🟠 High   ⏱ 5–30 min  Last verified: 25 May 2026
Affected versions: Oracle Linux 8

📖 ~4 min read  •  Source: Oracle Bug 29502976

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

On Oracle Linux 8 systems, Oracle Bug 29502976 reports the behaviour described in the title: selinux: "class bpf not defined in policy" and "class xdp_socket not defined in policy" errors occur during a boot. The condition surfaces during install, boot, or normal operation depending on the affected subsystem. Operators see failed systemctl status output, abnormal entries in journalctl -xe, and — where the package is part of the serving path — degraded availability. On Oracle Linux 8, impact ranges from a single service restart loop to wider production incidents depending on host role and the criticality of SELinux:.

Environment & Reproduction

Reproduction targets Oracle Linux 8 running either the Red Hat Compatible Kernel or the Unbreakable Enterprise Kernel. Confirm release with cat /etc/oracle-release and kernel with uname -r. Trigger the workflow that exposes SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot while collecting journalctl -b, dnf history, and rpm -qa output for correlation against Oracle Bug 29502976.

Root Cause Analysis

Root cause is tracked in the Oracle Linux release notes (Oracle Bug 29502976). The defect lives in a specific kernel, firmware, or userspace component shipped with the GA channel and Oracle has documented either a fix in a later errata or a supported workaround. Correlate journalctl --since timestamps with dnf history and ausearch -m AVC entries to isolate the originating change. On Oracle Linux 8, modular streams, UEK kernel variants, and OEL-specific errata can each shift the package set used by the failure path.

Quick Triage

Quick triage: run systemctl status SELinux:, journalctl -u SELinux: -n 200, firewall-cmd --list-all, getenforce, dnf check, and rpm -Va. If SELinux is enforcing, capture ausearch -m AVC -ts recent to surface denials linked to SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot.

Step-by-Step Diagnosis

1) Confirm the symptom with systemctl --failed. 2) Inspect logs: journalctl -xe and journalctl -u SELinux:. 3) Validate firewall: firewall-cmd --list-all-zones. 4) Check SELinux denials: ausearch -m AVC,USER_AVC -ts today. 5) Verify package integrity: dnf check and rpm -V SELinux:. 6) Correlate findings with dnf history, /var/log/dnf.log and Oracle Bug 29502976 to pin the change that introduced SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot.

Solution – Primary Fix

Primary fix for SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot: apply the corrective dnf transaction described in Oracle Bug 29502976, reload the affected systemd unit, and reconcile firewalld and SELinux state. Typical commands: sudo dnf -y update, sudo dnf -y upgrade --refresh, sudo systemctl daemon-reload, sudo reboot (only if the advisory says a reboot is required). Validate immediately with systemctl is-active SELinux:.

Need help applying this fix at scale? Our IT Solutions & Services team rolls Oracle Linux patches across estates with zero-downtime change windows. Get in touch for a free consultation.

Solution – Alternative Approaches

Alternatives include rolling back the offending transaction with sudo dnf history undo <id>, pinning the package via dnf versionlock, switching the firewall backend between nftables and iptables in /etc/firewalld/firewalld.conf, or temporarily setting SELinux permissive (setenforce 0) to confirm policy is the cause before authoring a custom module with audit2allow. For Oracle Linux specifically, Ksplice live patching may close the gap without reboot when the advisory has Ksplice coverage.

Verification & Acceptance Criteria

Acceptance: uname -r && cat /etc/oracle-release shows the expected fixed version, systemctl is-active SELinux: returns active, journalctl -u SELinux: --since "5 minutes ago" shows no errors, firewall-cmd --list-services includes the required services, getenforce reports the intended mode, and the original reproduction steps for SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot no longer trigger the failure across two consecutive runs.

Rollback Plan

Capture state with dnf history list and rpm -qa > /root/rpm-pre.txt before any change. To revert, run sudo dnf history undo <id>, restore /etc backups, and reload systemctl daemon-reload. For SELinux modules, remove with sudo semodule -r <module>. Reboot if the kernel or initramfs was changed and re-verify symptoms.

Prevention & Hardening

Prevent recurrence with dnf-automatic security updates, needs-restarting -r checks, immutable systemd drop-ins under /etc/systemd/system/<unit>.d/, version-locked firewalld zones, and audit rules in /etc/audit/rules.d/. Apply CIS Oracle Linux 8 hardening, subscribe to the Oracle Linux errata mailing list, and monitor file integrity with aide --check. Where supported, enable Oracle Ksplice so future advisories like this can be remediated live without reboot.

Related issues that commonly surface alongside SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot: dnf transaction lock contention, systemd unit ordering cycles, SELinux AVC bursts, firewalld zone drift, and kernel taint flags shown by cat /proc/sys/kernel/tainted. See sibling common-problem articles in this Oracle Linux 8 series for adjacent failure modes.

View all oracle-linux-8 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Primary reference: Oracle Bug 29502976. Supporting docs: Oracle Linux 8 Administrators Guide, Red Hat Enterprise Linux documentation (upstream), man dnf, man systemctl, man firewall-cmd, man semanage, man journalctl, the Oracle Linux yum server changelog, and the Oracle Ksplice known-fixes feed. Review /usr/share/doc/ package documentation for the components implicated in SELinux: "Class bpf not defined in policy" and "Class xdp_socket not defined in policy" errors occur during a boot.