How to install

sudo dnf upgrade --advisory=FEDORA-2017-8225c4e502

This update has been submitted for testing by lvrabec.

2 years ago
User Icon miabbott commented & provided feedback 2 years ago
karma

I replaced the selinux-policy packages on a Fedora 27 Atomic Host with this build and ran into the following BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1525589

User Icon miabbott commented & provided feedback 2 years ago

Additionally, BZ#1510139 still seems to persist with this build

BZ#1510139 Can't run systemd in non-privileged container
User Icon miabbott commented & provided feedback 2 years ago

Additionally, BZ#1510139 still seems to persist with this build

BZ#1510139 Can't run systemd in non-privileged container

This update has been pushed to testing.

2 years ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago
User Icon sailer provided feedback 2 years ago
BZ#1508659 SELinux is preventing ypbind from 'write' accesses on the sock_file rpcbind.sock.
User Icon sailer commented & provided feedback 2 years ago

1508659 does not seem to be solved either

BZ#1508659 SELinux is preventing ypbind from 'write' accesses on the sock_file rpcbind.sock.
User Icon goodmirek commented & provided feedback 2 years ago
BZ#1519810 SELinux is preventing charon-nm from 'map' accesses on the file /home/mirek/.pki/goodboyKey.der.
User Icon goodmirek commented & provided feedback 2 years ago
BZ#1519810 SELinux is preventing charon-nm from 'map' accesses on the file /home/mirek/.pki/goodboyKey.der.
User Icon goodmirek commented & provided feedback 2 years ago
BZ#1519810 SELinux is preventing charon-nm from 'map' accesses on the file /home/mirek/.pki/goodboyKey.der.

Does not solve the already mentioned bugs.

User Icon goeran provided feedback 2 years ago
karma
BZ#1521137 cupsd_t accesses font files using "map"
BZ#1447909 SELinux is preventing sendmail from 'write' accesses on the sock_file system_bus_socket.
User Icon goeran commented & provided feedback 2 years ago
karma

This upgrade fixes #1521137 but not #1447909. Nothing breaks for me that wasn't already broken, so still positive overall.

BZ#1521137 cupsd_t accesses font files using "map"
BZ#1447909 SELinux is preventing sendmail from 'write' accesses on the sock_file system_bus_socket.
User Icon alansh42 commented & provided feedback 2 years ago
karma

It fixes #1516816, but breaks aide.

BZ#1516816 [antivirus_t] SELinux is preventing /usr/sbin/amavi from map access on the file /var/spool/amavisd/db/__db.001
User Icon bojan commented & provided feedback 2 years ago
karma

No regressions noticed.

User Icon adelton commented & provided feedback 2 years ago
karma
BZ#1520033 systemd containers now cause AVC denials about init_t and container_file_t
User Icon adelton commented & provided feedback 2 years ago
karma
BZ#1520033 systemd containers now cause AVC denials about init_t and container_file_t
User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

User Icon tibbs commented & provided feedback 2 years ago
karma

Fixes 1524256 for me.

BZ#1524256 arpwatch fails to start on fc27 due to selinux denials
User Icon tibbs commented & provided feedback 2 years ago
karma

Fixes 1524256 for me.

BZ#1524256 arpwatch fails to start on fc27 due to selinux denials
User Icon renault commented & provided feedback 2 years ago
karma

Seems good

User Icon jayjayjazz commented & provided feedback 2 years ago
karma

Works fine for me.

lvrabec edited this update.

New build(s):

  • selinux-policy-3.13.1-283.19.fc27

Removed build(s):

  • selinux-policy-3.13.1-283.18.fc27

Karma has been reset.

2 years ago

This update has been submitted for testing by lvrabec.

2 years ago
User Icon lvrabec commented & provided feedback 2 years ago

I fixed some bugs related to selinux-policy from this thread and add couple of new ones from bugzilla.

User Icon adelton provided feedback 2 years ago
karma
BZ#1510139 Can't run systemd in non-privileged container
User Icon pp3345 commented & provided feedback 2 years ago
karma

wfm, fixes 1526722

BZ#1526722 SELinux prevents dbus signals and method calls from/to ModemManager

This update has been pushed to testing.

2 years ago
User Icon bt0dotninja commented & provided feedback 2 years ago
karma

WFM

User Icon goeran commented & provided feedback 2 years ago
karma

The fix for #1521137 is good in this release too, and I don't see anything new broken.

BZ#1521137 cupsd_t accesses font files using "map"
User Icon djuran commented & provided feedback 2 years ago
karma

Solves Bz 1519729

BZ#1519729 SELinux is preventing imap from 'map' accesses on the file /home/.../dovecot.index.log.
User Icon dhgutteridge commented & provided feedback 2 years ago
karma

No regressions noted.

