selinux-policy-3.13.1-128.12.fc22

  • Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080)
  • Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764)
  • Add interface dnssec_trigger_sigkill
  • Allow smsd use usb ttys. BZ(#1250536)
  • Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
  • Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS
  • Allow openhpid_t to read system state.
  • Add temporary fixes for sandbox related to #1103622. It allows to run everything under one sandbox type.
  • Added labels for files provided by rh-nginx18 collection
  • Dontaudit block_suspend capability for ipa_helper_t, this is kernel bug. Allow ipa_helper_t capability net_admin. Allow ipa_helper_t to list /tmp. Allow ipa_helper_t to read rpm db.
  • Allow rhsmcertd exec rhsmcertd_var_run_t files and rhsmcerd_tmp_t files. This rules are in hide_broken_sympthons until we find better solution.
  • Allow abrt_dump_oops_t to read proc_security_t files.
  • Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all domains state Allow abrt_dump_oops to ptrace all domains
  • Add interface abrt_dump_oops_domtrans()
  • Allow systemd-sysctl cap. sys_ptrace BZ(1253926)
  • Add label for kernel module dep files in /usr/lib/modules
  • Allow kernel_t domtrans to abrt_dump_oops_t
  • Added to files_dontaudit_write_all_mountpoints intefface new dontaudit rule, that domain included this interface dontaudit capability dac_override.

How to install

sudo dnf upgrade --advisory=FEDORA-2015-14076
This update has been submitted for testing by lvrabec. 4 years ago
This update has been pushed to testing 4 years ago
User Icon sergiodj commented & provided feedback 4 years ago

Fixes bug #1253926.

BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
User Icon bojan commented & provided feedback 4 years ago

Did this update address bug #1244573?

User Icon mjw commented & provided feedback 4 years ago
karma

Thanks this fixes bug #1253926 for me.

BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
User Icon mjw commented & provided feedback 4 years ago
karma

sigh, messed up the symbols in the new bodhi. Sorry.

BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
User Icon galileo commented & provided feedback 4 years ago

Fixes #1253926 for me also, thanks!

BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
User Icon tswsl1989 commented & provided feedback 4 years ago
karma

Fixes #1253926

BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
User Icon greg18 commented & provided feedback 4 years ago

wfm

BZ#1165713 Disabling the 'unconfined' module broke setroubleshootd
BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
This update has been submitted for stable by lantw44. 4 years ago
User Icon lantw44 commented & provided feedback 4 years ago
karma

I think it is nice to get this update, but #1245477 still happens when fprintd.service crashes.

BZ#1245477 SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
This update has been pushed to stable 4 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
3
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1165713 Disabling the 'unconfined' module broke setroubleshootd
0
1
BZ#1245477 SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
-1
0
BZ#1250536 SELinux is preventing smsd from read, write access on the chr_file ttyUSB0.
0
0
BZ#1253926 SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
0
6
BZ#1254080 SELinux is preventing pmlogger from 'create' accesses on the lnk_file pmlogger.primary.socket.
0
0

Automated Test Results