bsherman
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
https://discord.com/channels/1072614816579063828/1352341718942482615/1353954043101446185
which is a quote from https://bodhi.fedoraproject.org/updates/FEDORA-2025-e7a319968a
indicates someone saw the same kind of problem elsewhere probably just in a dnf run, maybe not in an ostree context
just changes to
selinux-policy-targeted and some other foo-selinux in the same dnf run
and I narrowed down the problem to both ucore and bazzite updating from:
selinux-policy-targeted 41.26-1.fc41 to 41.31-1.fc41 and 41.32-1.fc41 respectively
while also upgrading selinux-policy828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
the main thing is it correlates with a policy change in the package which updated related to dnf paths, and my un-cliwrap script was mucking with those specific paths... but yeah, it's not conclusive
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
But the cli wrap stuff could be a red herring? However, it does correlate and matches a change in the selinux policy package And that package update definitely seems to be in play.
The failure seemed to come from a rpm upgrade’s post section failing on restorecon or something.
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
I think the common factor is the upgrade of selinux-targeted-policy and the cli wrap stuff being on old image.
At least that’s the hunch.
We found other examples online where people hit the same basic error message when updating the package even on older Alma. So if something was out of whack, it could happen
In ucore, yeah I think we did/do cliwrap and as evidenced by my build logs.
And the timing of the issue on my server was waiting for an upgrade from an old image, but I could upgrade up until the date where that selinux policy package updated but not past it.
Similarly with Bazzite. When that package updated (incidentally during the big Bazzite stable upgrade in Feb which included removing cliwrap) that’s where I got stuck.
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
I think there are likely multi ways to reach the broken state. Example, I doubt Jean-Baptistse’s problem was tied to the un-cliwrap.
Dates are in thread. I can dig more closely.
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
see above, it works
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
bazzite tested workaround solution:
from
bazzite-custom:stable-20250204
bootc switch ghcr.io/ublue-os/bazzite-gnome-nvidia:stable-20250127
# reboot
bootc switch ghcr.io/ublue-os/bazzite-gnome-nvidia:stable
# reboot
should now be on current bazzite-gnome-nvidia no problems
bootc switch ghcr.io/mycustom/bazzite-custom:stable
# reboot
now be on current custom ucore-minimal no problems828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
verified success
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
so while waiting for that real hardware to do things...
ucore test reproduced the workaround solution:
from
ucore-minimal-custom:stable-20250209
bootc switch ghcr.io/ublue-os/ucore-minimal:stable-20250209
# reboot
bootc switch ghcr.io/ublue-os/ucore-minimal
#reboot
should now be on current ucore-minimal no problems
bootc switch ghcr.io/mycustom/ucore-minimal-custom:stable
#reboot
should now be on current custom ucore-minimal no problems828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
bazzite on desktop, so much slower to test than VM with ucore 😄
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
sudo bootc switch ghcr.io/ublue-os/bazzite-gnome-nvidia:stable-41.20250127 in the works828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
i'm going to test the bazzite update now
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
i'm just super, super happy to have a workaround
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
pretty much
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
828 replies
UBUniversal Blue
•Created by bsherman on 3/20/2025 in #💾ublue-dev
ostree-finalize-staged fails with SELinux error
let me check
828 replies