stable

selinux-policy-3.14.6-27.fc33

FEDORA-2020-2be8afa1ab created by zpytela 2 years ago for Fedora 33

New F33 selinux-policy build: https://koji.fedoraproject.org/koji/taskinfo?taskID=51737666

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-2be8afa1ab

This update has been submitted for testing by zpytela.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon kparal commented & provided feedback 2 years ago
karma

#1870476 is fixed and the system boots. I haven't used this for long, though.

BZ#1870476 Google Account doesn't work during initial setup

This update has been pushed to testing.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago
User Icon pwalter commented & provided feedback 2 years ago
karma

Works

User Icon atim provided feedback 2 years ago
karma

This update has been submitted for stable by bodhi.

2 years ago
User Icon geraldosimiao commented & provided feedback 2 years ago
karma

works

BZ#1870476 Google Account doesn't work during initial setup
User Icon renault commented & provided feedback 2 years ago
karma

Works fine

User Icon nb provided feedback 2 years ago
karma

This update has been pushed to stable.

2 years ago
User Icon clnetbox commented & provided feedback 2 years ago

SELinux is preventing chronyd from read access on the file wlp3s0.sources.

* Plugin catchall (100. confidence) suggests ******

If you believe that chronyd should be allowed read access on the wlp3s0.sources file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:

ausearch -c 'chronyd' --raw | audit2allow -M my-chronyd

semodule -X 300 -i my-chronyd.pp

User Icon zpytela commented & provided feedback 2 years ago

@clnetbox Please show the AVC denials. We already have a bz https://bugzilla.redhat.com/show_bug.cgi?id=1880948

User Icon clnetbox commented & provided feedback 2 years ago

time->Fri Sep 25 08:09:14 2020 type=AVC msg=audit(1601014154.941:198): avc: denied { read } for pid=863 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=34309 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:09:15 2020 type=AVC msg=audit(1601014155.370:274): avc: denied { read } for pid=863 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=34309 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:09:15 2020 type=AVC msg=audit(1601014155.390:276): avc: denied { read } for pid=863 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=34309 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:09:15 2020 type=AVC msg=audit(1601014155.586:296): avc: denied { read } for pid=863 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=34309 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:09:15 2020 type=AVC msg=audit(1601014155.606:297): avc: denied { read } for pid=863 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=34309 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:14:27 2020 type=AVC msg=audit(1601014467.084:187): avc: denied { read } for pid=866 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=35165 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:14:27 2020 type=AVC msg=audit(1601014467.784:262): avc: denied { read } for pid=866 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=35165 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:14:27 2020 type=AVC msg=audit(1601014467.807:264): avc: denied { read } for pid=866 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=35165 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:14:27 2020 type=AVC msg=audit(1601014467.929:284): avc: denied { read } for pid=866 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=35165 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

time->Fri Sep 25 08:14:27 2020 type=AVC msg=audit(1601014467.948:285): avc: denied { read } for pid=866 comm="chronyd" name="wlp3s0.sources" dev="tmpfs" ino=35165 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file permissive=0

User Icon zpytela commented & provided feedback 2 years ago

Thanks, the denials are the same, so let's continue in the referred bz. I'd like to find the action which triggers the denials.

Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
6
Signed
Content Type
RPM
Test Gating
Builds
1
selinux-policy-3.14.6-27.fc33
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1870476 Google Account doesn't work during initial setup
0
2
selinux-policy-3.14.6-27.fc33

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.1 on bodhi-web-84-p4b44.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy