 3/4 Cleanup : selinux-policy-3.14.4-42.fc31.noarch 4/4 Running scriptlet: selinux-policy-3.14.4-42.fc31.noarch 4/4 Running scriptlet: selinux-policy-targeted-3.14.4-40.fc31.noarch 4/4 Running scriptlet: selinux-policy-3.14.4-42.fc31.noarch 4/4 Verifying : selinux-policy-3.14.4-40.fc31.noarch 1/4 Verifying : selinux-policy-3.14.4-42.fc31.noarch 2/4 Verifying : selinux-policy-targeted-3.14.4-40.fc31.noarch 3/4 Verifying : selinux-policy-targeted-3.14.4-42.fc31.noarch 4/4 Downgraded: selinux-policy-3.14.4-40.fc31.noarch selinux-policy-targeted-3.14.4-40.fc31.noarch Downgrade --> container-SELinux Running transaction Preparing : 1/1 Downgrading : container-selinux-2:2.117.0-1.gitbfde70a.fc31.noarch 1/2 Running scriptlet: container-selinux-2:2.117.0-1.gitbfde70a.fc31.noarch 1/2 Cleanup : container-selinux-2:2.119.0-2.fc31.noarch 2/2 Running scriptlet: container-selinux-2:2.119.0-2.fc31.noarch 2/2 Verifying : container-selinux-2:2.117.0-1.gitbfde70a.fc31.noarch 1/2 Verifying : container-selinux-2:2.119.0-2.fc31.noarch 2/2 Downgraded: container-selinux-2:2.117.0-1.gitbfde70a.fc31.noarch This Workaround, do the job: downgrade selinux from update-testing and downgrade container-selinux Regards.,
I had to use Héctor's downgrade/workaround yesterday in order to install podman OR docker/moby (from the F31 repositories) OR docker-ce (from the Docker repository) -- all of which refused to install until I did so. I could install them with setenforce=0, but the services would not start. Unfortunately I didn't keep comprehensive records of the errors I was experiencing, but here are some excerpts I saved so I could research the problem (which led me here): Upgrading : containers-common-1:0.1.40-4.fc31.x86_64 error: lsetfilecon: (/var/lib/containers/sigstore, system_u:object_r:container_var_lib_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed and Error unpacking rpm package containerd.io-1.2.10-3.2.fc31.x86_64 Installing : docker-ce-3:19.03.5-3.fc31.x86_64 error: unpacking of archive failed on file /usr/bin/containerd;5ddb280e: cpio: (error 0x2) error: containerd.io-1.2.10-3.2.fc31.x86_64: install failed error: lsetfilecon: (/usr/bin/docker-init;5ddb280e, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Downgrading the two selinux packages just as Héctor described allowed them to install. I downgraded: selinux-policy FROM 3.14.4-42.fc31.noarch TO 3.14.4-40.fc31.noarch and container-selinux FROM 2:2.119.0-2.fc31.noarch TO 2:2.117.0-1.gitbfde70a.fc31.noarch I'm not sure if either or both were necessary.
Downgrading the selinux packages (from the comment above) solved the problem, and subsequent upgrades have not caused it to recur. My problem is solved and I would recommend closure unless this still affects some people.
