❯ podman run --rm -it -v`pwd`:/srv/:Z ubuntu sh
Error: relabel failed "/home/user": SELinux relabeling of /home/user is not allowed
❯ podman run --rm -it ubuntu sh
❯ systemctl start docker
A dependency job for docker.service failed. See 'journalctl -xe' for details.
❯ journalctl -u docker.service -b
Dependency failed for Docker Application Container Engine.
docker.service: Job docker.service/start failed with result 'dependency'.
Downgrading to selinux-policy-3.14.5-32.fc32.noarch and relabelling the file system seems to solve the problem.
I tried downgrade to selinux-policy-3.14.5-32.fc32 but still. I can't install/update any Flatpak for almost two days. Not sure this, crun update or something else causing this, but please take a look into this.
What version of container-selinux package do you have installed? If it is older than container-selinux-2.131.0-1.fc32, could you update it first and then continue with updating other packages?
The selinux-policy-targeted scriptlet takes several minutes (at least 3 but no more than 15), but the update succeeds at the end. aureport gives plenty of:
I do not use containers much. Right now I launched HandBrake via bwrap and everything went OK.
As for me, I created semodule on the fly for restorecon, but waited for about an hour for selinux-policy-targeted scriptlet to finish and forcibly interrupted the process. Then I manually cleaned up undeleted versions of upgraded packages and performed touch /.autorelabel.
So at the moment I have the latest versions of selinux-policy & container-selinux installed.
This update has been submitted for testing by zpytela.
This update's test gating status has been changed to 'waiting'.
This update has obsoleted selinux-policy-3.14.5-35.fc32, and has inherited its bugs and notes.
This update's test gating status has been changed to 'ignored'.
Update is holding over on running scriptlet selinux-policy-targeted-3.14.5-36.fc32.noarch
The same.
Can't start any containers anymore.
Downgrading to
selinux-policy-3.14.5-32.fc32.noarch
and relabelling the file system seems to solve the problem.I tried downgrade to
selinux-policy-3.14.5-32.fc32
but still. I can't install/update any Flatpak for almost two days. Not sure this,crun
update or something else causing this, but please take a look into this.This update has been obsoleted.
Finally i workarounded at least this issue with Flatpak. What i did (if some one struggle with this too):
selinux-policy-3.14.5-32
sudo touch /.autorelabel
sudo systemctl reboot
Thanks @sedrubal for inspiration to try this again. :)
I did something similar too, but without a rollback to the previous version.
It would be worth scriptletting update to execute touch /.autorelabel during the next reboot instead of starting restorecon.
@sedrubal
To avoid downgrading it can work out by executing touch /.autorelabel after manual cleanup undeleted previous versions of packages:)
@bluepencil @churchyard @sedrubal
What version of container-selinux package do you have installed? If it is older than container-selinux-2.131.0-1.fc32, could you update it first and then continue with updating other packages?
I've had container-selinux-2:2.130.0-1.fc32. Now I have container-selinux-2:2.131.0-1.fc32. I will try this update again.
The selinux-policy-targeted scriptlet takes several minutes (at least 3 but no more than 15), but the update succeeds at the end.
aureport
gives plenty of:And podman once again doesn't strat.
I do not use containers much. Right now I launched HandBrake via bwrap and everything went OK.
As for me, I created semodule on the fly for restorecon, but waited for about an hour for selinux-policy-targeted scriptlet to finish and forcibly interrupted the process. Then I manually cleaned up undeleted versions of upgraded packages and performed touch /.autorelabel. So at the moment I have the latest versions of
selinux-policy
&container-selinux
installed.