Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1531858
Summary: | On fully upgraded F27, can't install container-selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robin Powell <rlpowell> |
Component: | container-selinux | Assignee: | Lokesh Mandvekar <lsm5> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 27 | CC: | amurdaca, dwalsh, fkluknav, jchaloup, jlebon, lsm5 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | container-selinux-2.40-1.fc26 container-selinux-2.42-1.fc27 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-01-23 21:17:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robin Powell
2018-01-06 08:21:15 UTC
Fixed in container-selinux-2.38-1.fc27 Not for me. Downloaded the noarch from https://koji.fedoraproject.org/koji/buildinfo?buildID=1013878 and: rlpowell@vrici> sudo dnf reinstall ./container-selinux-2.38-1.fc27.noarch.rpm Last metadata expiration check: 2:07:28 ago on Sat 06 Jan 2018 08:06:25 AM PST. Dependencies resolved. ============================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================== Reinstalling: container-selinux noarch 2:2.38-1.fc27 @commandline 36 k Transaction Summary ============================================================================================================================================================================== Total size: 36 k Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Reinstalling : container-selinux-2:2.38-1.fc27.noarch 1/2 Running scriptlet: container-selinux-2:2.38-1.fc27.noarch 1/2 Child type container_t exceeds bounds of parent container_runtime_t (allow container_t console_device_t (chr_file (read))) <root> allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1193 (allow container_domain console_device_t (chr_file (ioctl read write getattr lock append))) (allow container_t tty_device_t (chr_file (ioctl read write lock append))) <root> allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1192 (allow container_domain tty_device_t (chr_file (ioctl read write getattr lock append))) (allow container_t xen_devpts_t (chr_file (ioctl read write lock append))) <root> allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1189 (allow container_domain ptynode (chr_file (ioctl read write getattr lock append))) (that last output is incomplete; I didn't figure it mattered) Nope, I will fix it in next release Fixed in container-selinux-2.39-1.fc27 container-selinux-2.39-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d288c81a2 container-selinux-2.39-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e513053ca9 Robin, this time I tried it out on my F27 box with unconfined disabled and it installed ok. Confirmed, thanks! Hmm. Let me know if you want me to open a new bug for this, but: rlpowell@vrici> sudo semanage dontaudit off Child type container_t exceeds bounds of parent container_runtime_t (allow container_t user_devpts_t (chr_file (open))) <root> allow at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1199 (allow container_domain user_devpts_t (chr_file (ioctl read write getattr lock append open))) Failed to generate binary OSError: [Errno 0] Error container-selinux-2.39-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d288c81a2 Robin, you got that after the update? container-selinux-2.39-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e513053ca9 Yes, that was after sudo dnf install ./container-selinux-2.39-1.fc27.noarch.rpm Weird that the first compile/install did not find it. I did see a boolean that would allow this access daemons_use_tty --> off Fixed in container-selinux-2.40-1 container-selinux-2.41-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8d78cc34a3 container-selinux-2.40-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-827888cfdd Confirmed. Thank you! container-selinux-2.40-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-827888cfdd container-selinux-2.41-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8d78cc34a3 container-selinux-2.42-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-324df658f1 container-selinux-2.42-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-324df658f1 container-selinux-2.40-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. container-selinux-2.42-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |