stable

selinux-policy-3.13.1-225.11.fc25

FEDORA-2017-e06f91350b created by lvrabec 7 years ago for Fedora 25

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-e06f91350b

This update has been submitted for testing by lvrabec.

7 years ago
User Icon egreshko commented & provided feedback 7 years ago
karma

Works for me in the cases that were failing for me.

BZ#1426906 SELinux is preventing systemd-modules from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/extra/VirtualBox/vboxdrv.ko.
BZ#1426649 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko.
User Icon ageha commented & provided feedback 7 years ago
karma

Everything working fine. Kernel modules are loaded again (kmod-wl in my case).

User Icon melmorabity commented & provided feedback 7 years ago
karma

World fine for me

BZ#1426906 SELinux is preventing systemd-modules from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/extra/VirtualBox/vboxdrv.ko.
BZ#1426649 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko.
User Icon alexpl commented & provided feedback 7 years ago
karma

nvidia module loading works now

BZ#1426741 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.10-200.fc25.x86_64/extra/nvidia-340xx/nvidia.ko.
User Icon dhgutteridge commented & provided feedback 7 years ago
karma

No regressions noted.

User Icon seq commented & provided feedback 7 years ago
karma

Resolved my issue with virtualbox kernel modules

BZ#1426906 SELinux is preventing systemd-modules from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/extra/VirtualBox/vboxdrv.ko.
BZ#1426649 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko.
User Icon nanonyme commented & provided feedback 7 years ago
karma

Works for me

This update has been pushed to testing.

7 years ago

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago
User Icon anonymous commented & provided feedback 7 years ago

Guys,

I can see the update on testing branch.

So, how to manually install it ?

User Icon anonymous commented & provided feedback 7 years ago

Sorry, I can't see the update on testing branch ...

User Icon dhgutteridge commented & provided feedback 7 years ago

@anonymous: you don't need to manually install it, you just need to run "dnf update". It's in stable now. It just came through to a non-testing machine of mine around fifteen minutes ago. (I forced a cache refresh with "dnf update --refresh".)

User Icon anonymous commented & provided feedback 7 years ago

@dhgutteridge

just run the command ... no update shown. I should get it later I suppose ...

sudo dnf list installed | grep -i selinux-policy Failed to synchronize cache for repo 'doc.fedora-fr.xn--org_wiki_dpt_adobe-kwb5t', disabling. selinux-policy.noarch 3.13.1-225.10.fc25 @updates
selinux-policy-targeted.noarch 3.13.1-225.10.fc25 @updates

User Icon anonymous commented & provided feedback 7 years ago

ok got it ;)

Thanks

User Icon pwhalen commented & provided feedback 7 years ago
karma

fixes module loading on arm devices.

BZ#1426741 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.10-200.fc25.x86_64/extra/nvidia-340xx/nvidia.ko.
User Icon anonymous commented & provided feedback 7 years ago

Not that this is already out so karma no longer has a direct impact on this

User Icon anonymous commented & provided feedback 7 years ago

SELinux is preventing accounts-daemon from read access on the lnk_file .cache

Source Context                system_u:system_r:accountsd_t:s0
Target Context                unconfined_u:object_r:cache_home_t:s0
Target Objects                .cache [ lnk_file ]
Source                        accounts-daemon
Source Path                   accounts-daemon
Port                          Unknown
Host                          localhost
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Platform                      Linux localhost 4.11.0-rc6 #1 SMP
                              Sun Apr 9 23:28:19 EEST 2017 x86_64 x86_64
Alert Count                   238
First Seen                    2016-12-27 21:50:12 EET
Last Seen                     2017-04-10 01:10:11 EEST

Raw Audit Messages
type=AVC msg=audit(1491775811.349:91): avc:  denied  { read } for  pid=800 comm="accounts-daemon" name=".cache" dev="sdb2" ino=1835058 scontext=system_u:system_r:accountsd_t:s0 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=lnk_file permissive=0
User Icon anonymous commented & provided feedback 7 years ago
Platform                      Linux 4.11.0-rc6 #1 SMP

SELinux:  Class sctp_socket not defined in policy.
SELinux:  Class icmp_socket not defined in policy.
SELinux:  Class ax25_socket not defined in policy.
SELinux:  Class ipx_socket not defined in policy.
SELinux:  Class netrom_socket not defined in policy.
SELinux:  Class atmpvc_socket not defined in policy.
SELinux:  Class x25_socket not defined in policy.
SELinux:  Class rose_socket not defined in policy.
SELinux:  Class decnet_socket not defined in policy.
SELinux:  Class atmsvc_socket not defined in policy.
SELinux:  Class rds_socket not defined in policy.
SELinux:  Class irda_socket not defined in policy.
SELinux:  Class pppox_socket not defined in policy.
SELinux:  Class llc_socket not defined in policy.
SELinux:  Class can_socket not defined in policy.
SELinux:  Class tipc_socket not defined in policy.
SELinux:  Class bluetooth_socket not defined in policy.
SELinux:  Class iucv_socket not defined in policy.
SELinux:  Class rxrpc_socket not defined in policy.
SELinux:  Class isdn_socket not defined in policy.
SELinux:  Class phonet_socket not defined in policy.
SELinux:  Class ieee802154_socket not defined in policy.
SELinux:  Class caif_socket not defined in policy.
SELinux:  Class alg_socket not defined in policy.
SELinux:  Class nfc_socket not defined in policy.
SELinux:  Class vsock_socket not defined in policy.
SELinux:  Class kcm_socket not defined in policy.
SELinux:  Class qipcrtr_socket not defined in policy.
SELinux:  Class smc_socket not defined in policy.
SELinux: the above unknown classes and permissions will be allowed

Please login to add feedback.

Metadata
Type
bugfix
Severity
high
Karma
8
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
7
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1403017 rpc.mountd needs open & read access for fixed_disk_device_t
0
0
BZ#1415506 SElinux prevents amanda dumps
0
0
BZ#1426649 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko.
0
3
BZ#1426741 SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.10-200.fc25.x86_64/extra/nvidia-340xx/nvidia.ko.
0
2
BZ#1426906 SELinux is preventing systemd-modules from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/extra/VirtualBox/vboxdrv.ko.
0
3

Automated Test Results