stable

openssh-7.2p2-11.fc24 and selinux-policy-3.13.1-191.8.fc24

FEDORA-2016-99191c4aab created by lvrabec 8 years ago for Fedora 24

Updates for openssh and selinux-policy fixes issue when SELinux user "guest_t" can run sudo command. New packages also fixes bugs mentioned in "Related Bugs"

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-99191c4aab

This update has been submitted for testing by lvrabec.

8 years ago

lvrabec edited this update.

8 years ago

lvrabec edited this update.

8 years ago

This update has been pushed to testing.

8 years ago
User Icon cserpentis commented & provided feedback 8 years ago
karma

works for me

User Icon bojan commented & provided feedback 8 years ago
karma

Seems OK here.

User Icon bradw commented & provided feedback 8 years ago
karma

Personal LAMP and mail server running GNOME. All OK.

User Icon pnemade commented & provided feedback 8 years ago
karma

looks good, no issues found yet

User Icon hreindl commented & provided feedback 8 years ago
karma

works for me

This update has been submitted for stable by bodhi.

8 years ago
User Icon heikoada commented & provided feedback 8 years ago
karma

LGTM

User Icon anonymous commented & provided feedback 8 years ago

SELinux is preventing ksmtuned from 'write' accesses on the directory ksm.

* Plugin catchall (100. confidence) suggests ******

Additional Information:

Source Context system_u:system_r:ksmtuned_t:s0

Target Context system_u:object_r:sysfs_t:s0

Target Objects ksm [ dir ]

Source ksmtuned

Source Path ksmtuned

Port <Unknown

Host (removed)

Policy RPM selinux-policy-3.13.1-191.8.fc24.noarch

Selinux Enabled True

Policy Type targeted

Enforcing Mode Enforcing

Host Name (removed)

Platform Linux (removed) 4.7.0 #1 SMP Mon Jul 25 00:18:29 EEST 2016 x86_64 x86_64

Alert Count 7

First Seen 2016-07-27 16:30:20 EEST

Last Seen 2016-08-01 06:56:31 EEST

Raw Audit Messages type=AVC msg=audit(1470023791.305:360): avc: denied { write } for pid=860 comm="ksmtuned" name="ksm" dev="sysfs" ino=658 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0

Hash: ksmtuned,ksmtuned_t,sysfs_t,dir,write

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
6
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-2
Stable by Karma
6
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
modified
8 years ago
BZ#1356245 guest_t can run sudo
0
0
BZ#1357860 guest_t can run sudo
0
0

Automated Test Results

Test Cases

0 0 Test Case OpenSSH