stable

selinux-policy-3.13.1-225.10.fc25

FEDORA-2017-31d4ea5eb1 created by lvrabec 7 years ago for Fedora 25

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-31d4ea5eb1

This update has been submitted for testing by lvrabec.

7 years ago
User Icon leigh123linux commented & provided feedback 7 years ago
karma

WFM

jwrdegoede edited this update.

7 years ago
User Icon mschorm commented & provided feedback 7 years ago
karma

MariaDB Cracklib plugin works well with this update.

User Icon anonymous commented & provided feedback 7 years ago

NVIDIA proprietary driver's kernel module blocking:

SELinux is preventing modprobe from module_load access on the system /usr/lib/modules/4.10.0/kernel/drivers/video/nvidia.ko

Source Context                system_u:system_r:insmod_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:modules_object_t:s0
Target Objects                /usr/lib/modules/4.10.0/kernel/drivers/vid
                          eo/nvidia.ko [ system ]
Policy RPM                    selinux-policy-3.13.1-225.9.fc25.noarch
Policy Type                   targeted
Enforcing Mode                Enforcing
Platform                      Linux  4.10.0 #1 SMP Mon
                          Feb 20 23:37:16 EET 2017 x86_64 x86_64
Alert Count                   22
First Seen                    2017-02-21 07:54:29 EET
Last Seen                     2017-02-21 07:55:48 EET

Raw Audit Messages                                                                                                            
type=AVC msg=audit(1487656548.807:163): avc:  denied  { module_load } for  pid=1013 comm="modprobe" path="/usr/lib/modules/4.10.0/kernel/drivers/video/nvidia.ko" dev="sda2" ino=2894558 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:modules_object_t:s0 tclass=system permissive=0


Hash: modprobe,insmod_t,modules_object_t,system,module_load
User Icon anonymous commented & provided feedback 7 years ago

An alert message during relabeling filesystem shows:

filespec_add: conflicting specifications for /usr/sbin/sln and /usr/sbin/ldconfig, using system_u:object_r:ldconfig_exec_t:s0

And then a sequnce of similar messages refering to files from Qt -debug packages.

User Icon kuosmanen commented & provided feedback 7 years ago
karma

NVIDIA not working

User Icon anonymous commented & provided feedback 7 years ago
SELinux is preventing abrt-action-not from write access on the directory /usr/lib64/python3.5/site-packages/problem/__pycache__.

SELinux is preventing abrt-action-not from write access on the directory /usr/lib64/python3.5/site-packages/report/__pycache__.

SELinux is preventing abrt-action-not from write access on the directory /usr/lib64/python3.5/site-packages/reportclient/__pycache__.

SELinux is preventing abrt-action-not from write access on the directory /usr/lib64/python3.5/site-packages/report/io/__pycache__.
User Icon leigh123linux commented & provided feedback 7 years ago
karma

WFM

User Icon anonymous commented & provided feedback 7 years ago

Seems, it somehow begins to resemble a vote of choosing between WFM and NWFM ((:))

User Icon lslebodn commented & provided feedback 7 years ago
karma

+1 it also fixes BZ1411437

User Icon anonymous commented & provided feedback 7 years ago

Pity, that it cannot fix yet Munich's city council ((:))

User Icon dhgutteridge commented & provided feedback 7 years ago
karma

No regressions noted. (The python cache error noted by an anonymous reporter may be an issue with a python update, if he/she has the 3.5.3 version that was in testing earlier this month, and then was un-pushed. I was seeing the same errors due to it.)

User Icon anonymous commented & provided feedback 7 years ago

@dhgutteridge

Thank you for clue about python. Yes, it's indeed as you wrote.

But all Nvidia proprietary driver users should be very upset after receiving this update.

lvrabec edited this update.

New build(s):

  • selinux-policy-3.13.1-225.10.fc25

Removed build(s):

  • selinux-policy-3.13.1-225.9.fc25
7 years ago
User Icon anonymous commented & provided feedback 7 years ago

@dhgutteridge

I've catched the ball before the bound somehow about Python. Even with 3.5.2-4, it turned out that it's not indeed as you wrote, except that with 225.10 modprobe will still load Nvidia only after creating own policy... 🎪

This update has been pushed to testing.

