Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

selinux error on fedora 41 #1325

Open
martinus opened this issue Nov 29, 2024 · 3 comments
Open

selinux error on fedora 41 #1325

martinus opened this issue Nov 29, 2024 · 3 comments

Comments

@martinus
Copy link

Error

Error: 
   0: Install failure
   1: Error executing action
   2: Action `provision_selinux` errored
   3: Failed to execute command `"semodule" "--install" "/usr/share/selinux/packages/nix.pp"`
      stdout: 
      stderr: Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/200/snappy/cil:222
      Failed to resolve AST
      semodule:  Failed!

   3: exited with status code: 1

Metadata

key value
version 0.30.1
os linux
arch x86_64
@martinus
Copy link
Author

It appears that issue was caused by leftover stuff from fedora system upgrade. I had to

  1. remove the problematic selinux modules (see https://bugzilla.redhat.com/show_bug.cgi?id=2069325#c6):
    sudo semodule -X 300 -r my-snapd -X 200 -r snappy
  2. Manually remove the nix.pp file from the nix-installer (or it fails when trying to remove the nix module):
    sudo rm /usr/share/selinux/packages/nix.pp

And then run the installer again

@cole-h
Copy link
Member

cole-h commented Dec 2, 2024

Thanks for documenting how you got this fixed! Do you have any more information on "or it fails when trying to remove the nix module"? We could probably make that nicer if you can provide the logs / errors you encountered.

@martinus
Copy link
Author

martinus commented Dec 2, 2024

Do you have any more information on "or it fails when trying to remove the nix module"?

When I did not remove the /usr/share/selinux/packages/nix.pp, nix-installer seems to think that it has already installed some selinux stuff (which it hasn't, it seems to have only copied that file there) and then fails while trying to uninstall the selinux file. Thus I had to manually remove the file

I don't have the error message any more unfortunately, I think it tried to do selinux --remove nix which fails

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants