How to install

sudo dnf upgrade --advisory=FEDORA-2017-b5e9ce60d2
This update has been submitted for testing by lvrabec. 2 years ago
User Icon chenxiaolong commented & provided feedback 2 years ago

https://bugzilla.redhat.com/show_bug.cgi?id=1505081 seems to be fixed now. I removed my custom module, installed the update, restarted NetworkManager, and it successfully updated systemd-resolved with the DNS info.

BZ#1505081 SELinux policy prevents NetworkManager from updating systemd-resolved
lvrabec edited this update. New build(s): - selinux-policy-3.13.1-283.14.fc27 Removed build(s): - selinux-policy-3.13.1-283.13.fc27 Karma has been reset. 2 years ago
User Icon adamwill commented & provided feedback 2 years ago
karma

Didn't specifically test any of the changes, but boots fine and no new denials in boot and ordinary use.

User Icon adamwill commented & provided feedback 2 years ago
karma

Didn't specifically test any of the changes, but boots fine and no new denials in boot and ordinary use.

User Icon coremodule commented & provided feedback 2 years ago
karma

No denials here, seems to work OK.

User Icon coremodule commented & provided feedback 2 years ago
karma

No denials here, seems to work OK.

User Icon frantisekz commented & provided feedback 2 years ago
karma

System works fine after selinux-policy upgrade.

This update has been pushed to testing. 2 years ago
User Icon anonymous commented & provided feedback 2 years ago

#1503980 nothing changed... Otherwise it's ok :)

BZ#1503980 SELinux is preventing fprintd from 'read' accesses on the katalog 00000000.
User Icon anonymous commented & provided feedback 2 years ago

#1503980 nothing changed... Otherwise it's ok :)

BZ#1503980 SELinux is preventing fprintd from 'read' accesses on the katalog 00000000.
User Icon besser82 commented & provided feedback 2 years ago
karma

Works great! LGTM! =)

User Icon goeran commented & provided feedback 2 years ago
karma

I don't see any of the previous dac_read_search AVCs, so these bugs seem fixed. Otherwise, everything works nicely too.

BZ#1451376 SELinux is preventing abrtd from using the 'dac_read_search' capabilities.
BZ#1471477 SELinux is preventing abrt-dbus from using the 'dac_read_search' capabilities.
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes 2 years ago
This update has been submitted for stable by adamwill. 2 years ago
This update has been pushed to stable. 2 years ago
User Icon bluepencil commented & provided feedback 2 years ago

selinux-policy-3.13.1-283.15 denies permission to allocate RWX Memory:

[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
User Icon bluepencil commented & provided feedback 2 years ago

selinux-policy-3.13.1-283.15 denies permission to allocate RWX Memory:

[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
User Icon bluepencil commented & provided feedback 2 years ago

Sorry, but should clarify that previously described issue with LibClamAV happened just once right after updating selinux-policy from koji.fedoraproject.org and no longer appear after rebooting system :)

User Icon bluepencil commented & provided feedback 2 years ago

Sorry, but should clarify that previously described issue with LibClamAV happened just once right after updating selinux-policy from koji.fedoraproject.org and no longer appear after rebooting system :)


Please login to add feedback.

