How to install

sudo dnf upgrade --advisory=FEDORA-2017-88b6a06bce
This update has been submitted for testing by lvrabec. 2 years ago
This update has been pushed to testing. 2 years ago
User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

User Icon miabbott commented & provided feedback 2 years ago
karma

I saw some AVC denials on Fedora 26 Atomic Host when using this build.

https://bugzilla.redhat.com/show_bug.cgi?id=1500820

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. 2 years ago
User Icon dustymabe commented & provided feedback 2 years ago

Let's please make sure this doesn't make it to stable in fedora 26 so that we don't block releasing Fedora Atomic Host.

lvrabec edited this update. New build(s): - selinux-policy-3.13.1-260.13.fc26 Removed build(s): - selinux-policy-3.13.1-260.12.fc26 Karma has been reset. 2 years ago
This update has been submitted for testing by lvrabec. 2 years ago
User Icon lvrabec commented & provided feedback 2 years ago

@mlabbott .13.fc26 build fixing your issue.

User Icon lvrabec provided feedback 2 years ago
User Icon lvrabec provided feedback 2 years ago
User Icon bojan commented & provided feedback 2 years ago

With -12, I have problems with the following services:

● systemd-backlight@backlight:intel_backlight.service loaded failed failed Load/ ● systemd-backlight@leds:tpacpi::kbd_backlight.service loaded failed failed Load

Putting SELinux into permissive mode works around the problem.

Has this been addressed in -13 to the best of your knowledge?

User Icon sshambar commented & provided feedback 2 years ago
karma

Fixes 1436026, but doesn't fix 1398907.

Otherwise, system works as expected with no new denials.

BZ#1436026 selinux prevents postfix cleanup from accessing socket based non_smtpd_milters
BZ#1398907 postfix chroot-update has incorrect SELinux label
User Icon bojan commented & provided feedback 2 years ago
karma

Yeah, -13 appears to solve the failures I was seeing with -12.

This update has been pushed to testing. 2 years ago
User Icon imabug provided feedback 2 years ago
karma
BZ#1500820 multiple 'systemd' AVC denials related to 'sysfs'
User Icon thofmann commented & provided feedback 2 years ago
karma

I also saw the sysfs-related denials in .12, works in .13.

BZ#1500820 multiple 'systemd' AVC denials related to 'sysfs'
User Icon miabbott commented & provided feedback 2 years ago
karma

This fixes bz#1500820 for me; the remaining functionality worked fine.

BZ#1500820 multiple 'systemd' AVC denials related to 'sysfs'
This update has been submitted for batched by lvrabec. 2 years ago
This update has been submitted for stable by lvrabec. 2 years ago
This update has been pushed to stable. 2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1398907 postfix chroot-update has incorrect SELinux label
-1
0
BZ#1436026 selinux prevents postfix cleanup from accessing socket based non_smtpd_milters
0
1
BZ#1471545 SElinux prevents postfix from reading /run/systemd/resolve/resolv.conf
0
0
BZ#1487044 SELinux is preventing systemd-logind from 'getattr' accesses on the file /dev/shm/PostgreSQL.188495196.
0
0
BZ#1491427 SELinux is preventing postgres from unix_read, unix_write access on the shared memory Unknown.
0
0
BZ#1497507 Postfix (SMTP): SELinux is preventing smtpd from read, write access on the Datei inet.smtp.
0
0
BZ#1500820 multiple 'systemd' AVC denials related to 'sysfs'
0
3

Automated Test Results