FEDORA-2018-a74875b364

bugfix update in Fedora 28 for selinux-policy

Status: stable 2 months ago

Comments 22

This update has been submitted for testing by lvrabec.

Problem with NVIDIA and SDDM is now resolved.

karma: +1 critpath: +1

Problem with gnome-session-c and /dev/nvidiactl solved.

All working well for me. Especially nVidia and sddm

karma: +1 critpath: +1
karma: +1 critpath: +1

Works great! Nvidia drivers work again and the pesky lpqd message that keeps popping up is gone.

karma: +1 critpath: +1
karma: +1 critpath: +1

Meant to add that gnome-session-c can now map /dev/nvidiactl, allowing the system to boot properly.

karma: +1

Works without any issues. And I can confirm that the nVidia problem has been fixed.

karma: +1

This update has been pushed to testing.

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

Fixes nvidia boot-to-gdm-crash issue for me.

This update has been pushed to stable.

1575234 still present with updated package

Fixes #1566706 for me - thanks!

karma: +1 critpath: +1

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1579848 the certmaster service triggers SELinux denials
#1578501 glusterd does not start with selinux in enforcing mode
#1578755 certmonger gets avc on getattr for /
#1509054 Tang needs a policy
#1575511 SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue.
#1576387 Deadlock in nss-systemd and dbus-daemon during startup
#1575234 SELinux is preventing gssproxy from 'getattr' accesses on the file /usr/sbin/rpc.gssd.
#1578882 SELinux is preventing plymouth from 'append' accesses on the unix_stream_socket unix_stream_socket.
#1566706 SELinux is preventing openvpn from 'write' accesses on the file /home/.ecryptfs/christian/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZFWi8DDjIxIETJF2l-TL1AxLIEtccM-J6ejbCMtS4.IE8efAPRMBaToU--/ECRYPTFS_FNEK_ENCRYPTED.FWZFWi8DDjIxIETJF2l-TL1AxLIEtccM-J6eQw3bxBTS...
#1582203 SELinux is preventing sddm-greeter from map access on the chr_file /dev/nvidiactl
#1574186 SELinux is preventing ssh from 'create' accesses on the tun_socket Unknown.
#1578915 SELinux is preventing polkit-agent-he from 'open' accesses on the chr_file /dev/hidraw2.
#1578879 SELinux is preventing certwatch from 'getattr' accesses on the filesystem /.
#1569724 smartd cannot save state files
#1576913 SELinux is preventing lpqd from 'sendto' accesses on the unix_dgram_socket /var/lib/samba/private/msg.sock/1966.
#1571328 SELinux is preventing LD_PRELOAD from working
#1574553 SELinux is preventing lightdm-autolog from 'execute' accesses on the Datei /usr/lib/systemd/systemd-coredump.
#1573945 SELinux prevents jabber router from reading /etc/krb5.keytab file
#1579692 SELinux is preventing abrt-action-gen from 'map' accesses on the file /usr/lib64/httpd/modules/mod_systemd.so.
#1574355 SELinux is preventing loadkeys from 'open' accesses on the chr_file /dev/tty2.
#1577471 SELinux is preventing bluetoothd from 'bind' accesses on the bluetooth_socket Unknown.
#1574184 SELinux is preventing ssh from 'ioctl' accesses on the chr_file /dev/net/tun.
#1577581 SELinux is preventing python3 from 'execute_no_trans' accesses on the file /usr/sbin/ldconfig.
#1574735 SELinux is preventing cgconfigparser from using the 'dac_override' capabilities.
#1574649 Creation of cgroup in /etc/cgconfig.cfg failing at boot; AVC denial
#1574170 SELinux is preventing ifconfig from 'search' accesses on the directory net.
#1576998 SELinux is preventing kworker/u8:4 from using the 'dac_override' capabilities.
#1581790 SELinux is preventing gnome-session-c from 'map' accesses on the chr_file /dev/nvidiactl.
#1574174 SELinux is preventing ifconfig from 'getattr' accesses on the file /proc/<pid>/net/dev.</pid>
#1577100 cyrus-imapd processess run in wrong selinux context (unconfined_service_t)
#1580149 SELinux is preventing setpriv from using the 'nnp_transition' accesses on a process.
#1572945 SELinux is preventing gssproxy from 'getattr' accesses on the directory /proc/<pid>.</pid>
#1578097 gssproxy AVCs for /proc/<pid>/exe</pid>
Does the system's basic functionality continue to work after this update?
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests Ignored
Submitted by
Update Type
bugfix
Update Severity
high
Karma
+7
stable threshold: 5
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable 2 months ago

Related Bugs 33

00 #1579848 the certmaster service triggers SELinux denials
00 #1578501 glusterd does not start with selinux in enforcing mode
00 #1578755 certmonger gets avc on getattr for /
00 #1509054 Tang needs a policy
00 #1575511 SELinux is preventing (geoclue) from 'execute_no_trans' accesses on the file /usr/libexec/geoclue.
00 #1576387 Deadlock in nss-systemd and dbus-daemon during startup
00 #1575234 SELinux is preventing gssproxy from 'getattr' accesses on the file /usr/sbin/rpc.gssd.
00 #1578882 SELinux is preventing plymouth from 'append' accesses on the unix_stream_socket unix_stream_socket.
00 #1566706 SELinux is preventing openvpn from 'write' accesses on the file /home/.ecryptfs/christian/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZFWi8DDjIxIETJF2l-TL1AxLIEtccM-J6ejbCMtS4.IE8efAPRMBaToU--/ECRYPTFS_FNEK_ENCRYPTED.FWZFWi8DDjIxIETJF2l-TL1AxLIEtccM-J6eQw3bxBTS...
00 #1582203 SELinux is preventing sddm-greeter from map access on the chr_file /dev/nvidiactl
00 #1574186 SELinux is preventing ssh from 'create' accesses on the tun_socket Unknown.
00 #1578915 SELinux is preventing polkit-agent-he from 'open' accesses on the chr_file /dev/hidraw2.
00 #1578879 SELinux is preventing certwatch from 'getattr' accesses on the filesystem /.
00 #1569724 smartd cannot save state files
00 #1576913 SELinux is preventing lpqd from 'sendto' accesses on the unix_dgram_socket /var/lib/samba/private/msg.sock/1966.
00 #1571328 SELinux is preventing LD_PRELOAD from working
00 #1574553 SELinux is preventing lightdm-autolog from 'execute' accesses on the Datei /usr/lib/systemd/systemd-coredump.
00 #1573945 SELinux prevents jabber router from reading /etc/krb5.keytab file
00 #1579692 SELinux is preventing abrt-action-gen from 'map' accesses on the file /usr/lib64/httpd/modules/mod_systemd.so.
00 #1574355 SELinux is preventing loadkeys from 'open' accesses on the chr_file /dev/tty2.
00 #1577471 SELinux is preventing bluetoothd from 'bind' accesses on the bluetooth_socket Unknown.
00 #1574184 SELinux is preventing ssh from 'ioctl' accesses on the chr_file /dev/net/tun.
00 #1577581 SELinux is preventing python3 from 'execute_no_trans' accesses on the file /usr/sbin/ldconfig.
00 #1574735 SELinux is preventing cgconfigparser from using the 'dac_override' capabilities.
00 #1574649 Creation of cgroup in /etc/cgconfig.cfg failing at boot; AVC denial
00 #1574170 SELinux is preventing ifconfig from 'search' accesses on the directory net.
00 #1576998 SELinux is preventing kworker/u8:4 from using the 'dac_override' capabilities.
00 #1581790 SELinux is preventing gnome-session-c from 'map' accesses on the chr_file /dev/nvidiactl.
00 #1574174 SELinux is preventing ifconfig from 'getattr' accesses on the file /proc/<pid>/net/dev.</pid>
00 #1577100 cyrus-imapd processess run in wrong selinux context (unconfined_service_t)
00 #1580149 SELinux is preventing setpriv from using the 'nnp_transition' accesses on a process.
00 #1572945 SELinux is preventing gssproxy from 'getattr' accesses on the directory /proc/<pid>.</pid>
00 #1578097 gssproxy AVCs for /proc/<pid>/exe</pid>

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.