Re: F36 Upgraded, But Now: Failed to resolve allow statement
On Tuesday, May 3, 2022 6:55:45 AM EDT Kamil Paral wrote: > On Tue, May 3, 2022 at 12:58 AM Garry T. Williams > wrote: > > Thanks, Adam. But reinstalling already failed to fix the problem for > > me. > > Gary, have you tried reinstalling just selinux-policy, or have you tried > the exact command as suggested by Adam? Because the problem was most > probably in flatpak-selinux, according to your error message. We're nearing > F36 release and this issue is quite important - please tell us what exactly > you tried before restorting to 'semodule -r', it will help us a lot. Thanks! From my shell history: sudo dnf erase selinux-policy selinux-policy-targeted swtpm swtpm-libs swtpm-tools sudo dnf install selinux-policy selinux-policy-targeted swtpm swtpm-libs swtpm-tools sudo dnf reinstall selinux-policy-targeted swtpm sudo dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux Incidentally, I only have selinux-policy-targeted and swtpm installed on this system: $ rpm -q selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux selinux-policy-targeted-36.6-1.fc36.noarch swtpm-0.7.2-1.20220307git21c90c1.fc36.x86_64 package snapd-selinux is not installed package flatpak-selinux is not installed package container-selinux is not installed package osbuild-selinux is not installed $ -- Garry T. Williams ___ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Upgraded, But Now: Failed to resolve allow statement
On Tue, May 3, 2022 at 12:58 AM Garry T. Williams wrote: > Thanks, Adam. But reinstalling already failed to fix the problem for > me. Gary, have you tried reinstalling just selinux-policy, or have you tried the exact command as suggested by Adam? Because the problem was most probably in flatpak-selinux, according to your error message. We're nearing F36 release and this issue is quite important - please tell us what exactly you tried before restorting to 'semodule -r', it will help us a lot. Thanks! ___ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Upgraded, But Now: Failed to resolve allow statement
On Monday, May 2, 2022 6:17:46 PM EDT Adam Williamson wrote: > On Mon, 2022-05-02 at 16:51 -0400, Garry T. Williams wrote: > > How do I fix an F36 system that gets this error: > > > > $ sudo setsebool -PV rsync_export_all_ro true > > Failed to resolve allow statement at > > /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 > > Failed to resolve AST > > Failed to commit changes to booleans: Success > > $ > > > > I believe the error was created when I upgraded. This bug report was > > identified and a duplicate of mine at that time (about a month ago): > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2075651 > > > > I have tried uninstalling and reinstalling selinux-policy to no avail. > > See https://bugzilla.redhat.com/show_bug.cgi?id=2056303 for quite a lot > of discussion about this kinda thing. You can try: > > dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux > container-selinux osbuild-selinux > > as suggested in comment #93. Thanks, Adam. But reinstalling already failed to fix the problem for me. But I tried comment #13, sudo semodule -X 200 -r snappy -r container -r flatpak -X 400 -r pcpupstream -r pcpupstream-container -X 100 -r pcp and that did the trick for me (flatpak and pcp were the only modules installed here). My policy is no longer broken. -- Garry T. Williams ___ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Upgraded, But Now: Failed to resolve allow statement
On Mon, 2022-05-02 at 16:51 -0400, Garry T. Williams wrote: > How do I fix an F36 system that gets this error: > > $ sudo setsebool -PV rsync_export_all_ro true > Failed to resolve allow statement at > /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 > Failed to resolve AST > Failed to commit changes to booleans: Success > $ > > I believe the error was created when I upgraded. This bug report was > identified and a duplicate of mine at that time (about a month ago): > > https://bugzilla.redhat.com/show_bug.cgi?id=2075651 > > I have tried uninstalling and reinstalling selinux-policy to no avail. See https://bugzilla.redhat.com/show_bug.cgi?id=2056303 for quite a lot of discussion about this kinda thing. You can try: dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux as suggested in comment #93. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net ___ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
F36 Upgraded, But Now: Failed to resolve allow statement
How do I fix an F36 system that gets this error: $ sudo setsebool -PV rsync_export_all_ro true Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 Failed to resolve AST Failed to commit changes to booleans: Success $ I believe the error was created when I upgraded. This bug report was identified and a duplicate of mine at that time (about a month ago): https://bugzilla.redhat.com/show_bug.cgi?id=2075651 I have tried uninstalling and reinstalling selinux-policy to no avail. -- Garry T. Williams ___ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure