Bug 2277309 - Errors when upgrading to container-selinux-2:2.231.0-1.fc40.noarch
Summary: Errors when upgrading to container-selinux-2:2.231.0-1.fc40.noarch
Keywords:
Status: CLOSED DUPLICATE of bug 2277028
Alias: None
Product: Fedora
Classification: Fedora
Component: container-selinux
Version: 40
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-04-26 07:32 UTC by Kamil Páral
Modified: 2024-05-09 13:38 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-05-09 13:38:10 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
system journal during dnf offline upgrade (282.68 KB, text/plain)
2024-04-26 07:34 UTC, Kamil Páral
no flags Details

Description Kamil Páral 2024-04-26 07:32:56 UTC
Description of problem:
When upgrading to the latest container-selinux:

$ sudo dnf history info last | grep container-selinux
    Upgrade    container-selinux-2:2.231.0-1.fc40.noarch          @updates-testing
    Upgraded   container-selinux-2:2.230.0-1.fc40.noarch          @@System

I see these errors in the journal:
dub 26 09:22:11 hydra dnf-3[1573]:   Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch           99/198
dub 26 09:22:11 hydra dnf-3[1573]: Problems processing filecon rules
dub 26 09:22:11 hydra dnf-3[1573]: Failed post db handling
dub 26 09:22:11 hydra dnf-3[1573]: Post process failed
dub 26 09:22:11 hydra dnf-3[1573]: /usr/sbin/semodule:  Failed!

Here's a larger context:
dub 26 09:22:06 hydra dnf-3[1573]:   Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch           99/198
dub 26 09:22:06 hydra dnf-3[1573]:   Upgrading        : container-selinux-2:2.231.0-1.fc40.noarch           99/198
dub 26 09:22:11 hydra kernel: SELinux:  Converting 342 SID table entries...
dub 26 09:22:11 hydra kernel: SELinux:  policy capability network_peer_controls=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability open_perms=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability extended_socket_class=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability always_check_network=0
dub 26 09:22:11 hydra kernel: SELinux:  policy capability cgroup_seclabel=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability nnp_nosuid_transition=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability genfs_seclabel_symlinks=1
dub 26 09:22:11 hydra kernel: SELinux:  policy capability ioctl_skip_cloexec=0
dub 26 09:22:11 hydra kernel: SELinux:  policy capability userspace_initial_context=0
dub 26 09:22:11 hydra audit: MAC_POLICY_LOAD auid=4294967295 ses=4294967295 lsm=selinux res=1
dub 26 09:22:11 hydra audit[2086]: SYSCALL arch=c000003e syscall=1 success=yes exit=3815167 a0=4 a1=7f587b000000 a2=3a36ff a3=0 items=0 ppid=2079 pid=2086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/usr/sbin/load_policy" subj=system_u:system_r:load_policy_t:s0 key=(null)
dub 26 09:22:11 hydra kernel: audit: type=1403 audit(1714116131.683:67): auid=4294967295 ses=4294967295 lsm=selinux res=1
dub 26 09:22:11 hydra kernel: audit: type=1300 audit(1714116131.683:67): arch=c000003e syscall=1 success=yes exit=3815167 a0=4 a1=7f587b000000 a2=3a36ff a3=0 items=0 ppid=2079 pid=2086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/usr/sbin/load_policy" subj=system_u:system_r:load_policy_t:s0 key=(null)
dub 26 09:22:11 hydra kernel: audit: type=1327 audit(1714116131.683:67): proctitle="/usr/sbin/load_policy"
dub 26 09:22:11 hydra audit: PROCTITLE proctitle="/usr/sbin/load_policy"
dub 26 09:22:11 hydra dnf-3[1573]:   Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch           99/198
dub 26 09:22:11 hydra dnf-3[1573]: Problems processing filecon rules
dub 26 09:22:11 hydra dnf-3[1573]: Failed post db handling
dub 26 09:22:11 hydra dnf-3[1573]: Post process failed
dub 26 09:22:11 hydra dnf-3[1573]: /usr/sbin/semodule:  Failed!

This is during dnf offline update.

I don't know how to check whether container-selinux works fine or not, and whether these errors have any harmful effects or not. I'm simply reporting that I noticed them.


Version-Release number of selected component (if applicable):
container-selinux-2:2.231.0-1.fc40.noarch

How reproducible:
don't know, performed once

Steps to Reproduce:
1. have container-selinux-2:2.230.0-1.fc40.noarch
2. upgrade to container-selinux-2:2.231.0-1.fc40.noarch

Additional info:
This is a fairly standard Workstation installation, I have no custom SELinux rules or anything.

Comment 1 Kamil Páral 2024-04-26 07:34:08 UTC
Created attachment 2029331 [details]
system journal during dnf offline upgrade

Comment 2 Simon Putt 2024-04-28 08:06:17 UTC
  Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch                                                               41/104 
Problems processing filecon rules
Failed post db handling
Post process failed
/usr/sbin/semodule:  Failed!


Same issue here

Comment 3 Lokesh Mandvekar 2024-05-07 18:13:50 UTC
dup of https://bugzilla.redhat.com/show_bug.cgi?id=2277028 ?

Kamil, could you please try with the selinux-policy update mentioned in that bz ?

Comment 4 Kamil Páral 2024-05-09 13:38:10 UTC

*** This bug has been marked as a duplicate of bug 2277028 ***


Note You need to log in before you can comment on or make changes to this bug.