I've just hit this issue with the updated from Fedora 31 to 32 Beta: $ sudo dnf reinstall container-selinux [...] Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: container-selinux-2:2.125.0-1.fc32.noarch 1/2 Reinstalling : container-selinux-2:2.125.0-1.fc32.noarch 1/2 Running scriptlet: container-selinux-2:2.125.0-1.fc32.noarch 1/2 Failed to resolve permission name_connect Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:74 /usr/sbin/semodule: Failed! /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:container_var_lib_t:s0 Failed to resolve permission name_connect Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:74 semodule: Failed! Running scriptlet: container-selinux-2:2.125.0-1.fc32.noarch 2/2 Failed to resolve permission name_connect Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:74 semodule: Failed! Cleanup : container-selinux-2:2.125.0-1.fc32.noarch 2/2 Running scriptlet: container-selinux-2:2.125.0-1.fc32.noarch 2/2 Verifying : container-selinux-2:2.125.0-1.fc32.noarch 1/2 Verifying : container-selinux-2:2.125.0-1.fc32.noarch 2/2 Reinstalled: container-selinux-2:2.125.0-1.fc32.noarch Complete! $ sudo dnf install podman flatpak [...] 3.6 MB/s | 17 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : runc-2:1.0.0-144.dev.gite6555cc.fc32.x86_64 1/4 error: lsetfilecon: (/usr/bin/runc;5e762ad3, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package runc-2:1.0.0-144.dev.gite6555cc.fc32.x86_64 Installing : crun-0.13-1.fc32.x86_64 2/4 error: unpacking of archive failed on file /usr/bin/runc;5e762ad3: cpio: (error 0x2) error: runc-2:1.0.0-144.dev.gite6555cc.fc32.x86_64: install failed error: lsetfilecon: (/usr/bin/crun;5e762ad3, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package crun-0.13-1.fc32.x86_64 Installing : podman-2:1.8.2-2.fc32.x86_64 3/4 error: unpacking of archive failed on file /usr/bin/crun;5e762ad3: cpio: (error 0x2) error: crun-0.13-1.fc32.x86_64: install failed error: lsetfilecon: (/usr/bin/podman;5e762ad3, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package podman-2:1.8.2-2.fc32.x86_64 Running scriptlet: flatpak-1.6.2-1.fc32.x86_64 4/4 error: unpacking of archive failed on file /usr/bin/podman;5e762ad3: cpio: (error 0x2) error: podman-2:1.8.2-2.fc32.x86_64: install failed Installing : flatpak-1.6.2-1.fc32.x86_64 4/4 error: lsetfilecon: (/usr/libexec/flatpak-system-helper;5e762ad3, system_u:object_r:flatpak_helper_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package flatpak-1.6.2-1.fc32.x86_64 Verifying : crun-0.13-1.fc32.x86_64 1/4 Verifying : podman-2:1.8.2-2.fc32.x86_64 2/4 Verifying : flatpak-1.6.2-1.fc32.x86_64 3/4 Verifying : runc-2:1.0.0-144.dev.gite6555cc.fc32.x86_64 4/4 Failed: crun-0.13-1.fc32.x86_64 flatpak-1.6.2-1.fc32.x86_64 podman-2:1.8.2-2.fc32.x86_64 runc-2:1.0.0-144.dev.gite6555cc.fc32.x86_64 Error: Transaction failed
Not sure what is going on here. Could you retry the install dnf -y reinstall container-selinux
I've just encountered this on a F35 box too. Just one of them - the others are fine. I tried reinstalling container-selinux, selinux-policy*, and policycoreutils repeatedly and even upgrading to rawhide's container-selinux-2.173.1 (didn't help). Finally I downgraded but container-selinux wasn't enough. Also needed to downgrade setlinux-policy and deps. Finally able to start docker.socket and podman again. Weird temporary fix... $ sudo dnf downgrade selinux-policy Last metadata expiration check: 0:05:38 ago on Thu 20 Jan 2022 03:49:26 PM GMT. Dependencies resolved. Problem: problem with installed package selinux-policy-devel-35.10-1.fc35.noarch - package selinux-policy-devel-35.10-1.fc35.noarch