Bug ID 1207836
Summary ���������container-selinux conflicting with rke2-selinux and ������������������k3s-selinux (MicroOS)
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Tumbleweed
Status NEW
Severity Major
Priority P5 - None
Component Containers
Assignee containers-bugowner@suse.de
Reporter henrik.dermer@fouredge.se
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

On a fresh install of MicroOS, kernel 6.1.8-1-default (I have not tested on
Tumbleweed transactional) installing rke2-selinux and ������������������k3s-selinux print the
following,

Conflicting name type transition rules
Binary policy creation failed at
/var/lib/selinux/targeted/tmp/modules/400/rke2/cil:324
Failed to generate binary
semodule:  Failed!

I report this bug here since it's been working earlier, with the same selinux
packages for RKE2 and K3S.

This issue prevents RKE2 and K3S to start. containerd when running RKE2 is
logging,

time="2023-02-01T17:41:08.449020719+01:00" level=warning msg="cleanup warnings
time=\"2023-02-01T17:41:08+01:00\" level=info msg=\"starting signal loop\"
namespace=k8s.io pid=1491
runtime=io.containerd.runc.v2\ntime=\"2023-02-01T17:41:08+01:00\" level=warning
msg=\"failed to read init pid file\" error=\"open
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/cd82f9836efb766f011072fa70dbe98b5fcc2b1f21b2d384a317a25261ff8d7e/init.pid:
no such file or directory\" runtime=io.containerd.runc.v2\n"
time="2023-02-01T17:41:08.449375940+01:00" level=error msg="copy shim log"
error="read /proc/self/fd/25: file already closed"
time="2023-02-01T17:41:08.453617146+01:00" level=error msg="RunPodSandbox for
&PodSandboxMetadata{Name:etcd-node1.k8s.testing,Uid:e18aa5e5b83a5a3c56d78e4054612394,Namespace:kube-system,Attempt:0,}
failed, error" error="failed to create containerd task: failed to create shim
task: OCI runtime create failed: runc create failed: unable to start container
process: error during container init: write /proc/self/attr/keycreate: invalid
argument: unknown"


You are receiving this mail because: