FEDORA-2017-b5e9ce60d2

bugfix update in Fedora 27 for selinux-policy

Status: stable 2 years ago

How to install

sudo dnf upgrade --advisory=FEDORA-2017-b5e9ce60d2

Comments 20

This update has been submitted for testing by lvrabec.

https://bugzilla.redhat.com/show_bug.cgi?id=1505081 seems to be fixed now. I removed my custom module, installed the update, restarted NetworkManager, and it successfully updated systemd-resolved with the DNS info.

#1505081: +1

lvrabec edited this update.

New build(s):

  • selinux-policy-3.13.1-283.14.fc27

Removed build(s):

  • selinux-policy-3.13.1-283.13.fc27

Karma has been reset.

Didn't specifically test any of the changes, but boots fine and no new denials in boot and ordinary use.

karma: +1

Didn't specifically test any of the changes, but boots fine and no new denials in boot and ordinary use.

karma: +1

No denials here, seems to work OK.

karma: +1

No denials here, seems to work OK.

karma: +1

System works fine after selinux-policy upgrade.

karma: +1

This update has been pushed to testing.

#1503980 nothing changed... Otherwise it's ok :)

#1503980: -1

#1503980 nothing changed... Otherwise it's ok :)

#1503980: -1

Works great! LGTM! =)

karma: +1

I don't see any of the previous dac_read_search AVCs, so these bugs seem fixed. Otherwise, everything works nicely too.

karma: +1 #1451376: +1 #1471477: +1

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by adamwill.

This update has been pushed to stable.

selinux-policy-3.13.1-283.15 denies permission to allocate RWX Memory:

[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.

selinux-policy-3.13.1-283.15 denies permission to allocate RWX Memory:

[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.

Sorry, but should clarify that previously described issue with LibClamAV happened just once right after updating selinux-policy from koji.fedoraproject.org and no longer appear after rebooting system :)

Sorry, but should clarify that previously described issue with LibClamAV happened just once right after updating selinux-policy from koji.fedoraproject.org and no longer appear after rebooting system :)

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
bugfix
Update Severity
high
Karma
+5
stable threshold: 6
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 46

00 #1434395 SELinux is preventing ntpd from create
00 #1442387 SELinux is preventing groupadd from 'write' accesses on the sock_file system_bus_socket.
00 #1449673 Selinux prevents winbind. AVC
0+1 #1451376 SELinux is preventing abrtd from using the 'dac_read_search' capabilities.
00 #1464773 SELinux is preventing usermod from using the 'dac_read_search' capabilities.
00 #1471401 SELinux is preventing systemd from read, write access on the chr_file /dev/input/event9.
0+1 #1471477 SELinux is preventing abrt-dbus from using the 'dac_read_search' capabilities.
00 #1473118 SELinux is preventing ibus-daemon from 'read' accesses on the lnk_file /var/lib/dbus/machine-id.
00 #1480911 SELinux is preventing abrt-action-sav from 'map' accesses on the file /var/lib/rpm/__db.001.
00 #1480912 SELinux is preventing gsettings from 'map' accesses on the file /run/user/42/dconf/user.
00 #1480913 SELinux is preventing pulseaudio from 'map' accesses on the chr_file /dev/snd/pcmC0D0c.
00 #1480915 SELinux is preventing abrtd from 'map' accesses on the file /var/lib/sss/mc/group.
00 #1480916 SELinux is preventing cupsd from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1480917 SELinux is preventing dbus-daemon from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1480918 SELinux is preventing unix_chkpwd from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1480919 SELinux is preventing gdm from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1480920 SELinux is preventing colord from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1481376 selinux prevents cockpit from running
00 #1481453 SELinux is preventing sshd from 'map' accesses on the file /var/lib/sss/mc/passwd.
00 #1481455 SELinux is preventing abrt-dump-journ from 'map' accesses on the file /run/log/journal/2000656e56500583cc9b884bb121a7b9/system.journal.
00 #1481456 SELinux is preventing abrt-action-gen from 'map' accesses on the file /var/spool/abrt/ccpp-2017-08-14-09:18:34.154456-1086/coredump.
00 #1481457 SELinux is preventing avahi-daemon from 'map' accesses on the file /var/lib/sss/mc/initgroups.
00 #1481458 SELinux is preventing bluetoothd from 'map' accesses on the file /var/lib/bluetooth/00:26:83:16:93:DB/config.
00 #1481459 SELinux is preventing colord from 'map' accesses on the file /etc/udev/hwdb.bin.
00 #1481460 SELinux is preventing qmgr from 'map' accesses on the file /var/lib/sss/mc/initgroups.
00 #1490015 SELinux is preventing systemd-modules from 'map' accesses on the file /usr/lib/modules/4.13.0-1.fc27.x86_64/extra/VirtualBox/vboxdrv.ko.
00 #1492635 SELinux is preventing qemu-kvm from 'read, write' accesses on the chr_file /dev/tpm0
00 #1494829 Upgrade of selinux-policy produce unnecessary output
00 #1498336 GDM fails to start when WaylandEnable=false due to selinux error
00 #1498503 SELinux is preventing systemd-sleep from 'create' accesses on the file state.
00 #1498587 SELinux is preventing pppd from 'map' accesses on the file /run/ppp/pppd2.tdb.
00 #1498861 SELinux is preventing qemu-system-x86 from 'search' accesses on the directory 7838.
00 #1499170 ibus not working in fresh Workstation Live install with user account setup in gnome-initial-setup
00 #1499498 SELinux is preventing sh from 'search' accesses on the directory /var/lib/sss.
00 #1500088 SELinux is preventing boinc_client from 'map' accesses on the fichier /var/lib/boinc/slots/4/boinc_mmap_file.
00 #1500089 SELinux is preventing fail2ban-server from 'map' accesses on the fichier /var/log/journal/0d72a028972341f8958a3add7eb07c8f/system.journal.
00 #1500122 ovsdb-server fails to start with OVS-2.8.1 with AVC denial
00 #1500538 SELinux is preventing tor from 'map' accesses on the file /var/lib/tor/cached-microdescs.
00 #1501331
00 #1502760 SELinux is preventing fprintd from 'open' accesses on the chr_file /dev/bus/usb/001/007.
00 #1503466 SELinux is preventing qemu-system-x86 from 'read' accesses on the soubor cmdline.
-10 #1503980 SELinux is preventing fprintd from 'read' accesses on the katalog 00000000.
00 #1504493 SELinux is preventing systemd-machine from 'read' accesses on the dossier /var/lib/mock/fedora-rawhide-i386/root.
00 #1505081 SELinux policy prevents NetworkManager from updating systemd-resolved
00 #1505220 SELinux is preventing nm-l2tp-service from using the 'sigkill' accesses on a process.
00 #1505877 SELinux is preventing nmbd from 'map' accesses on the file /var/lib/samba/lock/serverid.tdb.

Automated Test Results