Installing *sec-policy/selinux-crio* reports "SELinux module load failed" unless *sec-policy/selinux-podman* is also installed. The underlying error is: # semodule -i base.pp $(find . -name '*.pp' -not -name base.pp) Failed to resolve typeattributeset statement at /var/lib/selinux/strict/tmp/modules/400/crio/cil:45 Failed to resolve AST semodule: Failed! The line in the CIL it refers to is: (typeattributeset application_exec_type (crio_exec_t conmon_exec_t )) The missing type, `conmon_exec_t`, is provided by `podman.pp`.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=082ff76f18247fb582f2be699488f86051601b1f commit 082ff76f18247fb582f2be699488f86051601b1f Author: Kenton Groombridge <concord@gentoo.org> AuthorDate: 2023-03-31 17:53:46 +0000 Commit: Kenton Groombridge <concord@gentoo.org> CommitDate: 2023-03-31 18:22:40 +0000 sec-policy/selinux-crio: add dependency for sec-policy/selinux-podman Bug: https://bugs.gentoo.org/902083 Signed-off-by: Kenton Groombridge <concord@gentoo.org> sec-policy/selinux-crio/Manifest | 1 + sec-policy/selinux-crio/selinux-crio-9999.ebuild | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-)
Fixed in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dc00bbfff3c833f21aaf7cfd9e5407ccaf04352 (comment was too long).