Metadata
Type
bugfix
Severity
high
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
6
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1434395 SELinux is preventing ntpd from create
0
0
BZ#1442387 SELinux is preventing groupadd from 'write' accesses on the sock_file system_bus_socket.
0
0
BZ#1449673 Selinux prevents winbind. AVC
0
0
BZ#1451376 SELinux is preventing abrtd from using the 'dac_read_search' capabilities.
0
1
BZ#1464773 SELinux is preventing usermod from using the 'dac_read_search' capabilities.
0
0
BZ#1471401 SELinux is preventing systemd from read, write access on the chr_file /dev/input/event9.
0
0
BZ#1471477 SELinux is preventing abrt-dbus from using the 'dac_read_search' capabilities.
0
1
BZ#1473118 SELinux is preventing ibus-daemon from 'read' accesses on the lnk_file /var/lib/dbus/machine-id.
0
0
BZ#1480911 SELinux is preventing abrt-action-sav from 'map' accesses on the file /var/lib/rpm/__db.001.
0
0
BZ#1480912 SELinux is preventing gsettings from 'map' accesses on the file /run/user/42/dconf/user.
0
0
BZ#1480913 SELinux is preventing pulseaudio from 'map' accesses on the chr_file /dev/snd/pcmC0D0c.
0
0
BZ#1480915 SELinux is preventing abrtd from 'map' accesses on the file /var/lib/sss/mc/group.
0
0
BZ#1480916 SELinux is preventing cupsd from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1480917 SELinux is preventing dbus-daemon from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1480918 SELinux is preventing unix_chkpwd from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1480919 SELinux is preventing gdm from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1480920 SELinux is preventing colord from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1481376 selinux prevents cockpit from running
0
0
BZ#1481453 SELinux is preventing sshd from 'map' accesses on the file /var/lib/sss/mc/passwd.
0
0
BZ#1481455 SELinux is preventing abrt-dump-journ from 'map' accesses on the file /run/log/journal/2000656e56500583cc9b884bb121a7b9/system.journal.
0
0
BZ#1481456 SELinux is preventing abrt-action-gen from 'map' accesses on the file /var/spool/abrt/ccpp-2017-08-14-09:18:34.154456-1086/coredump.
0
0
BZ#1481457 SELinux is preventing avahi-daemon from 'map' accesses on the file /var/lib/sss/mc/initgroups.
0
0
BZ#1481458 SELinux is preventing bluetoothd from 'map' accesses on the file /var/lib/bluetooth/00:26:83:16:93:DB/config.
0
0
BZ#1481459 SELinux is preventing colord from 'map' accesses on the file /etc/udev/hwdb.bin.
0
0
BZ#1481460 SELinux is preventing qmgr from 'map' accesses on the file /var/lib/sss/mc/initgroups.
0
0
BZ#1490015 SELinux is preventing systemd-modules from 'map' accesses on the file /usr/lib/modules/4.13.0-1.fc27.x86_64/extra/VirtualBox/vboxdrv.ko.
0
0
BZ#1492635 SELinux is preventing qemu-kvm from 'read, write' accesses on the chr_file /dev/tpm0
0
0
BZ#1494829 Upgrade of selinux-policy produce unnecessary output
0
0
BZ#1498336 GDM fails to start when WaylandEnable=false due to selinux error
0
0
BZ#1498503 SELinux is preventing systemd-sleep from 'create' accesses on the file state.
0
0
BZ#1498587 SELinux is preventing pppd from 'map' accesses on the file /run/ppp/pppd2.tdb.
0
0
BZ#1498861 SELinux is preventing qemu-system-x86 from 'search' accesses on the directory 7838.
0
0
BZ#1499170 ibus not working in fresh Workstation Live install with user account setup in gnome-initial-setup
0
0
BZ#1499498 SELinux is preventing sh from 'search' accesses on the directory /var/lib/sss.
0
0
BZ#1500088 SELinux is preventing boinc_client from 'map' accesses on the fichier /var/lib/boinc/slots/4/boinc_mmap_file.
0
0
BZ#1500089 SELinux is preventing fail2ban-server from 'map' accesses on the fichier /var/log/journal/0d72a028972341f8958a3add7eb07c8f/system.journal.
0
0
BZ#1500122 ovsdb-server fails to start with OVS-2.8.1 with AVC denial
0
0
BZ#1500538 SELinux is preventing tor from 'map' accesses on the file /var/lib/tor/cached-microdescs.
0
0
BZ#1502760 SELinux is preventing fprintd from 'open' accesses on the chr_file /dev/bus/usb/001/007.
0
0
BZ#1503466 SELinux is preventing qemu-system-x86 from 'read' accesses on the soubor cmdline.
0
0
BZ#1503980 SELinux is preventing fprintd from 'read' accesses on the katalog 00000000.
-1
0
BZ#1504493 SELinux is preventing systemd-machine from 'read' accesses on the dossier /var/lib/mock/fedora-rawhide-i386/root.
0
0
BZ#1505081 SELinux policy prevents NetworkManager from updating systemd-resolved
0
0
BZ#1505220 SELinux is preventing nm-l2tp-service from using the 'sigkill' accesses on a process.
0
0
BZ#1505877 SELinux is preventing nmbd from 'map' accesses on the file /var/lib/samba/lock/serverid.tdb.
0
0

Automated Test Results