Description of problem: The latest container-selinux still contains references to classes which will be removed in selinux-policy update in F36. The group update: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5bee6b70f did not contain the proper change. Note selinux-policy-35.17-1.fc35.noarch is needed. Version-Release number of selected component (if applicable): container-selinux-2.183.0-1.fc35.noarch How reproducible: always Steps to Reproduce: 1. Upgrade to F36 Actual results: Apr 27 07:20:10 fedora dnf[457]: Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1202 Expected results: No error reported. Additional info: Appears in journal only. # bunzip2 < /var/lib/selinux/targeted/active/modules/200/container/cil|cat -n|grep 1202 1202 (allow container_domain init_t (bridge_socket (ioctl read write getattr lock append accept getopt))) # bunzip2 < /var/lib/selinux/targeted/active/modules/200/container/cil| grep -e bridge_socket -e ib_socket -e mpls_socket (allow container_domain init_t (bridge_socket (ioctl read write getattr lock append accept getopt))) (allow container_domain init_t (ib_socket (ioctl read write getattr lock append accept getopt))) (allow container_domain init_t (mpls_socket (ioctl read write getattr lock append accept getopt))) ...
FEDORA-2022-3a9a2a4442 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3a9a2a4442
I can confirm the updated package does not contain the classes in question.
FEDORA-2022-3a9a2a4442 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-3a9a2a4442` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3a9a2a4442 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
(In reply to Zdenek Pytela from comment #2) > I can confirm the updated package does not contain the classes in question. Thanks for testing. Could you get some people to also add karma please?
Created attachment 1876433 [details] upgrade journal from F35 This is the upgrade journal when upgrading from F35 including container-selinux-2.183.0-3.fc35 to F36. The errors mentioned in bug 2056303 comment 83 seem to be gone, and I don't see any other errors. Looks good to me!
(In reply to Kamil Páral from comment #5) > Created attachment 1876433 [details] > upgrade journal from F35 > > This is the upgrade journal when upgrading from F35 including > container-selinux-2.183.0-3.fc35 to F36. The errors mentioned in bug 2056303 > comment 83 seem to be gone, and I don't see any other errors. Looks good to > me! I went through the attached journal snippet and did not spot any selinux-related problem.
FEDORA-2022-3a9a2a4442 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.