More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=700486


selinux-policy-3.13.1-128.17.fc22

  • We need to require sandbox_web_type attribute in sandbox_x_domain_template().
  • Dontaudit abrt_t to rw lvm_lock_t dir.
  • Allow abrt_t domain to write to kernel msg device.
  • Add interface lvm_dontaudit_rw_lock_dir()
  • ipsec: The NM helper needs to read the SAs
  • ipsec: Allow ipsec management to create ptys

More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=691855

How to install

sudo dnf upgrade --advisory=FEDORA-2015-1bbd3df966
This update has been submitted for testing by lvrabec. 3 years ago
This update has obsoleted [selinux-policy-3.13.1-128.20.fc22](https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9), and has inherited its bugs and notes. 3 years ago
This update has been pushed to testing. 3 years ago
User Icon yaneti commented & provided feedback 3 years ago

works for me

BZ#1273104 SELinux is preventing iscsid from 'create' accesses on the netlink_iscsi_socket Unknown.
BZ#1273252 iscsi not working on 4.2.3, Unable to mount iscsi volumes.
User Icon yaneti provided feedback 3 years ago
karma
User Icon jflory7 commented & provided feedback 3 years ago
karma

In my experiences since this went live, I have not noticed any SELinux errors since updating.

BZ#1276931 SELinux is preventing abrt-hook-ccpp from almost everything
This update has been submitted for stable by bodhi. 3 years ago
User Icon yuwata commented & provided feedback 3 years ago
karma

works for me

User Icon jwakely commented & provided feedback 3 years ago

Still no core files created after this update.

BZ#1276931 SELinux is preventing abrt-hook-ccpp from almost everything
BZ#1245477 SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
This update has been pushed to stable. 3 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1233876 SELinux is preventing systemd-hostnam from 'open' accesses on the file /proc/xen/capabilities.
0
0
BZ#1233877 SELinux is preventing systemd-hostnam from 'read' accesses on the file capabilities.
0
0
BZ#1245477 SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
-1
0
BZ#1261856 /usr/share/nginx/html should be httpd_sys_content_t
0
0
BZ#1269193 SELinux is preventing winbindd from using the 'signull' accesses on a process.
0
0
BZ#1269916 SELinux is preventing systemd-network from getattr access on the file /proc/xen/capabilities
0
0
BZ#1272835 SELinux is preventing /usr/sbin/named from 'name_bind' accesses on the udp_socket port 61000.
0
0
BZ#1273104 SELinux is preventing iscsid from 'create' accesses on the netlink_iscsi_socket Unknown.
0
0
BZ#1273252 iscsi not working on 4.2.3, Unable to mount iscsi volumes.
0
0
BZ#1276170 openvswitch fails to start: netlink_generic_socket
0
0
BZ#1276931 SELinux is preventing abrt-hook-ccpp from almost everything
-1
1

Automated Test Results