FEDORA-2019-3f20be4d52

bugfix update in Fedora 30 for selinux-policy

Status: obsolete

More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1273018

Comments 11

This update has been submitted for testing by lvrabec.

3 months ago

This update test gating status has been changed to 'waiting'.

3 months ago

This update test gating status has been changed to 'ignored'.

3 months ago
imabug 3 months ago
karma: +1 critpath: +1

This update has been pushed to testing.

2 months ago
bojan 2 months ago

Works here.

karma: +1 critpath: +1
goeran 2 months ago

There are no regressions in this version as far as I can tell.

It does, however not solve #1711799. It silences the alerts that were previously generated, but sa-update.cron does still not work; it fetches no new updates.

karma: +1 critpath: +1 #1711799: -1
galileo 2 months ago

I tried to install this on Silverblue, using the following command:

rpm-ostree override replace selinux-policy-3.14.3-38.fc30.noarch.rpm selinux-policy-targeted-3.14.3-38.fc30.noarch.rpm

and got the following error:

error: Checkout selinux-policy-targeted-3.14.3-38.fc30.noarch: Hardlinking a5/8b8b3f84fa2d588c41ae5fa6615dfe387b262737198f5b2a9c5f24b0b23045.file to commit_num: File exists

I'm not sure if this is a problem with rpm-ostree or with this package, so I won't give it a -1, but just thought it worth mentioning!

martinpitt 2 months ago

With this version, we now see regressions with mdadm and pcp:

audit: type=1400 audit(1560408406.661:341): avc:  denied  { read } for  pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.661:341): avc:  denied  { read } for  pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.pag" dev="dm-0" ino=27031699 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.702:342): avc:  denied  { read } for  pid=7639 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0

Aside from this SELinux policy update, the only other package from updates-testing which sounds relevant is

 audit                       x86_64 3.0-0.9.20190507gitf58ec40.fc30
                                                          updates-testing 229 k
 audit-libs                  x86_64 3.0-0.9.20190507gitf58ec40.fc30
                                                          updates-testing 106 k

mdadm and pcp didn't get an update recently, and with selinux-policy from current stable (3.14.3-37.fc30) we don't see these.

So -1 due to this regression.

karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 months ago

This update has been obsoleted by selinux-policy-3.14.3-39.fc30.

2 months ago

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
bugfix
Update Severity
medium
Karma
+2
stable threshold: 4
unstable threshold: -2
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 3 months ago
in testing 2 months ago

Related Bugs 6
00 #1711682 Allow systemd unit file flag ReadWritePaths=/var/lib/boinc
-10 #1711799 SELinux is preventing pgrep from 'getattr' accesses on various /proc/<pid> directories</pid>
00 #1713885 SELinux is preventing pgrep from 'getattr' accesses on the directory /proc/<pid>.</pid>
00 #1714406 SELinux is preventing pgrep from 'search' accesses on the directory 4571.
00 #1714800 SELinux is preventing pmdalinux from 'read' accesses on the file mdadm.
00 #1714823 cron job run daily that calls sa-update throws 100's of AVCs on pgrep

Automated Test Results

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-4.1.0 on bodhi-web-91-cdvdt.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Legal | Privacy policy