I'd like to ask everybody to be considerate when giving negative karma as it effectively blocks delivering the update to stable release.

@nixuser will be fixed in the next build, anyway the domain is permissive so the access was not denied

@bojan, we already have a fix, new 41/42/43 builds will be later this week

@geraldosimao /2614 is a commit from today, will be merged for the next update

@bojan thanks for reporting https://github.com/fedora-selinux/selinux-policy/pull/2614

No issue found during testing.

@cmorris, i wanted a bz for sharing data and discussion, it is reasonably better than in these updates pages

since the problem is (hopefully) gone now, no further action is needed

thank you

FYI discussion continues in https://bugzilla.redhat.com/show_bug.cgi?id=2343677

@cmorris I have never seen such a problem, can you file a bz so that we can troubleshoot that? This could possibly help you:

semodule -B

but I am interested what is different on a system like yours and makes the update fail.

@julesbertholet it was reported here https://bugzilla.redhat.com/show_bug.cgi?id=2336620

I didn't run into issue like the ones reported, neither when the package was built, nor now. The symptoms are that custom SELinux modules distributed with packages like pcp-selinux were disabled. We have a test which installs all such modules, and again no such issue appears. There does not seem to be any related change in the latest selinux-policy-build. So I really wonder what makes the difference.

@ppisar see https://bugzilla.redhat.com/show_bug.cgi?id=2296271

The denial is harmless, the issue was actually resolved in cups: https://github.com/OpenPrinting/cups/pull/1076

@allenatdecisiv Since you gave a negative karma, did you notice any incorrect behaviour? Please provide some inputs.

you may need to rmdir /var/cache/systemd/home first as the issue manifests or not depending on the order of updates

rmdir /var/cache/systemd/home/
systemctl restart systemd-homed; sleep 1; systemctl status systemd-homed
ls -lZ /var/cache/systemd/
total 4
drwxr-xr-x. 2 root root system_u:object_r:systemd_homed_cache_t:s0 4096 Oct 15 13:43 home

systemd needs to be allowed to create /var/cache/systemd/home at least on some installations, so I've updated selinux-policy

please try a scratchbuild from https://github.com/fedora-selinux/selinux-policy/pull/2390/checks if you can, I want to merge it soon and create a new build

@tyrbiter @dustymabe can you please include some details? avc, syscall, path record new build can be done right away, but this feature does not have full functional testing so it did not manifest in our tests

IMO it's technically not a regression as using ssh by virtqemud was not allowed in the previous build. Anyway fix is on the way, a new build will be available today.

@stephent98 I accidentally ommited one commit when backporting, so it's fixed in rawhide only, F40 will follow soon. Please use negative karma wisely.