On 20 Sep 2023 at 19:57, Zdenek Pytela wrote: From: Zdenek Pytela <zpytela@xxxxxxxxxx> Date sent: Wed, 20 Sep 2023 19:57:31 +0200 Subject: Re: Noticed Failed message with selinux-policy-targeted on 3 of 5 machines?? To: mikes@xxxxxxxx, Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> Send reply to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > > On Wed, Sep 20, 2023 at 8:25 AM Michael D. Setzer II via users > <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > In running dnf update on 5 machines noticed a fail message on 3 or 5? > To double check ran dnf reinstall selinux* and get this on failing > systems? > > Running transaction check > Transaction check succeeded. > Running transaction test > Transaction test succeeded. > Running transaction > Running scriptlet: > selinux-policy-minimum-38.28-1.fc38.noarch 1/1 > Running scriptlet: > selinux-policy-targeted-38.28-1.fc38.noarch 1/1 > Preparing : 1/1 > Reinstalling : selinux-policy-38.28-1.fc38.noarch 1/8 > Running scriptlet : selinux-policy-38.28-1.fc38.noarch 1/8 > Running scriptlet : > selinux-policy-minimum-38.28-1.fc38.noarch 2/8 > Reinstalling : > selinux-policy-minimum-38.28-1.fc38.noarch 2/8 > Running scriptlet : > selinux-policy-minimum-38.28-1.fc38.noarch 2/8 > Running scriptlet : > selinux-policy-targeted-38.28-1.fc38.noarch 3/8 > Reinstalling : selinux-policy-targeted-38.28-1.fc38.noarch 3/8 > Running scriptlet : > selinux-policy-targeted-38.28-1.fc38.noarch 3/8 > Failed to resolve allow statement at > /var/lib/selinux/targeted/tmp/modules/200/container/cil:1186 > Failed to resolve AST > /usr/sbin/semodule: Failed! > > Reinstalling : selinux-policy-devel-38.28-1.fc38.noarch 4/8 > Running scriptlet : selinux-policy-devel-38.28-1.fc38.noarch 4/8 > Cleanup : selinux-policy-devel-38.28-1.fc38.noarch 5/8 > Running scriptlet : selinux-policy-38.28-1.fc38.noarch 6/8 > Cleanup : selinux-policy-38.28-1.fc38.noarch 6/8 > Running scriptlet : selinux-policy-38.28-1.fc38.noarch 6/8 > Cleanup : selinux-policy-minimum-38.28-1.fc38.noarch 7/8 > Running scriptlet : > selinux-policy-minimum-38.28-1.fc38.noarch 7/8 > Cleanup : selinux-policy-targeted-38.28-1.fc38.noarch 8/8 > Running scriptlet : > selinux-policy-targeted-38.28-1.fc38.noarch 8/8 > Running scriptlet : > selinux-policy-minimum-38.28-1.fc38.noarch 8/8 > Running scriptlet : > selinux-policy-targeted-38.28-1.fc38.noarch 8/8 > Verifying : selinux-policy-38.28-1.fc38.noarch 1/8 > Verifying : selinux-policy-38.28-1.fc38.noarch 2/8 > Verifying : selinux-policy-devel-38.28-1.fc38.noarch 3/8 > Verifying : selinux-policy-devel-38.28-1.fc38.noarch 4/8 > Verifying : selinux-policy-minimum-38.28-1.fc38.noarch 5/8 > Verifying : selinux-policy-minimum-38.28-1.fc38.noarch 6/8 > Verifying : selinux-policy-targeted-38.28-1.fc38.noarch 7/8 > Verifying : selinux-policy-targeted-38.28-1.fc38.noarch 8/8 > > Reinstalled: > selinux-policy-38.28-1.fc38.noarch > selinux-policy-devel-38.28-1.fc38.noarch > selinux-policy-minimum-38.28-1.fc38.noarch > selinux-policy-targeted-38.28-1.fc38.noarch > > Complete! > > Other day get a message about about regex version not matching, and > was told to > reintall container-selinux. That doesn't seem to fix issue. > Did find changing to minimum option gets rid of the regex message? > But why 2 of the machines seem to have no problem, but other 3 get > same message? > Michael, > > The update restults may depend on other components or if some > customizations are in place. What version is container-selinux? > > rpm -qa "selinux-policy*" "*-selinux" > rpm -qa | grep selinux-policy selinux-policy-38.28-1.fc38.noarch selinux-policy-minimum-38.28-1.fc38.noarch selinux-policy-devel-38.28-1.fc38.noarch selinux-policy-doc-38.28-1.fc38.noarch selinux-policy-targeted-38.28-1.fc38.noarch Noticed one machine that gets failed didn't have selinux-policy-doc installed and installed it, then tried reinstalling all the selinux-policy and still got error? Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1186 Failed to resolve AST /usr/sbin/semodule: Failed! Files in that directory are -rw-------. 1 root root 2 Sep 21 08:09 lang_ext -rw-------. 1 root root 24411 Sep 21 08:09 hll -rw-------. 1 root root 13487 Sep 21 08:09 cil The cil file is a binary file, so not sure what :1186 means? that tmp directory doesn't exist on my notebook that doesn't have error? set selinux to minimal on machines. > I cannot reproduce your problem using any updating path with the latest > package versions. > > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxx > g > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > > -- > > Zdenek Pytela > Security SELinux team +------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@xxxxxxxx mailto:msetzerii@xxxxxxxxx Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+ _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
