To reproduce, build any tier for rawhide from the base-images repo (https://gitlab.com/fedora/bootc/base-images). E.g.: ``` $ podman build --security-opt=label=disable --cap-add=all --device /dev/fuse -t quay.io/jlebon/fedora-bootc:tier-x . --build-arg MANIFEST=fedora-tier-x.yaml --from quay.io/fedora/fedora:rawhide ... passt-selinux.post: Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas/lang_ext: Operation not supported passt-selinux.post: Could not set context for /etc/selinux/targeted/tmp/modules/100/rtas: Operation not supported passt-selinux.post: Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/cil: Operation not supported passt-selinux.post: Could not set context for /etc/selinux/targeted/tmp/modules/100/rtkit/hll: Operation not supported ... Could not set context for /etc/selinux/targeted/tmp/commit_num: Operation not supported Could not set context for /etc/selinux/targeted/tmp/file_contexts: Operation not supported Could not set context for /etc/selinux/targeted/tmp/file_contexts.homedirs: Operation not supported ``` https://src.fedoraproject.org/rpms/selinux-policy/pull-request/480 fixed it for selinux-policy-targeted itself, but basically any package that installs SELinux modules would need to do the same change. As well, recompiling the policy (like rpm-ostree does during the compose) triggers the warnings. Which I think overall argues for fixing the tooling itself to not warn. See also https://gitlab.com/fedora/bootc/tracker/-/issues/45 Reproducible: Always
Also, squashing stderr entirely means that meaningful errors can no longer be seen during the compose.
Relevant upstream link - https://lore.kernel.org/selinux/CAEjxPJ4bQZeZzLGdk0HPFPkm4uob7oHB7sygyXQo2km9BAK5Xg@mail.gmail.com/
https://bodhi.fedoraproject.org/updates/FEDORA-2024-8d3c6746d3