7 years ago
User Icon nanonyme commented & provided feedback 7 years ago
karma

Works for me

BZ#1419944 SELinux issues with libGLdispatch.so.0.0.0 with move to libglvnd
User Icon dhgutteridge commented & provided feedback 7 years ago
karma

No regressions noted.

User Icon jwrdegoede commented & provided feedback 7 years ago
karma

This fixes #1419944 for me, +1

BZ#1419944 SELinux issues with libGLdispatch.so.0.0.0 with move to libglvnd
User Icon leigh123linux commented & provided feedback 7 years ago
karma

WFM

User Icon anonymous commented & provided feedback 7 years ago

😏 Policy RPM selinux-policy-3.13.1-225.10.fc25.noarch

Last Seen 2017-02-23 05:06:47 EET:

SELinux is preventing abrt-action-not from write access on the directory /usr/lib64/python3.5/site-packages/dbus/__pycache__.

Last Seen 2017-02-23 06:49:47 EET:

SELinux is preventing ksmtuned from write access on the directory ksm.

Last Seen 2017-02-23 23:10:27 EET:

SELinux is preventing accounts-daemon from read access on the lnk_file .cache.

Last Seen 2017-02-23 23:10:33 EET:

SELinux is preventing sddm-greeter from read access on the file core_pattern.

Last Seen 2017-02-23 23:10:33 EET:

SELinux is preventing kdm_greet from read access on the lnk_file default.png.

Last Seen 2017-02-23 23:10:43 EET:

SELinux is preventing sddm-helper from create access on the file xsession-errors.

& my-modprobe for Nvidia ))

User Icon bojan commented & provided feedback 7 years ago
karma

Looks OK here on x86_64.

User Icon cserpentis commented & provided feedback 7 years ago
karma

works for me so far, no regressions noted

User Icon nonamedotc commented & provided feedback 7 years ago
karma

no new alerts noticed. seems to work for me.

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago
User Icon anonymous commented & provided feedback 7 years ago

I do not know whether there was any reason to implement in policy Nvidia proprietary drivers blockings when other errors peacefully wander there from update to upgrade.

But if there were something like codenames, this issue could be called:

'We're so up to speed on f***ing!'

User Icon valeriodean commented & provided feedback 7 years ago

So, do you know why I'm here?

Let me to infor you: AFTER the last update my screen looks like a 950x600 on a fullhd monitor.

1) I though about an nvidia driver issue, then tried to launch the previous kernel 4.10 (instead of the last one, 4.11)

2) same results. Then in the terminal i tried "glxinfo -B" and discovered that instead of the nvidia driver I was on Gallium

3) Then I googled for a solution and found this: https://devtalk.nvidia.com/default/topic/996408/quadro-k620-on-fedora-25-unable-to-load-the-nvidia-drm-/?offset=10 At some point someone posted that a workaround is to put selinux in permissive mode

4) I tried and it works

5) From the same post I jump here just to discover that the issue with the nvidia driver was WELL KNOWN and beautifully ignored.

What was the purpose? Do you want so much a giant middle finger in your face?

"This update has been pushed to stable".... yes, from a bunch of idiots.

User Icon lslebodn commented & provided feedback 7 years ago

@valeriodean, I tell you a secret. I know it's too late but you should report a bug to fedora with SELinux Troublesooter or even better contribute a fix to fedora selinux-policy https://github.com/fedora-selinux/selinux-policy.git

User Icon lslebodn commented & provided feedback 7 years ago

And the most important that nobody gave negative karma because anonymous voices do not count.

User Icon anonymous commented & provided feedback 7 years ago

You hear that @kuosmanen? You're an anonymous voice who doesn't count.

User Icon lslebodn commented & provided feedback 7 years ago

I missed @kuosmanen in history. Disclaimer: I am not selinux-policy maintainer


Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
7
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
7
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1419944 SELinux issues with libGLdispatch.so.0.0.0 with move to libglvnd
0
2

Automated Test Results