bugfix update in Fedora 27 for selinux-policy

Status: stable 2 years ago

How to install

sudo dnf upgrade --advisory=FEDORA-2017-5178e6a393

Comments 22

This update has been submitted for testing by lvrabec.

I confirm php-fpm start is now ok (#1502303)

karma: +1 #1502303: +1

No more "check engine" on tilix start

karma: +1 #1509502: +1

Still has no default label for /dev/mqueue

This update addresses quite a number of bugs I had on three very different systems, plus a few more, e.g. #1482354 as well as some other issues for which there were no bugs filed.

karma: +1 #1502303: +1 #1513883: +1 #1509502: +1 #1499390: +1

This update has been pushed to testing.

This update solves #1512783.

#1512783: +1

works for me

karma: +1

Works great! LGTM! =)

karma: +1

This update has been submitted for batched by bodhi.

lvrabec edited this update.

lvrabec edited this update.

lvrabec edited this update.

lvrabec edited this update.

This update has been submitted for stable by lvrabec.

lvrabec edited this update.

This update has been pushed to stable.

[    6.967575] SELinux:  Permission getrlimit in class process not defined in policy.
[    6.969711] SELinux:  Class sctp_socket not defined in policy.
[    6.971703] SELinux:  Class icmp_socket not defined in policy.
[    6.973675] SELinux:  Class ax25_socket not defined in policy.
[    6.975587] SELinux:  Class ipx_socket not defined in policy.
[    6.977443] SELinux:  Class netrom_socket not defined in policy.
[    6.979247] SELinux:  Class atmpvc_socket not defined in policy.
[    6.980982] SELinux:  Class x25_socket not defined in policy.
[    6.982719] SELinux:  Class rose_socket not defined in policy.
[    6.984466] SELinux:  Class decnet_socket not defined in policy.
[    6.986209] SELinux:  Class atmsvc_socket not defined in policy.
[    6.987887] SELinux:  Class rds_socket not defined in policy.
[    6.989508] SELinux:  Class irda_socket not defined in policy.
[    6.991139] SELinux:  Class pppox_socket not defined in policy.
[    6.992769] SELinux:  Class llc_socket not defined in policy.
[    6.994392] SELinux:  Class can_socket not defined in policy.
[    6.995948] SELinux:  Class tipc_socket not defined in policy.
[    6.997448] SELinux:  Class bluetooth_socket not defined in policy.
[    6.998951] SELinux:  Class iucv_socket not defined in policy.
[    7.000461] SELinux:  Class rxrpc_socket not defined in policy.
[    7.001974] SELinux:  Class isdn_socket not defined in policy.
[    7.003430] SELinux:  Class phonet_socket not defined in policy.
[    7.004834] SELinux:  Class ieee802154_socket not defined in policy.
[    7.006186] SELinux:  Class caif_socket not defined in policy.
[    7.007483] SELinux:  Class alg_socket not defined in policy.
[    7.008724] SELinux:  Class nfc_socket not defined in policy.
[    7.009899] SELinux:  Class vsock_socket not defined in policy.
[    7.011077] SELinux:  Class kcm_socket not defined in policy.
[    7.012198] SELinux:  Class qipcrtr_socket not defined in policy.
[    7.013266] SELinux:  Class smc_socket not defined in policy.
[    7.014334] SELinux: the above unknown classes and permissions will be allowed

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 6
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 23

00 #1451479 virtualbox needs more selinux privileges
0+1 #1499390 SELinux is preventing ibus-daemon from using the 'signull' accesses on a process.
00 #1501331
0+2 #1502303 php-fpm crashed with default SELinux settings
0+3 #1509502 SELinux is preventing bwrap from nnp_transition, nosuid_transition access on the process2 Unknown.
00 #1510249 SELinux is preventing tlp from 'write' accesses on the file lock_tlp.
00 #1511269 Startup failures due to AVCs
00 #1511948 SELinux is preventing nm-dhcp-helper from 'connectto' accesses on the unix_stream_socket /run/NetworkManager/private-dhcp.
00 #1512128 Selinux prevents rpc.gssd and sshd from talking to the new SSSD kerberos key store
00 #1512227 SELinux is preventing net from 'map' accesses on the file /var/lib/samba/lock/gencache_notrans.tdb.
0+1 #1512242 SELinux is preventing geary from 'map' accesses on the fifo_file fifo_file.
00 #1512560 SELinux is preventing firewalld from 'map' accesses on the device /dev/vda1.
0+1 #1512783 Docker embedded DNS doesn't function when running with SELinux and --userns-remap
00 #1512787 SELinux is preventing lircd from 'execute' accesses on the file /usr/bin/bash.
00 #1513399 avc: denied { map } for systemd on modules.dep.bin
00 #1513704 nssdb auth doesn't work with selinux enforcing due to map permissions denials
00 #1513832 SELINUX Confined user (staff_t) cannot log in via GDM
0+1 #1513883 SELinux is preventing gnome-shell from 'execute' accesses on the file 2F72756E2F676E6F6D652D696E697469616C2D73657475702F233232343434202864656C6574656429.
00 #1513908 SELinux is preventing smb from 'map' accesses on the file /var/lib/samba/lock/gencache_notrans.tdb.
00 #1514232 selinux - squid fails to start
00 #1514284 Cannot start slapd
00 #1514797 SELinux is preventing gnome-shell from using the 'signull' accesses on a process.
00 #1514865 selinux preventing php-fpm from starting when apcu is enabled

Automated Test Results