Upgrading the system via dnf fails the passt-selinux package. Reinstalling the package does not help. Happens with Fedora 42 KDE, as well as Fedora 42 Sway Spin. 3/4] Reinstalling passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch 100% | 175.9 KiB/s | 290.6 KiB | 00m02s >>> Running post-install scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Finished post-install scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Scriptlet output: >>> Failed to resolve roleattributeset statement at /var/lib/selinux/targeted/tmp/modules/200/pasta/cil:16 >>> Failed to resolve AST >>> semodule: Failed! >>> [4/4] Removing passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch 100% | 14.0 B/s | 4.0 B | 00m00s >>> Running post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Finished post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Scriptlet output: >>> restorecon: Could not stat /run/user/1000/doc: Permission denied. >>> Complete! [lemming@number13 targeted]$ rpm -q passt-selinux passt-selinux-0^20250606.g754c6d7-1.fc42.noarch Reproducible: Always Steps to Reproduce: 1. dnf upgrade --refresh -y 2. upgrade scriptlet for passt-selinux fails Expected Results: passt-selinux updates without fail
Same here, thanks for already creating the issue. Additionally I got one for the the gvfs directory: [On upgrade] >>> Running post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Finished post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch >>> Scriptlet output: >>> restorecon: Could not stat /run/user/1000/doc: Permission denied. >>> restorecon: Could not stat /run/user/1000/gvfs: Permission denied. >>> Logged in on my regular account (1000) I can stat these but when I switch to root, indeed the stat fails and ls -l output shows some questionmarks: [root@David-UB 1000]# stat doc stat: cannot statx 'doc': Permission denied [root@David-UB 1000]# stat gvfs stat: cannot statx 'gvfs': Permission denied [root@David-UB 1000]# ll ls: cannot access 'doc': Permission denied ls: cannot access 'gvfs': Permission denied total 4 [...regular ls -l output ...] d?????????? ? ? ? ? ? doc [...] d?????????? ? ? ? ? ? gvfs [...] [root@David-UB 1000]# mount | grep 1000 tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=3259760k,nr_inodes=814940,mode=700,uid=1000,gid=1000,inode64) gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) I'm curious on why that is, meaning a file(system) being not accessible by root unless you su to the correct user.
Thanks lemmingnr13 and David for reporting this! I haven't reproduced the issue yet, but I would suggest that you have a look at https://bodhi.fedoraproject.org/updates/FEDORA-2025-f454466bb6 and specifically https://bodhi.fedoraproject.org/updates/FEDORA-2025-f454466bb6#comment-4112179 meanwhile. I think what's missing here is a dependency on 'container-selinux'.
Patches just posted upstream for review: https://archives.passt.top/passt-dev/20250610151130.3425150-1-sbrivio@redhat.com/ https://archives.passt.top/passt-dev/20250610151135.3425210-1-sbrivio@redhat.com/
(In reply to David Auer from comment #1) > Same here, thanks for already creating the issue. Additionally I got one for > the the gvfs directory: > > [On upgrade] > >>> Running post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch > >>> Finished post-transaction scriptlet: passt-selinux-0:0^20250606.g754c6d7-1.fc42.noarch > >>> Scriptlet output: > >>> restorecon: Could not stat /run/user/1000/doc: Permission denied. > >>> restorecon: Could not stat /run/user/1000/gvfs: Permission denied. > >>> > These are special fuse file systems and have their own rules for permission. So it is normal you get these permission denials.
FEDORA-2025-4072ac07d4 (passt-0^20250611.g0293c6f-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-4072ac07d4
FEDORA-2025-6b926450ac (passt-0^20250611.g0293c6f-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-6b926450ac
FEDORA-2025-6b926450ac has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-6b926450ac` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-6b926450ac See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-4072ac07d4 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4072ac07d4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4072ac07d4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-6b926450ac (passt-0^20250611.g0293c6f-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-4072ac07d4 (passt-0^20250611.g0293c6f-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.