User Icon alciregi commented & provided feedback 2 years ago
karma

It looks good

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

2 years ago

This update has been submitted for batched by lvrabec.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
high
Karma
7
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1436048 SELinux prevents openvpn from starting when using a tunnel device managed by NetworkManager
0
0
BZ#1447909 SELinux is preventing sendmail from 'write' accesses on the sock_file system_bus_socket.
0
0
BZ#1452783 SELinux is preventing plugin-containe from 'read' accesses on the file libwidevinecdm.so.
0
0
BZ#1478642 openvpn-server@service writes status-server.log to a directory with selinux write denials
0
0
BZ#1500737 SELinux is preventing gsf-office-thum from 'map' accesses on the fichier 2F72756E2F6D656469612F746573742F363346363534303632374143324430362F4C69737465206465732070726F6772616D6D65206E6F6E20646973706F20706F7572206665646F72612032372E6F6473.
0
0
BZ#1507476 slapd can not map it's database to memeory
0
0
BZ#1508659 SELinux is preventing ypbind from 'write' accesses on the sock_file rpcbind.sock.
0
0
BZ#1510139 Can't run systemd in non-privileged container
-1
0
BZ#1513704 nssdb auth doesn't work with selinux enforcing due to map permissions denials
0
0
BZ#1514093 SELinux is preventing mandb from 'map' accesses on the archivo /var/cache/man/2883.
0
0
BZ#1515849 SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns Unknown.
0
0
BZ#1515956 SELinux is preventing pulseaudio from 'map' accesses on the file /home/gholms/.config/pulse/1aed1b1d684145f0b3b77b0530662854-card-database.tdb.
0
0
BZ#1515961 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
0
0
BZ#1515965 SELinux is preventing gnome-keyring-d from 'write' accesses on the sock_file system_bus_socket.
0
0
BZ#1516282 SELinux is preventing cups-pdf from 'read' accesses on the directory /etc/cups.
0
0
BZ#1516816 [antivirus_t] SELinux is preventing /usr/sbin/amavi from map access on the file /var/spool/amavisd/db/__db.001
0
0
BZ#1516899 [mysqld_t] SELinux is preventing mysqld from map access on the file /var/tmp/#sql_3f2_0.MAD
0
0
BZ#1517124 SELinux is preventing smbclient from 'map' accesses on the file /var/lib/samba/lock/gencache_notrans.tdb.
0
0
BZ#1517125 SELinux is preventing gsf-office-thum from 'map' accesses on the file /tmp/gnome-desktop-file-to-thumbnail.xlsx.
0
0
BZ#1517395 SELinux is preventing pmlogger_check from 'execute_no_trans' accesses on the archivo /usr/bin/pmlogger.
0
0
BZ#1517405 SELinux is preventing plymouthd from 'map' accesses on the chr_file /dev/fb0.
0
0
BZ#1517447 SELinux is preventing dovecot-lda from map access on the file /var/spool/mail/vdomains/example.com/user/Maildir/dovecot.index.
0
0
BZ#1517449 SELinux is preventing imap from map access on the file /var/spool/mail/vdomains/example.com/user/Maildir/dovecot.index
0
0
BZ#1517517 SELinux is preventing evince-thumbnai from 'map' accesses on the файл /tmp/gnome-desktop-file-to-thumbnail.djvu.
0
0
BZ#1517541 [git_script_t] SELinux is preventing git from map access on the file /var/lib/git/ansible.git/objects/pack/pack-277152cd4f4e150f5bdd3c0a5d13bbf9eb946d69.idx
0
0
BZ#1517720 SELinux is preventing gsf-office-thum from 'map' accesses on the tiedosto /run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt.
0
0
BZ#1518382 SELinux is preventing colord from 'map' accesses on the file /run/gnome-initial-setup/.local/share/icc/edid-aca41ed5ad1cf4faeb4f014fe52c1e3b.icc.
0
0
BZ#1518864 dbus-broker fails due to mmap denial
0
0
BZ#1519565 SELinux is preventing charon-nm from 'map' accesses on the file /etc/pki/tls/certs/Makefile.
0
0
BZ#1519729 SELinux is preventing imap from 'map' accesses on the file /home/.../dovecot.index.log.
0
1
BZ#1519810 SELinux is preventing charon-nm from 'map' accesses on the file /home/mirek/.pki/goodboyKey.der.
0
0
BZ#1519824 SELinux is preventing cat from 'read' accesses on the file last_pwr.
0
0
BZ#1519948 SELinux denial new in F27
0
0
BZ#1519966 Missing policy for mysqld_safe_helper
0
0
BZ#1520033 systemd containers now cause AVC denials about init_t and container_file_t
0
0
BZ#1520775 SELinux is preventing mandb from 'write' accesses on the sock_file /var/lib/sss/pipes/nss.
0
0
BZ#1521125 SELinux is preventing rpc.gssd from 'read' accesses on the file /var/lib/ipa-client/pki/kdc-ca-bundle.pem.
0
0
BZ#1521137 cupsd_t accesses font files using "map"
0
1
BZ#1524256 arpwatch fails to start on fc27 due to selinux denials
0
0
BZ#1526722 SELinux prevents dbus signals and method calls from/to ModemManager
0
1
BZ#1527173 SELinux is preventing certutil from 'map' accesses on the fichier /etc/pki/ca-trust/source/README.
0
0

Automated Test Results