FEDORA-2017-8225c4e502

bugfix update in Fedora 27 for selinux-policy

Status: stable 2 years ago

How to install

sudo dnf upgrade --advisory=FEDORA-2017-8225c4e502

Comments 38

This update has been submitted for testing by lvrabec.

I replaced the selinux-policy packages on a Fedora 27 Atomic Host with this build and ran into the following BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1525589

karma: -1

Additionally, BZ#1510139 still seems to persist with this build

#1510139: -1

Additionally, BZ#1510139 still seems to persist with this build

#1510139: -1

This update has been pushed to testing.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

1508659 does not seem to be solved either

#1508659: -1

Does not solve the already mentioned bugs.

This upgrade fixes #1521137 but not #1447909. Nothing breaks for me that wasn't already broken, so still positive overall.

karma: +1 #1521137: +1 #1447909: -1

It fixes #1516816, but breaks aide.

karma: -1 #1516816: +1

No regressions noticed.

karma: +1

works for me

karma: +1

Fixes 1524256 for me.

karma: +1 #1524256: +1

Fixes 1524256 for me.

karma: +1 #1524256: +1

Seems good

karma: +1

Works fine for me.

karma: +1

lvrabec edited this update.

New build(s):

  • selinux-policy-3.13.1-283.19.fc27

Removed build(s):

  • selinux-policy-3.13.1-283.18.fc27

Karma has been reset.

This update has been submitted for testing by lvrabec.

I fixed some bugs related to selinux-policy from this thread and add couple of new ones from bugzilla.

wfm, fixes 1526722

karma: +1 #1526722: +1

This update has been pushed to testing.

The fix for #1521137 is good in this release too, and I don't see anything new broken.

karma: +1 #1521137: +1

Solves Bz 1519729

karma: +1 #1519729: +1

No regressions noted.

karma: +1

It looks good

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

This update has been submitted for batched by lvrabec.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
bugfix
Update Severity
high
Karma
+7
stable threshold: 7
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 42

00 #1436048 SELinux prevents openvpn from starting when using a tunnel device managed by NetworkManager
00 #1447909 SELinux is preventing sendmail from 'write' accesses on the sock_file system_bus_socket.
00 #1452783 SELinux is preventing plugin-containe from 'read' accesses on the file libwidevinecdm.so.
00 #1478642 openvpn-server@service writes status-server.log to a directory with selinux write denials
00 #1500737 SELinux is preventing gsf-office-thum from 'map' accesses on the fichier 2F72756E2F6D656469612F746573742F363346363534303632374143324430362F4C69737465206465732070726F6772616D6D65206E6F6E20646973706F20706F7572206665646F72612032372E6F6473.
00 #1501331
00 #1507476 slapd can not map it's database to memeory
00 #1508659 SELinux is preventing ypbind from 'write' accesses on the sock_file rpcbind.sock.
-10 #1510139 Can't run systemd in non-privileged container
00 #1513704 nssdb auth doesn't work with selinux enforcing due to map permissions denials
00 #1514093 SELinux is preventing mandb from 'map' accesses on the archivo /var/cache/man/2883.
00 #1515849 SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns Unknown.
00 #1515956 SELinux is preventing pulseaudio from 'map' accesses on the file /home/gholms/.config/pulse/1aed1b1d684145f0b3b77b0530662854-card-database.tdb.
00 #1515961 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
00 #1515965 SELinux is preventing gnome-keyring-d from 'write' accesses on the sock_file system_bus_socket.
00 #1516282 SELinux is preventing cups-pdf from 'read' accesses on the directory /etc/cups.
00 #1516816 [antivirus_t] SELinux is preventing /usr/sbin/amavi from map access on the file /var/spool/amavisd/db/__db.001
00 #1516899 [mysqld_t] SELinux is preventing mysqld from map access on the file /var/tmp/#sql_3f2_0.MAD
00 #1517124 SELinux is preventing smbclient from 'map' accesses on the file /var/lib/samba/lock/gencache_notrans.tdb.
00 #1517125 SELinux is preventing gsf-office-thum from 'map' accesses on the file /tmp/gnome-desktop-file-to-thumbnail.xlsx.
00 #1517395 SELinux is preventing pmlogger_check from 'execute_no_trans' accesses on the archivo /usr/bin/pmlogger.
00 #1517405 SELinux is preventing plymouthd from 'map' accesses on the chr_file /dev/fb0.
00 #1517447 SELinux is preventing dovecot-lda from map access on the file /var/spool/mail/vdomains/example.com/user/Maildir/dovecot.index.
00 #1517449 SELinux is preventing imap from map access on the file /var/spool/mail/vdomains/example.com/user/Maildir/dovecot.index
00 #1517517 SELinux is preventing evince-thumbnai from 'map' accesses on the файл /tmp/gnome-desktop-file-to-thumbnail.djvu.
00 #1517541 [git_script_t] SELinux is preventing git from map access on the file /var/lib/git/ansible.git/objects/pack/pack-277152cd4f4e150f5bdd3c0a5d13bbf9eb946d69.idx
00 #1517720 SELinux is preventing gsf-office-thum from 'map' accesses on the tiedosto /run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt.
00 #1518382 SELinux is preventing colord from 'map' accesses on the file /run/gnome-initial-setup/.local/share/icc/edid-aca41ed5ad1cf4faeb4f014fe52c1e3b.icc.
00 #1518864 dbus-broker fails due to mmap denial
00 #1519565 SELinux is preventing charon-nm from 'map' accesses on the file /etc/pki/tls/certs/Makefile.
0+1 #1519729 SELinux is preventing imap from 'map' accesses on the file /home/.../dovecot.index.log.
00 #1519810 SELinux is preventing charon-nm from 'map' accesses on the file /home/mirek/.pki/goodboyKey.der.
00 #1519824 SELinux is preventing cat from 'read' accesses on the file last_pwr.
00 #1519948 SELinux denial new in F27
00 #1519966 Missing policy for mysqld_safe_helper
00 #1520033 systemd containers now cause AVC denials about init_t and container_file_t
00 #1520775 SELinux is preventing mandb from 'write' accesses on the sock_file /var/lib/sss/pipes/nss.
00 #1521125 SELinux is preventing rpc.gssd from 'read' accesses on the file /var/lib/ipa-client/pki/kdc-ca-bundle.pem.
0+1 #1521137 cupsd_t accesses font files using "map"
00 #1524256 arpwatch fails to start on fc27 due to selinux denials
0+1 #1526722 SELinux prevents dbus signals and method calls from/to ModemManager
00 #1527173 SELinux is preventing certutil from 'map' accesses on the fichier /etc/pki/ca-trust/source/README.

Automated Test Results