Description of problem: Something is causing these sorts of error messages during RPM updates, post upgrade to F36: Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/osbuild/cil:127 Failed to resolve AST /usr/sbin/semodule: Failed! /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:container_var_lib_t:s0 How reproducible: Always on the one system I'm seeing it. I have upgraded other systems to F36 without seeing this issue. Steps to Reproduce: 1. Upgrade to F36 under TBD specific circumstances 2. 3. Actual results: RPM transactions report varying levels of failure Expected results: RPM transactions fail Additional info: After I saw this, I attempted to dnf reinstall all -selinux packages and selinux-policy and selinux-policy-targeted. Then I did autorelabel, and when my machine came up again I couldn't login to it. So I recovered it and set selinux permissive until I can work out a better long-term fix. Version-Release number of selected component (if applicable): container-selinux-2:2.181.0-1.fc36.noarch
This is a known issue and it is caused by selinux-policy. Could you try to reinstall container-selinux.
I have tried reinstalling container-selinux repeatedly. I get this consistently: Dependencies resolved. ======================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================== Reinstalling: container-selinux noarch 2:2.181.0-1.fc36 imladris_f36_x86_64_release 49 k Transaction Summary ======================================================================================================================== Total download size: 49 k Installed size: 54 k Is this ok [y/N]: y Downloading Packages: container-selinux-2.181.0-1.fc36.noarch.rpm 342 kB/s | 49 kB 00:00 ------------------------------------------------------------------------------------------------------------------------ Total 333 kB/s | 49 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 1/2 Reinstalling : container-selinux-2:2.181.0-1.fc36.noarch 1/2 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 1/2 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/osbuild/cil:127 Failed to resolve AST /usr/sbin/semodule: Failed! /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:container_var_lib_t:s0 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1265 Failed to resolve AST semodule: Failed! Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 2/2 Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1265 Failed to resolve AST semodule: Failed! Cleanup : container-selinux-2:2.181.0-1.fc36.noarch 2/2 Running scriptlet: container-selinux-2:2.181.0-1.fc36.noarch 2/2 Verifying : container-selinux-2:2.181.0-1.fc36.noarch 1/2 Verifying : container-selinux-2:2.181.0-1.fc36.noarch 2/2 This version of container-selinux matches the version on other machines I have that seem to be working fine. The selinux-policy package is at the same level on both machines as well.
*** This bug has been marked as a duplicate of bug 2070764 ***