-
-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SELinux failures on Fedora 40 update #9503
Comments
It looks like all updates were actually installed anyway. And contexts seems to be set correctly, for example:
So, maybe it's just some transient issue? And also, it looks like SELinux labels issue crashed qubes-gui:
And was the reason for qrexec error:
QubesDB was not happy either:
And pipewire got crashed as a side effect too:
After all this, I see the SELinux policy got reloaded few more times, and at later time it said:
So the end state is correct I think, but at this point a bunch of services were crashed already... |
The best solution would be obviously to not invalidate a bunch of contexts during update. But if that cannot be avoided, maybe some workaround would be to temporarily enable permissive mode for the update time (for example if selinux-policy-targeted is part of the update)? Can it be done using rpm triggers? |
How to file a helpful issue
Qubes OS release
R4.2
Brief summary
fedora-40 update fails
Steps to reproduce
Run fedora-40 update using qubes-vm-update or qubes-update-gui
Expected behavior
Update completes normally
Actual behavior
Update fails. On the updater side, there is:
And on the fedora-40 console there is:
I'm not 100% sure those two are related, but it seems likely. The last denial looks to be not strictly qubes-related, so maybe the issue is in the upstream selinux policy?
Update summary
The text was updated successfully, but these errors were encountered: