Updates for openssh and selinux-policy fixes issue when SELinux user "guest_t" can run sudo command. New packages also fixes bugs mentioned in "Related Bugs"

How to install

sudo dnf upgrade --advisory=FEDORA-2016-99191c4aab

This update has been submitted for testing by lvrabec.

3 years ago

lvrabec edited this update.

3 years ago

lvrabec edited this update.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

User Icon bojan commented & provided feedback 3 years ago
karma

Seems OK here.

User Icon bradw commented & provided feedback 3 years ago
karma

Personal LAMP and mail server running GNOME. All OK.

User Icon pnemade commented & provided feedback 3 years ago
karma

looks good, no issues found yet

User Icon hreindl commented & provided feedback 3 years ago
karma

works for me

This update has been submitted for stable by bodhi.

3 years ago
User Icon heikoada commented & provided feedback 3 years ago
karma

LGTM

User Icon anonymous commented & provided feedback 3 years ago

SELinux is preventing ksmtuned from 'write' accesses on the directory ksm.

* Plugin catchall (100. confidence) suggests ******

Additional Information:

Source Context system_u:system_r:ksmtuned_t:s0

Target Context system_u:object_r:sysfs_t:s0

Target Objects ksm [ dir ]

Source ksmtuned

Source Path ksmtuned

Port <Unknown

Host (removed)

Policy RPM selinux-policy-3.13.1-191.8.fc24.noarch

Selinux Enabled True

Policy Type targeted

Enforcing Mode Enforcing

Host Name (removed)

Platform Linux (removed) 4.7.0 #1 SMP Mon Jul 25 00:18:29 EEST 2016 x86_64 x86_64

Alert Count 7

First Seen 2016-07-27 16:30:20 EEST

Last Seen 2016-08-01 06:56:31 EEST

Raw Audit Messages type=AVC msg=audit(1470023791.305:360): avc: denied { write } for pid=860 comm="ksmtuned" name="ksm" dev="sysfs" ino=658 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0

Hash: ksmtuned,ksmtuned_t,sysfs_t,dir,write

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
6
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
6
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1356245 guest_t can run sudo
0
0
BZ#1357860 guest_t can run sudo
0
0

Automated Test Results

Test Cases

0 0 Test Case OpenSSH