FEDORA-2019-a549a444fc created by dwalsh 2 years ago for Fedora 31
stable

Add new syscalls

How to install

sudo dnf upgrade --advisory=FEDORA-2019-a549a444fc

This update has been submitted for testing by dwalsh.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon sikevux commented & provided feedback 2 years ago
karma

LGTM

User Icon halis commented & provided feedback 2 years ago
karma

containers-common is not working for me.

Here is installation attempt:

Dependencies resolved.
=======================================================================================================================================================================================================================================================================
 Package                                                            Architecture                                            Version                                                             Repository                                                        Size
=======================================================================================================================================================================================================================================================================
Upgrading:
 containers-common                                                  x86_64                                                  1:0.1.40-4.fc31                                                     updates-testing                                                   49 k

Transaction Summary
=======================================================================================================================================================================================================================================================================
Upgrade  1 Package

Total download size: 49 k
Is this ok [y/N]: y
Downloading Packages:
containers-common-0.1.40-4.fc31.x86_64.rpm                                                                                                                                                                                             162 kB/s |  49 kB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                   43 kB/s |  49 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                               1/1 
  Upgrading        : containers-common-1:0.1.40-4.fc31.x86_64                                                                                                                                                                                                      1/2 
error: lsetfilecon: (/var/lib/containers/sigstore, system_u:object_r:container_var_lib_t:s0) Invalid argument
error: Plugin selinux: hook fsm_file_prepare failed

Error unpacking rpm package containers-common-1:0.1.40-4.fc31.x86_64
  Verifying        : containers-common-1:0.1.40-4.fc31.x86_64                                                                                                                                                                                                      1/2 
  Verifying        : containers-common-1:0.1.40-3.fc31.x86_64                                                                                                                                                                                                      2/2 

Failed:
  containers-common-1:0.1.40-4.fc31.x86_64                                                                                           containers-common-1:0.1.40-3.fc31.x86_64                                                                                          

Error: Transaction failed

SElinux output:

type=AVC msg=audit(1574593430.397:15973): avc:  denied  { mac_admin } for  pid=427440 comm="dnf" capability=33  scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 permissive=0

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

The issue is container-selinux. Could you attempt to reinstall container-selinux dnf -y update container-selinux

Seems like there is another issue:

LANG=C sudo dnf -y reinstall --refresh container-selinux
 Package                                                              Architecture                                              Version                                                               Repository                                                  Size
=======================================================================================================================================================================================================================================================================
Reinstalling:
 container-selinux                                                    noarch                                                    2:2.119.0-2.fc31                                                      updates                                                     48 k

Transaction Summary
=======================================================================================================================================================================================================================================================================

Total download size: 48 k
Installed size: 43 k
Downloading Packages:
container-selinux-2.119.0-2.fc31.noarch.rpm                                                                                                                                                                                            2.7 MB/s |  48 kB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                   12 kB/s |  48 kB     00:04     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                               1/1 
  Reinstalling     : container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     1/2 
  Running scriptlet: container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     1/2 
Conflicting name type transition rules
Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1786
Failed to generate binary
/usr/sbin/semodule:  Failed!
/etc/selinux/targeted/contexts/files/file_contexts:  invalid context system_u:object_r:container_var_lib_t:s0

  Cleanup          : container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     2/2 
  Running scriptlet: container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     2/2 
  Verifying        : container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     1/2 
  Verifying        : container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                     2/2 

Reinstalled:
  container-selinux-2:2.119.0-2.fc31.noarch                                                                                                                                                                                                                            

Complete!

Yes this is the issue. This package has been out there since October, so an updated version of selinux-policy is the likely cause.

rpm -q selinux-policy selinux-policy-3.14.4-41.fc31

Do you have something newer?

This was my state:

# LANG=C rpm -q selinux-policy selinux-policy-3.14.4-41.fc31
selinux-policy-3.14.4-40.fc31.noarch
package selinux-policy-3.14.4-41.fc31 is not installed
# LANG=C rpm -q selinux-policy selinux-policy               
selinux-policy-3.14.4-40.fc31.noarch
selinux-policy-3.14.4-40.fc31.noarch

Also, I am unable to find selinux-policy-3.14.4-41.fc31 in bodhi (https://bodhi.fedoraproject.org/updates/?search=&packages=selinux-policy&releases=F31).

User Icon mrunge commented & provided feedback 2 years ago
karma

I am seeing the same issue with selinux-policy-3.14.4-42.fc31.noarch

This update can be pushed to stable now if the maintainer wishes

2 years ago
User Icon halis commented & provided feedback 2 years ago
karma

It passed somehow.

The updated container-selinux should fix the problems you are seeing.

https://bodhi.fedoraproject.org/updates/FEDORA-2019-edc1551b22

This update has been submitted for stable by rhcontainerbot.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago

Automated Test Results