Bug 2071939 - container runtimes not starting due to selinux
Summary: container runtimes not starting due to selinux
Keywords:
Status: CLOSED DUPLICATE of bug 2070764
Alias: None
Product: Fedora
Classification: Fedora
Component: container-selinux
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-05 09:31 UTC by Simon Putt
Modified: 2022-04-05 14:29 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-05 14:29:17 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
restorecon -Rvn / (69.33 KB, text/plain)
2022-04-05 09:31 UTC, Simon Putt
no flags Details
restorecon -Rv / (50.20 KB, text/plain)
2022-04-05 09:32 UTC, Simon Putt
no flags Details
sudo dnf reinstall container-selinux (2.75 KB, text/plain)
2022-04-05 09:35 UTC, Simon Putt
no flags Details

Description Simon Putt 2022-04-05 09:31:55 UTC
Created attachment 1870820 [details]
restorecon -Rvn /

Description of problem:

Container runtimes such as lxc/lxc/moby-engine/podman are not starting due to not being labeled by selinux, I think so not sure it might be this package

Version-Release number of selected component (if applicable):

container-selinux-2.181.0-1.fc36.noarch

How reproducible:

Always

Steps to Reproduce:
1. Upgrade from Fedora 35 to 36 Beta
2. Reboot and container runtimes do not start due to being denied because not labeled correctly
3.

Actual results:

Containers not being able to start their services

Expected results:

To be able to use lxc/lxd/docker/podman
Additional info:

Fedora 36 Beta/Workstation Edition

also this might be a part of the issue

https://bugzilla.redhat.com/show_bug.cgi?id=2069102

Comment 1 Simon Putt 2022-04-05 09:32:35 UTC
Created attachment 1870821 [details]
restorecon -Rv /

Comment 2 Simon Putt 2022-04-05 09:35:57 UTC
Created attachment 1870822 [details]
sudo dnf reinstall container-selinux

Comment 3 Simon Putt 2022-04-05 10:09:29 UTC
[    9.756776] SELinux:  Context system_u:object_r:container_unit_file_t:s0 is not valid (left unmapped).
[   33.125507] SELinux:  Context system_u:object_r:container_var_lib_t:s0 is not valid (left unmapped).
[   33.213093] SELinux:  Context system_u:object_r:container_runtime_exec_t:s0 is not valid (left unmapped).
[   33.439133] SELinux:  Context system_u:object_r:tabrmd_exec_t:s0 is not valid (left unmapped).
[  161.776462] SELinux:  Context system_u:object_r:flatpak_helper_exec_t:s0 is not valid (left unmapped).
[  161.945236] SELinux:  Context system_u:object_r:vnc_session_exec_t:s0 is not valid (left unmapped).
[  194.716357] SELinux:  Context system_u:object_r:container_log_t:s0 is not valid (left unmapped).
[  287.313712] SELinux:  Context unconfined_u:object_r:vnc_home_t:s0 is not valid (left unmapped).
[ 1518.845746] SELinux:  Context system_u:object_r:conmon_exec_t:s0 is not valid (left unmapped).
[ 1518.849016] SELinux:  Context system_u:object_r:swtpm_exec_t:s0 is not valid (left unmapped).
[ 1518.850845] SELinux:  Context system_u:object_r:osbuild_exec_t:s0 is not valid (left unmapped).
[ 1584.971276] SELinux:  Context system_u:object_r:container_config_t:s0 is not valid (left unmapped).

Comment 4 Daniel Walsh 2022-04-05 14:29:17 UTC

*** This bug has been marked as a duplicate of bug 2070764 ***


Note You need to log in before you can comment on or make changes to this bug.