stable

container-selinux-2.65-1.gitbf5b26b.fc27

FEDORA-2018-352f18aa25 created by dwalsh 6 years ago for Fedora 27

Several bug fixes.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-352f18aa25

This update has been submitted for testing by dwalsh.

6 years ago

This update has been pushed to testing.

6 years ago

RPM Scriptlet fails with "neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:9014" and "/usr/sbin/semodule: Failed!"

User Icon dustymabe commented & provided feedback 6 years ago
karma

I see a failure in some automated tests:

Jun 25 09:46:00 atomic-host-jobs-204-e911215e.localdomain kernel: SELinux:  Context system_u:object_r:container_var_lib_t:s0 is not valid (left unmapped).
Jun 25 09:46:05 atomic-host-jobs-204-e911215e.localdomain kernel: SELinux:  Context system_u:object_r:container_config_t:s0 is not valid (left unmapped).
Jun 25 09:46:05 atomic-host-jobs-204-e911215e.localdomain kernel: SELinux:  Context system_u:object_r:container_share_t:s0 is not valid (left unmapped).

Is that caused by this update?

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

6 years ago
User Icon miabbott commented & provided feedback 6 years ago
karma

I'm unable to run any containers using docker run. See https://bugzilla.redhat.com/show_bug.cgi?id=1595300

# docker run --rm -it registry.fedoraproject.org/fedora:28 echo 'hello'
standard_init_linux.go:178: exec user process caused "permission denied"

# journalctl -b | grep 'avc:  denied'
Jun 26 14:32:40 micah-f27ah-vm0626ba.localdomain audit[1253]: AVC avc:  denied  { entrypoint } for  pid=1253 comm="runc:[2:INIT]" path="/usr/bin/echo" dev="dm-0" ino=16780467 scontext=system_u:system_r:container_t:s0:c491,c888 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0

# ls -lZ /var/lib/docker
total 0
drwx------. 2 root root system_u:object_r:unlabeled_t:s0   6 Jun 26 14:32 containers
drwx------. 3 root root system_u:object_r:unlabeled_t:s0  22 Jun 26 14:08 image
drwxr-x---. 3 root root system_u:object_r:unlabeled_t:s0  19 Jun 26 14:08 network
drwx------. 4 root root system_u:object_r:unlabeled_t:s0 112 Jun 26 14:32 overlay2
drwx------. 4 root root system_u:object_r:unlabeled_t:s0  32 Jun 26 14:08 plugins
drwx------. 2 root root system_u:object_r:unlabeled_t:s0   6 Jun 26 14:08 swarm
drwx------. 2 root root system_u:object_r:unlabeled_t:s0   6 Jun 26 14:17 tmp
drwx------. 2 root root system_u:object_r:unlabeled_t:s0   6 Jun 26 14:08 trust
drwx------. 2 root root system_u:object_r:unlabeled_t:s0  25 Jun 26 14:08 volumes

What does restorecon -R -v /var/lib/containers do?

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by dwalsh.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
-2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1589555 SELinux is preventing nmap from 'map' accesses on the packet_socket packet_socket.
0
0
BZ#1591988 container-selinux-v2.65.0 is available
0
0

Automated Test Results