On Wed, 2015-04-15 at 14:31 -0400, Colin Walters wrote: > Users of CentOS Atomic 7 will hit this error on upgrading now: > > # atomic upgrade > Updating from: centos-atomic-host:centos/7/atomic/x86_64/cloud-docker-host > > Receiving objects: 24% (1436/5931) 308.3 kB/s 34.2 MB > error: fsetxattr: Invalid argument > > What's happening here is that this is a full atomic switch from a CentOS 7.0 > to CentOS 7.1 base - but we're using the old selinux policy to do it. The > 7.0 SELinux policy had a bug with respect to rpm-ostree that caused a domain > transition to not occur. > > You can work around this with: > > # runcon -r system_r -t install_t atomic upgrade > > This workaround will only be necessary one time - after that the 7.1 SELinux > policy will be in place and the correct domain transition will occur.
dwalsh, shouldn't atomic upgrade has CAP_MAC_ADMIN, so we never hit this in the future? -Eric
