Skip to content

ci: update policycoreutils for CentOS 10#5123

Merged
rata merged 1 commit into
opencontainers:mainfrom
kolyshkin:ci-el10
Feb 25, 2026
Merged

ci: update policycoreutils for CentOS 10#5123
rata merged 1 commit into
opencontainers:mainfrom
kolyshkin:ci-el10

Conversation

@kolyshkin
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin commented Feb 24, 2026
edited
Loading

When container-selinux 4:2.246.0-1.el10 is installed, it produces the
following %post script warnings:

...
Running scriptlet: container-selinux-4:2.246.0-1.el10.noarch 26/37
Installing : container-selinux-4:2.246.0-1.el10.noarch 26/37
Running scriptlet: container-selinux-4:2.246.0-1.el10.noarch 26/37
libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed with code: 255. (No data available).
libsemanage.semanage_compile_module: container: libsepol.policydb_read: policydb module version 24 does not match my version range 4-23.
libsemanage.semanage_compile_module: container: libsepol.sepol_module_package_read: invalid module in module package (at section 0).
libsemanage.semanage_compile_module: container: libsepol.sepol_ppfile_to_module_package: Failed to read policy package.
libsemanage.semanage_direct_commit: Failed to compile hll files into cil files. (No data available).
semodule: Failed!
...

For some reason, dnf install still succeeds, but when the selinux tests
fail with:

chcon: failed to change context of '/tmp/bats-run-3MMyYP/runc.szTqBc/bundle/runc' to ‘system_u:object_r:container_runtime_exec_t:s0’: Invalid argument

All this is fixed once policycoreutils is added to the list of RPMS so
it is updated (from 3.9-3.el10 to 3.10-1.el10) during the same
transaction.

Update: filed upstream issue https://issues.redhat.com/browse/RHEL-151636

@kolyshkin
ci: update policycoreutils for CentOS 10
3235c5a 
When container-selinux 4:2.246.0-1.el10 is installed, it produces the
following %post script warnings:

> ...
>   Running scriptlet: container-selinux-4:2.246.0-1.el10.noarch            26/37
>   Installing       : container-selinux-4:2.246.0-1.el10.noarch            26/37
>   Running scriptlet: container-selinux-4:2.246.0-1.el10.noarch            26/37
> libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed with code: 255. (No data available).
> libsemanage.semanage_compile_module: container: libsepol.policydb_read: policydb module version 24 does not match my version range 4-23.
> libsemanage.semanage_compile_module: container: libsepol.sepol_module_package_read: invalid module in module package (at section 0).
> libsemanage.semanage_compile_module: container: libsepol.sepol_ppfile_to_module_package: Failed to read policy package.
> libsemanage.semanage_direct_commit: Failed to compile hll files into cil files. (No data available).
> semodule:  Failed!
> ...

For some reason, dnf install still succeeds, but when the selinux tests
fail with:

> chcon: failed to change context of '/tmp/bats-run-3MMyYP/runc.szTqBc/bundle/runc' to ‘system_u:object_r:container_runtime_exec_t:s0’: Invalid argument

All this is fixed once policycoreutils is added to the list of RPMS so
it is updated (from 3.9-3.el10 to 3.10-1.el10) during the same
transaction.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin changed the title [test] ci: update policycoreutils for EL10 ci: update policycoreutils for CentOS 10 Feb 25, 2026
@kolyshkin kolyshkin added backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Feb 25, 2026
@kolyshkin kolyshkin marked this pull request as ready for review February 25, 2026 00:14
@kolyshkin kolyshkin mentioned this pull request Feb 25, 2026
Merged
rata
rata approved these changes Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@rata rata left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

I guess we need to backport this? EDIT: sorry, missed it already had the labels :)

@rata rata merged commit 1c30a17 into opencontainers:main Feb 25, 2026
42 checks passed
This was referenced Feb 25, 2026
Merged
Merged
@kolyshkin kolyshkin added backport/1.3-done A PR in main branch which has been backported to release-1.3 backport/1.4-done A PR in main branch which has been backported to release-1.4 and removed backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Feb 25, 2026
@rata rata mentioned this pull request Mar 6, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rata rata rata approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

area/ci backport/1.3-done A PR in main branch which has been backported to release-1.3 backport/1.4-done A PR in main branch which has been backported to release-1.4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @rata @AkihiroSuda