Comments

337 Comments

works here.

works here.

works here.

karma

Works for me.

I made some more investigations, and reported https://bugzilla.redhat.com/show_bug.cgi?id=2342260. This really is specific to updating selinux-policy together with some other foo-selinux in the same dnf run. Updating separately works. The observable difference other than the "policy rejections" is that "semodule -l" has an additional "extra_binsbin" policy in the broken case.

In https://github.com/cockpit-project/cockpit-machines/issues/1989 cockpit-machines nightly test ran against a VM which already had the new pcp-selinux installed, so it's not unpack order after all. It of course still could be related to some interference with pcp-6.3.2-3.fc41

There is something a lot more subtle going on, I updated notes in https://github.com/cockpit-project/cockpit-machines/issues/1983

  • Updating only this selinux-policy bodhi in isolation works.
  • Updating pcp from FEDORA-2025-f69b50954b works. Then updating selinux-policy still works.
  • But updating pcp-selinux and selinux-policy together triggers this bug.

This feels very sensitive to upgrade/unpack order.

Cockpit's nightly CI run against updates-testing found a regression, see https://github.com/cockpit-project/cockpit-machines/issues/1983 for details. virt-instalal fails with

internal error: process exited while connecting to monitor: 2025-01-18T04:40:53.357895Z qemu-system-x86_64: -blockdev {\"driver\":\"nbd\",\"server\":{\"type\":\"unix\",\"path\":\"/var/lib/libvirt/qemu/domain-1-subVmTestCreate1/nbdkit-libvirt-1-storage.socket\"},\"node-name\":\"libvirt-1-storage\",\"read-only\":true}: Failed to connect to '/var/lib/libvirt/qemu/domain-1-subVmTestCreate1/nbdkit-libvirt-1-storage.socket': Permission denied Domain installation does not appear to have been successful.

The journal shows the corresponding failure:

type=AVC msg=audit(1737175253.355:637): avc: denied { connectto } for pid=4246 comm="nbd-connect" path="/var/lib/libvirt/qemu/domain-1-subVmTestCreate1/nbdkit-libvirt-1-storage.socket" scontext=system_u:system_r:svirt_tcg_t:s0:c172,c897 tcontext=system_u:system_r:nbdkit_t:s0:c172,c897 tclass=unix_stream_socket permissive=0

(test works after setenforce 1)

I didn't investigate this very deeply yet -- it's Saturday early morning, and next week our team is on a sprint and not able to react timely to such issues. But we need to stop the regression from landing in stable updates.

Works here as well, thanks!

BZ#2333955 pcmanfm SIGSEGV at start g_type_check_instance (type_instance=0x100000000) at ../gobject/gtype.c:4257 if (type_instance->g_class)

Updates/works fine here.

Updates and works fine.

karma

Update and pages work fine here.

works fine.

Installs, upgrades, works.

Installs, upgrades, works.

karma

rpminspect failures are expected. I sent https://github.com/rpminspect/rpminspect-data-fedora/pull/60 to clear them.

karma

rpminspect failures are expected. I sent https://github.com/rpminspect/rpminspect-data-fedora/pull/60 to clear them.

BZ#2328627 2.8.1-1.rc2 regression: rpc.statd crashes with SIGABRT in nsm_atomic_write()