Description of problem: When upgrading to the latest container-selinux: $ sudo dnf history info last | grep container-selinux Upgrade container-selinux-2:2.231.0-1.fc40.noarch @updates-testing Upgraded container-selinux-2:2.230.0-1.fc40.noarch @@System I see these errors in the journal: dub 26 09:22:11 hydra dnf-3[1573]: Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch 99/198 dub 26 09:22:11 hydra dnf-3[1573]: Problems processing filecon rules dub 26 09:22:11 hydra dnf-3[1573]: Failed post db handling dub 26 09:22:11 hydra dnf-3[1573]: Post process failed dub 26 09:22:11 hydra dnf-3[1573]: /usr/sbin/semodule: Failed! Here's a larger context: dub 26 09:22:06 hydra dnf-3[1573]: Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch 99/198 dub 26 09:22:06 hydra dnf-3[1573]: Upgrading : container-selinux-2:2.231.0-1.fc40.noarch 99/198 dub 26 09:22:11 hydra kernel: SELinux: Converting 342 SID table entries... dub 26 09:22:11 hydra kernel: SELinux: policy capability network_peer_controls=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability open_perms=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability extended_socket_class=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability always_check_network=0 dub 26 09:22:11 hydra kernel: SELinux: policy capability cgroup_seclabel=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability nnp_nosuid_transition=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability genfs_seclabel_symlinks=1 dub 26 09:22:11 hydra kernel: SELinux: policy capability ioctl_skip_cloexec=0 dub 26 09:22:11 hydra kernel: SELinux: policy capability userspace_initial_context=0 dub 26 09:22:11 hydra audit: MAC_POLICY_LOAD auid=4294967295 ses=4294967295 lsm=selinux res=1 dub 26 09:22:11 hydra audit[2086]: SYSCALL arch=c000003e syscall=1 success=yes exit=3815167 a0=4 a1=7f587b000000 a2=3a36ff a3=0 items=0 ppid=2079 pid=2086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/usr/sbin/load_policy" subj=system_u:system_r:load_policy_t:s0 key=(null) dub 26 09:22:11 hydra kernel: audit: type=1403 audit(1714116131.683:67): auid=4294967295 ses=4294967295 lsm=selinux res=1 dub 26 09:22:11 hydra kernel: audit: type=1300 audit(1714116131.683:67): arch=c000003e syscall=1 success=yes exit=3815167 a0=4 a1=7f587b000000 a2=3a36ff a3=0 items=0 ppid=2079 pid=2086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/usr/sbin/load_policy" subj=system_u:system_r:load_policy_t:s0 key=(null) dub 26 09:22:11 hydra kernel: audit: type=1327 audit(1714116131.683:67): proctitle="/usr/sbin/load_policy" dub 26 09:22:11 hydra audit: PROCTITLE proctitle="/usr/sbin/load_policy" dub 26 09:22:11 hydra dnf-3[1573]: Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch 99/198 dub 26 09:22:11 hydra dnf-3[1573]: Problems processing filecon rules dub 26 09:22:11 hydra dnf-3[1573]: Failed post db handling dub 26 09:22:11 hydra dnf-3[1573]: Post process failed dub 26 09:22:11 hydra dnf-3[1573]: /usr/sbin/semodule: Failed! This is during dnf offline update. I don't know how to check whether container-selinux works fine or not, and whether these errors have any harmful effects or not. I'm simply reporting that I noticed them. Version-Release number of selected component (if applicable): container-selinux-2:2.231.0-1.fc40.noarch How reproducible: don't know, performed once Steps to Reproduce: 1. have container-selinux-2:2.230.0-1.fc40.noarch 2. upgrade to container-selinux-2:2.231.0-1.fc40.noarch Additional info: This is a fairly standard Workstation installation, I have no custom SELinux rules or anything.
Created attachment 2029331 [details] system journal during dnf offline upgrade
Running scriptlet: container-selinux-2:2.231.0-1.fc40.noarch 41/104 Problems processing filecon rules Failed post db handling Post process failed /usr/sbin/semodule: Failed! Same issue here
dup of https://bugzilla.redhat.com/show_bug.cgi?id=2277028 ? Kamil, could you please try with the selinux-policy update mentioned in that bz ?
*** This bug has been marked as a duplicate of bug 2277028 ***