Fedora Update System

selinux-policy-3.14.3-38.fc30
FEDORA-2019-3f20be4d52 created by lvrabec 7 months ago for Fedora 30
obsolete

More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1273018

This update has been submitted for testing by lvrabec.

7 months ago

This update test gating status has been changed to 'waiting'.

7 months ago

This update test gating status has been changed to 'ignored'.

7 months ago
User Icon imabug provided feedback 7 months ago
karma

This update has been pushed to testing.

6 months ago
User Icon bojan commented & provided feedback 6 months ago
karma

Works here.

User Icon goeran commented & provided feedback 6 months ago
karma

There are no regressions in this version as far as I can tell.

It does, however not solve #1711799. It silences the alerts that were previously generated, but sa-update.cron does still not work; it fetches no new updates.

BZ#1711799 SELinux is preventing pgrep from 'getattr' accesses on various /proc/<pid> directories
User Icon galileo commented & provided feedback 6 months ago

I tried to install this on Silverblue, using the following command:

rpm-ostree override replace selinux-policy-3.14.3-38.fc30.noarch.rpm selinux-policy-targeted-3.14.3-38.fc30.noarch.rpm

and got the following error:

error: Checkout selinux-policy-targeted-3.14.3-38.fc30.noarch: Hardlinking a5/8b8b3f84fa2d588c41ae5fa6615dfe387b262737198f5b2a9c5f24b0b23045.file to commit_num: File exists

I'm not sure if this is a problem with rpm-ostree or with this package, so I won't give it a -1, but just thought it worth mentioning!

User Icon martinpitt commented & provided feedback 6 months ago
karma

With this version, we now see regressions with mdadm and pcp:

audit: type=1400 audit(1560408406.661:341): avc:  denied  { read } for  pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.661:341): avc:  denied  { read } for  pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.pag" dev="dm-0" ino=27031699 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.702:342): avc:  denied  { read } for  pid=7639 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0

Aside from this SELinux policy update, the only other package from updates-testing which sounds relevant is

 audit                       x86_64 3.0-0.9.20190507gitf58ec40.fc30
                                                          updates-testing 229 k
 audit-libs                  x86_64 3.0-0.9.20190507gitf58ec40.fc30
                                                          updates-testing 106 k

mdadm and pcp didn't get an update recently, and with selinux-policy from current stable (3.14.3-37.fc30) we don't see these.

So -1 due to this regression.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

6 months ago

This update has been obsoleted by selinux-policy-3.14.3-39.fc30.

6 months ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Builds
1
selinux-policy-3.14.3-38.fc30
Settings
Unstable by Karma
-2
Dates
submitted
7 months ago
in testing
6 months ago
BZ#1711682 Allow systemd unit file flag ReadWritePaths=/var/lib/boinc
0
0
BZ#1711799 SELinux is preventing pgrep from 'getattr' accesses on various /proc/<pid> directories
-1
0
BZ#1713885 SELinux is preventing pgrep from 'getattr' accesses on the directory /proc/<pid>.
0
0
BZ#1714406 SELinux is preventing pgrep from 'search' accesses on the directory 4571.
0
0
BZ#1714800 SELinux is preventing pmdalinux from 'read' accesses on the file mdadm.
0
0
BZ#1714823 cron job run daily that calls sa-update throws 100's of AVCs on pgrep
0
0

Automated Test Results

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-5.1.0 on bodhi-web-137-lt6x5.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy