How to install

sudo dnf upgrade --advisory=FEDORA-2018-a9711c96b2
This update has been submitted for testing by lvrabec. 2 years ago
lvrabec edited this update. 2 years ago
This update has been pushed to testing. 2 years ago
User Icon mzink commented & provided feedback 2 years ago
karma

No regressions found

User Icon bojan commented & provided feedback 2 years ago
karma

No regressions noticed.

User Icon renault commented & provided feedback 2 years ago
karma

No regressions found

User Icon stevestorey commented & provided feedback 2 years ago
karma

Upon applying this update, I was unable to add an additional port for SSH:

/sbin/semanage port -a -t ssh_port_t -p tcp 1234

libsepol.context_from_record: type pkcs_slotd_unit_file_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:pkcs_slotd_unit_file_t:s0 to sid invalid context system_u:object_r:pkcs_slotd_unit_file_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. OSError: [Errno 0] Error

Looking at sudo dnf history info <tx ID> showed a number of errors during installation:

1 neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:8980 2 (neverallow base_typeattr_8 self (capability (sys_module))) 3 <root> 4 allow at /var/lib/selinux/targeted/tmp/modules/300/systemdmodules-syscapability/cil:2 5 (allow init_t self (capability (sys_module))) 6 7 Failed to generate binary <and repeat 6 times>

Upon downgrading back to 283.24, everything worked again, no install errors.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. 2 years ago

EDIT: Sorry, didn't realise this was a markdown field. I'll repeat the details above, without additional karma changes for readability:

Upon applying this update, I was unable to add an additional port for SSH:

# /sbin/semanage port -a -t ssh_port_t -p tcp 1234
libsepol.context_from_record: type pkcs_slotd_unit_file_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert system_u:object_r:pkcs_slotd_unit_file_t:s0 to sid
invalid context system_u:object_r:pkcs_slotd_unit_file_t:s0
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255.
OSError: [Errno 0] Error

Looking at sudo dnf history info <tx ID> showed a number of errors during installation:

   1 neverallow check failed at /var/lib/selinux/targeted/tmp/modules/100/base/cil:8980
   2   (neverallow base_typeattr_8 self (capability (sys_module)))
   3     <root>
   4     allow at /var/lib/selinux/targeted/tmp/modules/300/systemdmodules-syscapability/cil:2
   5       (allow init_t self (capability (sys_module)))
   6 
   7 Failed to generate binary
   8 semodule:  Failed!
(and repeat 6 times)

Upon downgrading back to 283.24, everything worked again, no install errors.

@stevestorey,

tcp port 1234 is defined as monopd_port_t and commit for this is in repo from 2005-09-13 so, you cannot use -a in semanage becuase it's already defined.

lvrabec@lvrabec-workstation ~ » rpm -q selinux-policy selinux-policy-3.13.1-283.24.fc27.noarch lvrabec@lvrabec-workstation ~ » sudo semanage port -m -t ssh_port_t -p tcp 1234 1 ↵ lvrabec@lvrabec-workstation ~ » sudo semanage port -l | grep 1234
monopd_port_t tcp 1234 ssh_port_t tcp 1234, 22

After update...

lvrabec@lvrabec-workstation ~ » rpm -q selinux-policy
selinux-policy-3.13.1-283.26.fc27.noarch lvrabec@lvrabec-workstation ~ » sudo semanage port -m -t ssh_port_t -p tcp 1234
lvrabec@lvrabec-workstation ~ » sudo semanage port -l | grep 1234
monopd_port_t tcp 1234 ssh_port_t tcp 1234, 22

It looks like you have some custom modifications on your system (e.g: systemdmodules-syscapability) you are stopped by neverallow rule.

This is not issue in selinux-policy update but on your system.

Lukas.

User Icon mhayden commented & provided feedback 2 years ago
karma

Works for me.

User Icon jjelen commented & provided feedback 2 years ago
karma

looks good

User Icon alciregi commented & provided feedback 2 years ago
karma

looks good

Right - well firstly, I'm afraid port 1234 wasn't the real port I used (I'd rather not disclose the real port) - I should have made that clear, sorry :( - the port I'm using isn't assigned to any pre-existing rule. But fair enough, if I'm the only person getting this, it must be my config somewhere, I'll have a dig - thank you!

User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

SELinux is preventing iptables-restor from read access on the file xtables.lock

selinux-policy-devel-3.13.1-283.26.fc27.noarch reports:

/usr/share/selinux/devel/include/contrib/snappy.if: Syntax error on line 260 gen_require [type=GEN_REQ]
/usr/share/selinux/devel/include/contrib/snappy.if: Syntax error on line 263 ' [type=SQUOTE]
/usr/share/selinux/devel/include/contrib/snappy.if: Syntax error on line 273 ' [type=SQUOTE]
User Icon frantisekz commented & provided feedback 2 years ago
karma

Works

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

This update has been submitted for batched by lvrabec. 2 years ago
This update has been submitted for stable by bodhi. 2 years ago
This update has been pushed to stable. 2 years ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
high
Karma
8
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1362118 Geoclue can’t talk to DNS-SD _nmea-0183._tcp location sources
0
0
BZ#1379044 Selinux is preventing mdadm from updating metadata on shutdown. Software raid is broken
0
0
BZ#1473954 blueman not allowed to setup bluetooth network
0
0
BZ#1514272 SELinux breaks snapper {status,diff,undochange,xadiff}
0
0
BZ#1515959 SELinux is preventing systemd from 'create' accesses on the netlink_selinux_socket Unknown.
0
0
BZ#1520147 bluetooth gives error on bootup; does not work properly
0
0
BZ#1525017 SELinux is preventing logrotate from 'getattr' accesses on the file /var/log/audit/audit.log.
0
0
BZ#1531911 selinux prevents dovecot-lda from using mmap
0
0
BZ#1532043 SELinux is preventing /usr/lib/cups/backend/cups-pdf from 'write' accesses on the sock_file system_bus_socket.
0
0
BZ#1532079 SELinux is preventing dnsmasq from updating the nameserver list via dbus
0
0
BZ#1536152 SELinux is preventing pmdalinux from 'getattr' accesses on the directory /var/lib/mock.
0
0
BZ#1536689 nscd cannot read its database in /var/db/nscd
0
0
BZ#1538210 selinux seemed to be denying access to sssd related cache
0
0
BZ#1540163 selinux prevents pacemaker to check the status of systemd services
0
0
BZ#1540405 SELinux is preventing php-fpm from 'map' accesses on the archivo /dev/shm/mongoc-934.
0
0
BZ#1540584 SELinux is preventing gpsd from using the 'getsession' accesses on a process.
0
0
BZ#1540666 SELinux is preventing abrt-dbus from 'map' accesses on the file /etc/passwd.
0
0
BZ#1540816 SELinux is preventing boinc_client from 'map' accesses on the file 2F64726D206D6D206F626A656374202864656C6574656429.
0
0
BZ#1545005 SELinux is preventing snapperd from using the 'fowner' capabilities.
0
0

Automated Test Results