How do I fix an F36 system that gets this error:
$ sudo setsebool -PV rsync_export_all_ro true Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 Failed to resolve AST Failed to commit changes to booleans: Success $
I believe the error was created when I upgraded. This bug report was identified and a duplicate of mine at that time (about a month ago):
https://bugzilla.redhat.com/show_bug.cgi?id=2075651
I have tried uninstalling and reinstalling selinux-policy to no avail.
On Mon, 2022-05-02 at 16:51 -0400, Garry T. Williams wrote:
How do I fix an F36 system that gets this error:
$ sudo setsebool -PV rsync_export_all_ro true Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 Failed to resolve AST Failed to commit changes to booleans: Success $I believe the error was created when I upgraded. This bug report was identified and a duplicate of mine at that time (about a month ago):
https://bugzilla.redhat.com/show_bug.cgi?id=2075651I have tried uninstalling and reinstalling selinux-policy to no avail.
See https://bugzilla.redhat.com/show_bug.cgi?id=2056303 for quite a lot of discussion about this kinda thing. You can try:
dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux
as suggested in comment #93.
On Monday, May 2, 2022 6:17:46 PM EDT Adam Williamson wrote:
On Mon, 2022-05-02 at 16:51 -0400, Garry T. Williams wrote:
How do I fix an F36 system that gets this error:
$ sudo setsebool -PV rsync_export_all_ro true Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/flatpak/cil:122 Failed to resolve AST Failed to commit changes to booleans: Success $I believe the error was created when I upgraded. This bug report was identified and a duplicate of mine at that time (about a month ago):
https://bugzilla.redhat.com/show_bug.cgi?id=2075651I have tried uninstalling and reinstalling selinux-policy to no avail.
See https://bugzilla.redhat.com/show_bug.cgi?id=2056303 for quite a lot of discussion about this kinda thing. You can try:
dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux
as suggested in comment #93.
Thanks, Adam. But reinstalling already failed to fix the problem for me. But I tried comment #13,
sudo semodule -X 200 -r snappy -r container -r flatpak -X 400 -r pcpupstream -r pcpupstream-container -X 100 -r pcp
and that did the trick for me (flatpak and pcp were the only modules installed here). My policy is no longer broken.
On Tue, May 3, 2022 at 12:58 AM Garry T. Williams gtwilliams@gmail.com wrote:
Thanks, Adam. But reinstalling already failed to fix the problem for me.
Gary, have you tried reinstalling just selinux-policy, or have you tried the exact command as suggested by Adam? Because the problem was most probably in flatpak-selinux, according to your error message. We're nearing F36 release and this issue is quite important - please tell us what exactly you tried before restorting to 'semodule -r', it will help us a lot. Thanks!
On Tuesday, May 3, 2022 6:55:45 AM EDT Kamil Paral wrote:
On Tue, May 3, 2022 at 12:58 AM Garry T. Williams gtwilliams@gmail.com wrote:
Thanks, Adam. But reinstalling already failed to fix the problem for me.
Gary, have you tried reinstalling just selinux-policy, or have you tried the exact command as suggested by Adam? Because the problem was most probably in flatpak-selinux, according to your error message. We're nearing F36 release and this issue is quite important - please tell us what exactly you tried before restorting to 'semodule -r', it will help us a lot. Thanks!
From my shell history:
sudo dnf erase selinux-policy selinux-policy-targeted swtpm swtpm-libs swtpm-tools sudo dnf install selinux-policy selinux-policy-targeted swtpm swtpm-libs swtpm-tools sudo dnf reinstall selinux-policy-targeted swtpm sudo dnf reinstall selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux
Incidentally, I only have selinux-policy-targeted and swtpm installed on this system:
$ rpm -q selinux-policy-targeted swtpm snapd-selinux flatpak-selinux container-selinux osbuild-selinux selinux-policy-targeted-36.6-1.fc36.noarch swtpm-0.7.2-1.20220307git21c90c1.fc36.x86_64 package snapd-selinux is not installed package flatpak-selinux is not installed package container-selinux is not installed package osbuild-selinux is not installed $
-
Adam Williamson -
Garry T. Williams -
Kamil Paral