requires selinux-policy = 35.10-1.fc35, but none of the providers can be installed - package selinux-policy-devel-35.10-1.fc36.noarch requires selinux-policy = 35.10-1.fc36, but none of the providers can be installed - package selinux-policy-devel-35.3-1.20211019git94970fc.fc35.noarch requires selinux-policy = 35.3-1.20211019git94970fc.fc35, but none of the providers can be installed - cannot install both selinux-policy-35.9-1.fc35.noarch and selinux-policy-35.10-1.fc35.noarch - cannot install both selinux-policy-35.9-1.fc35.noarch and selinux-policy-35.10-1.fc36.noarch - cannot install both selinux-policy-35.9-1.fc35.noarch and selinux-policy-35.3-1.20211019git94970fc.fc35.noarch - cannot install both selinux-policy-35.3-1.20211019git94970fc.fc35.noarch and selinux-policy-35.9-1.fc35.noarch - cannot install both selinux-policy-35.10-1.fc35.noarch and selinux-policy-35.9-1.fc35.noarch - cannot install the best candidate for the job ============================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================== Downgrading: cockpit-ws x86_64 256-1.fc34 _dnf_local 1.3 M flatpak x86_64 1.12.1-1.fc35 _dnf_local 1.5 M flatpak-selinux noarch 1.12.1-1.fc35 _dnf_local 22 k flatpak-session-helper x86_64 1.12.1-1.fc35 _dnf_local 44 k osbuild noarch 40-1.fc35 _dnf_local 99 k osbuild-composer x86_64 38-1.fc35 _dnf_local 36 k osbuild-composer-core x86_64 38-1.fc35 _dnf_local 5.4 M osbuild-composer-dnf-json x86_64 38-1.fc35 _dnf_local 29 k osbuild-composer-worker x86_64 38-1.fc35 _dnf_local 8.1 M osbuild-ostree noarch 40-1.fc35 _dnf_local 25 k osbuild-selinux noarch 40-1.fc35 _dnf_local 27 k python3-osbuild noarch 40-1.fc35 _dnf_local 141 k selinux-policy noarch 35.3-1.20211019git94970fc.fc35 _dnf_local 72 k selinux-policy-devel noarch 35.3-1.20211019git94970fc.fc35 _dnf_local 815 k selinux-policy-targeted noarch 35.3-1.20211019git94970fc.fc35 _dnf_local 6.3 M swtpm x86_64 0.6.0-3.20210607gitea627b3.fc35 _dnf_local 40 k swtpm-libs x86_64 0.6.0-3.20210607gitea627b3.fc35 _dnf_local 44 k swtpm-tools x86_64 0.6.0-3.20210607gitea627b3.fc35 _dnf_local 112 k Skipping packages with conflicts: (add '--best --allowerasing' to command line to force their upgrade): selinux-policy noarch 35.9-1.fc35 _dnf_local 69 k selinux-policy noarch 35.10-1.fc36 _dnf_local 69 k Skipping packages with broken dependencies: selinux-policy-devel noarch 35.10-1.fc36 _dnf_local 814 k Transaction Summary ============================================================================================================================================== Downgrade 18 Packages Skip 3 Packages
Ah I see the failing box also had updates-testing enabled, where the fine box did not. Seems there's trouble in updates.
This just happened on my CentOS Stream 9 box a couple of days ago, an update took down Podman and all my containers. The solution, per John Boero's post, was to run: sudo dnf downgrade selinux-policy Afterwards which I could get podman working again with: sudo dnf reinstall container-selinux sudo dnf reinstall podman Attempting to run updates again after that (see below) messed everything up again. It seems these selinux updates are taking down my system (manually updating only crun and podman went well): $ sudo dnf update Last metadata expiration check: 0:00:40 ago on Mon 07 Feb 2022 09:51:42 GMT. Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Upgrading: cockpit-ws x86_64 261-1.el9 baseos 1.3 M crun x86_64 1.4.2-1.el9 appstream 184 k flatpak x86_64 1.10.7-1.el9 appstream 1.7 M flatpak-selinux noarch 1.10.7-1.el9 appstream 22 k podman x86_64 2:3.4.5-0.7.el9 appstream 12 M podman-docker noarch 2:3.4.5-0.7.el9 appstream 37 k selinux-policy noarch 34.1.22-1.el9 baseos 62 k selinux-policy-targeted noarch 34.1.22-1.el9 baseos 6.7 M Transaction Summary ============================================================================================================================================================================================================================================== Upgrade 8 Packages Total download size: 22 M Is this ok [y/N]: y Downloading Packages: (1/8): selinux-policy-34.1.22-1.el9.noarch.rpm 248 kB/s | 62 kB 00:00 (2/8): cockpit-ws-261-1.el9.x86_64.rpm 2.4 MB/s | 1.3 MB 00:00 (3/8): selinux-policy-targeted-34.1.22-1.el9.noarch.rpm 9.0 MB/s | 6.7 MB 00:00 (4/8): crun-1.4.2-1.el9.x86_64.rpm 303 kB/s | 184 kB 00:00 (5/8): flatpak-selinux-1.10.7-1.el9.noarch.rpm 150 kB/s | 22 kB 00:00 (6/8): podman-docker-3.4.5-0.7.el9.noarch.rpm 333 kB/s | 37 kB 00:00 (7/8): flatpak-1.10.7-1.el9.x86_64.rpm 2.6 MB/s | 1.7 MB 00:00 (8/8): podman-3.4.5-0.7.el9.x86_64.rpm 21 MB/s | 12 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 9.0 MB/s | 22 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: selinux-policy-targeted-34.1.22-1.el9.noarch 1/1 Preparing : 1/1 Upgrading : selinux-policy-34.1.22-1.el9.noarch 1/16 Running scriptlet: selinux-policy-34.1.22-1.el9.noarch 1/16 Running scriptlet: selinux-policy-targeted-34.1.22-1.el9.noarch 2/16 Upgrading : selinux-policy-targeted-34.1.22-1.el9.noarch 2/16 Running scriptlet: selinux-policy-targeted-34.1.22-1.el9.noarch 2/16 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:103 Failed to resolve AST /usr/sbin/semodule: Failed! Upgrading : flatpak-selinux-1.10.7-1.el9.noarch 3/16 Running scriptlet: flatpak-selinux-1.10.7-1.el9.noarch 3/16 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:103 Failed to resolve AST /usr/sbin/semodule: Failed! Upgrading : crun-1.4.2-1.el9.x86_64 4/16 error: lsetfilecon: (/usr/bin/crun;6200ec0d, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package crun-1.4.2-1.el9.x86_64 Upgrading : podman-2:3.4.5-0.7.el9.x86_64 5/16 error: unpacking of archive failed on file /usr/bin/crun;6200ec0d: cpio: (error 0x2) error: crun-1.4.2-1.el9.x86_64: install failed error: lsetfilecon: (/usr/bin/podman;6200ec0d, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package podman-2:3.4.5-0.7.el9.x86_64 Upgrading : podman-docker-2:3.4.5-0.7.el9.noarch 6/16 error: unpacking of archive failed on file /usr/bin/podman;6200ec0d: cpio: (error 0x2) error: podman-2:3.4.5-0.7.el9.x86_64: install failed error: lsetfilecon: (/usr/bin/docker;6200ec0d, system_u:object_r:container_runtime_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package podman-docker-2:3.4.5-0.7.el9.noarch Running scriptlet: flatpak-1.10.7-1.el9.x86_64 7/16 error: unpacking of archive failed on file /usr/bin/docker;6200ec0d: cpio: (error 0x2) error: podman-docker-2:3.4.5-0.7.el9.noarch: install failed Upgrading : flatpak-1.10.7-1.el9.x86_64 7/16 error: lsetfilecon: (/usr/libexec/flatpak-system-helper;6200ec0d, system_u:object_r:flatpak_helper_exec_t:s0) Invalid argument error: Plugin selinux: hook fsm_file_prepare failed Error unpacking rpm package flatpak-1.10.7-1.el9.x86_64 Running scriptlet: cockpit-ws-261-1.el9.x86_64 8/16 error: unpacking of archive failed on file /usr/libexec/flatpak-system-helper;6200ec0d: cpio: (error 0x2) error: flatpak-1.10.7-1.el9.x86_64: install failed Upgrading : cockpit-ws-261-1.el9.x86_64 8/16 Running scriptlet: cockpit-ws-261-1.el9.x86_64 8/16 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/pcpupstream/cil:103 Failed to resolve AST /usr/sbin/semodule: Failed! Cleanup : flatpak-selinux-1.10.5-1.el9.noarch 9/16 error: podman-docker-1:3.4.3-0.6.el9.noarch: erase skipped error: podman-1:3.4.3-0.6.el9.x86_64: erase skipped error: flatpak-1.10.5-1.el9.x86_64: erase skipped Running scriptlet: flatpak-selinux-1.10.5-1.el9.noarch 9/16 Running scriptlet: cockpit-ws-260-1.el9.x86_64 10/16 Cleanup : cockpit-ws-260-1.el9.x86_64 10/16 Running scriptlet: cockpit-ws-260-1.el9.x86_64 10/16 Cleanup : selinux-policy-34.1.20-1.el9.noarch 11/16 Running scriptlet: selinux-policy-34.1.20-1.el9.noarch 11/16 Cleanup : selinux-policy-targeted-34.1.20-1.el9.noarch 12/16 Running scriptlet: selinux-policy-targeted-34.1.20-1.el9.noarch 12/16 Running scriptlet: selinux-policy-targeted-34.1.22-1.el9.noarch 12/16 error: crun-1.4-1.el9.x86_64: erase skipped Running scriptlet: selinux-policy-targeted-34.1.20-1.el9.noarch 12/16 Job for cockpit.service failed because the control process exited with error code. See "systemctl status cockpit.service" and "journalctl -xeu cockpit.service" for details. Verifying : cockpit-ws-261-1.el9.x86_64 1/16 Verifying : cockpit-ws-260-1.el9.x86_64 2/16 Verifying : selinux-policy-34.1.22-1.el9.noarch 3/16 Verifying : selinux-policy-34.1.20-1.el9.noarch 4/16 Verifying : selinux-policy-targeted-34.1.22-1.el9.noarch 5/16 Verifying : selinux-policy-targeted-34.1.20-1.el9.noarch 6/16 Verifying : crun-1.4.2-1.el9.x86_64 7/16 Verifying : crun-1.4-1.el9.x86_64 8/16 Verifying : flatpak-1.10.7-1.el9.x86_64 9/16 Verifying : flatpak-1.10.5-1.el9.x86_64 10/16 Verifying : flatpak-selinux-1.10.7-1.el9.noarch 11/16 Verifying : flatpak-selinux-1.10.5-1.el9.noarch 12/16 Verifying : podman-2:3.4.5-0.7.el9.x86_64 13/16 Verifying : podman-1:3.4.3-0.6.el9.x86_64 14/16 Verifying : podman-docker-2:3.4.5-0.7.el9.noarch 15/16 Verifying : podman-docker-1:3.4.3-0.6.el9.noarch 16/16 Upgraded: cockpit-ws-261-1.el9.x86_64 flatpak-selinux-1.10.7-1.el9.noarch selinux-policy-34.1.22-1.el9.noarch selinux-policy-targeted-34.1.22-1.el9.noarch Failed: crun-1.4-1.el9.x86_64 crun-1.4.2-1.el9.x86_64 flatpak-1.10.5-1.el9.x86_64 flatpak-1.10.7-1.el9.x86_64 podman-1:3.4.3-0.6.el9.x86_64 podman-2:3.4.5-0.7.el9.x86_64 podman-docker-1:3.4.3-0.6.el9.noarch podman-docker-2:3.4.5-0.7.el9.noarch Error: Transaction failed
Pálmar, For c9s bugs, see: https://wiki.centos.org/ReportBugs John, do you still see issues on f35? I notice a mix of f34, f35 and f36 packages in your dnf logs. Can you ensure you're not mixing packages for different fedora versions? Please open a new bug if issues still persist.
I've just run into this when upgrading from Fedora 35 to Fedora 36 Beta: https://bugzilla.redhat.com/show_bug.cgi?id=2071059
Reinstalling container-selinux fails with: ``` Running transaction Preparing : 1/1 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 1/2 Reinstalling : container-selinux-2:2.181.0-1.fc36.noarch 1/2 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 1/2 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/snappy/cil:305 Failed to resolve AST /usr/sbin/semodule: Failed! /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:container_var_lib_t:s0 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1263 Failed to resolve AST semodule: Failed! Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 2/2 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1263 Failed to resolve AST semodule: Failed! Cleanup : container-selinux-2:2.181.0-1.fc36.noarch 2/2 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 2/2 Verifying : container-selinux-2:2.181.0-1.fc36.noarch 1/2 Verifying : container-selinux-2:2.181.0-1.fc36.noarch 2/2 Reinstalled: container-selinux-2:2.181.0-1.fc36.noarch ```