FEDORA-2019-38a1de7619 — bugfix update for selinux-policy

selinux-policy-3.14.2-59.fc29

FEDORA-2019-38a1de7619 created by lvrabec 7 months ago for Fedora 29

stable

More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1268878

How to install

sudo dnf upgrade --advisory=FEDORA-2019-38a1de7619

This update has been submitted for testing by lvrabec.

7 months ago

This update has been pushed to testing.

7 months ago

danfruehauf commented & provided feedback 7 months ago

karma

Still doesn't work with NetworkManager-ssh:

May 20 11:11:00 localhost NetworkManager[1107]: <info> [1558314660.5685] audit: op="connection-activate" uuid="d0a1a843-98ad-41dc-831b-7a8139771a8e" name="tfx-jump ssh" pid=2351 uid=1000 result="success" May 20 11:11:00 localhost NetworkManager[1107]: <info> [1558314660.5718] vpn-connection[0x563d7e8f8350,d0a1a843-98ad-41dc-831b-7a8139771a8e,"tfx-jump ssh",0]: Started the VPN service, PID 2876 May 20 11:11:00 localhost NetworkManager[1107]: <info> [1558314660.5833] vpn-connection[0x563d7e8f8350,d0a1a843-98ad-41dc-831b-7a8139771a8e,"tfx-jump ssh",0]: Saw the service appear; activating connection May 20 11:11:00 localhost audit[960]: USER_AVC pid=960 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPN.Plugin member=NeedSecrets dest=:1.392 spid=1107 tpid=2876 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_ssh_t:s0 tclass=dbus permissive=0#012 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' May 20 11:11:00 localhost NetworkManager[1107]: <error> [1558314660.5859] vpn-connection[0x563d7e8f8350,d0a1a843-98ad-41dc-831b-7a8139771a8e,"tfx-jump ssh",0]: plugin NeedSecrets request #1 failed: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.16" (uid=0 pid=1107 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply="0" destination=":1.392" (uid=0 pid=2876 comm="/usr/libexec/nm-ssh-service --bus-name org.freedes" label="system_u:system_r:NetworkManager_ssh_t:s0") May 20 11:11:00 localhost audit[960]: USER_AVC pid=960 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPN.Plugin member=Disconnect dest=:1.392 spid=1107 tpid=2876 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_ssh_t:s0 tclass=dbus permissive=0#012 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

BZ#1677484 NetworkManager-ssh VPN connections timeout due to selinux policy