Update with the latest fixes for selinux-policy. Update fixes important bug with nfs.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-f24b3ddc6a

This update has been submitted for testing by lvrabec.

3 years ago
User Icon mattia commented & provided feedback 3 years ago
karma

Fixes problems with rpcbind and NFS mounts.

BZ#1402083 SELinux prevents systemd from starting nfs.service
BZ#1402427 NFS mounts fail due to SELinux denial for rpcbind.socket on /run/rpc.statd.lock
BZ#1402667 nfs home can not be mounted after latest policycoreutils update
User Icon cpanceac commented & provided feedback 3 years ago
karma

Fixes my NFS problems.

BZ#1402667 nfs home can not be mounted after latest policycoreutils update
User Icon dhgutteridge commented & provided feedback 3 years ago
karma

No regressions noted.

Re. #1275961, I was intermittently experiencing that issue, but it's hard to test for, as I don't know what was triggering it. I'll follow up if I can confirm it's fixed for me.

Also, another user reported being unable to create new VMs after previous updates to this package. I can't duplicate that problem: I just successfully created a new VM from scratch in virt-manager.

This update has been pushed to testing.

3 years ago
User Icon alexpl commented & provided feedback 3 years ago
karma

No more rpcbind errors, and the messages from #1275961 are gone, though I'm not really sure if that was a bug. I'll ask around.

BZ#1275961 SELinux is preventing 57656220436F6E74656E74 from 'create' accesses on the rawip_socket Unknown.
BZ#1402427 NFS mounts fail due to SELinux denial for rpcbind.socket on /run/rpc.statd.lock
User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

User Icon ericb commented & provided feedback 3 years ago

Fixed NFS mounting for me

BZ#1402083 SELinux prevents systemd from starting nfs.service
User Icon bojan commented & provided feedback 3 years ago
karma

Looks OK here (x86_64).

User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

This update has been submitted for stable by bodhi.

3 years ago
User Icon heikoada commented & provided feedback 3 years ago
karma

LGTM

This update has been pushed to stable.

3 years ago
User Icon jsteffan commented & provided feedback 3 years ago

Thanks. This fixes nfs-server not starting for me.

User Icon jsteffan provided feedback 3 years ago
BZ#1402083 SELinux prevents systemd from starting nfs.service
User Icon anonymous commented & provided feedback 3 years ago

SELinux is preventing accounts-daemon from read access on the lnk_file .cache

Additional Information:

Source Context system_u:system_r:accountsd_t:s0

Target Context unconfined_u:object_r:cache_home_t:s0

Target Objects .cache [ lnk_file

Source accounts-daemon

Source Path accounts-daemon

Port <Unknown

Policy RPM <Unknown

Selinux Enabled True

Policy Type targeted

Enforcing Mode Enforcing

Platform Linux 4.10.0-rc2 #1 SMP Mon Jan 2 21:54:59 EET 2017 x86_64 x86_64

Alert Count 14

First Seen 2016-12-27 21:50:12 EET

Last Seen 2017-01-03 14:26:26 EET

Raw Audit Messages

type=AVC msg=audit(1483446386.661:95): avc: denied { read } for pid=746 comm="accounts-daemon" name=".cache" dev="sdb2" ino=1835058 scontext=system_u:system_r:accountsd_t:s0 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=lnk_file permissive=0

Hash: accounts-daemon,accountsd_t,cache_home_t,lnk_file,read


Please login to add feedback.

Metadata
Type
bugfix
Karma
8
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
8
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1275961 SELinux is preventing 57656220436F6E74656E74 from 'create' accesses on the rawip_socket Unknown.
0
1
BZ#1378164 spamassassin triggers selinux alert
0
0
BZ#1398852 SELinux is preventing iptables.init from 'execute_no_trans' accesses on the file /usr/bin/plymouth.
0
0
BZ#1400559 SELinux is preventing ruby from 'create' accesses on the netlink_connector_socket Unknown.
0
0
BZ#1401233 SELinux is preventing iw from 'ioctl' accesses on the unix_dgram_socket unix_dgram_socket.
0
0
BZ#1401375 SELinux is preventing lircd from 'search' accesses on the directory /var/lib/sss.
0
0
BZ#1401827 SELinux is preventing svnserve from 'getattr' accesses on the chr_file /dev/random.
0
0
BZ#1402083 SELinux prevents systemd from starting nfs.service
0
3
BZ#1402327 SELinux is preventing pptpcm from 'read' accesses on the chr_file random.
0
0
BZ#1402427 NFS mounts fail due to SELinux denial for rpcbind.socket on /run/rpc.statd.lock
0
2
BZ#1402667 nfs home can not be mounted after latest policycoreutils update
0
2

Automated Test Results