Please note updating from the previous package version selinux-policy-3.14.5-38.fc32 will have all filesystems relabeling as a result which cannot be prevented. If relabeling takes a lot of time, consider unmounting some filesystems, updating manually, postponing the update to later.
Updating from older versions of the package should not trigger the relabeling.
BZ#1824196 SELinux is preventing /usr/lib/systemd/systemd-resolved from 'read' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
BZ#1808736 the lttng-sessiond service triggers SELinux denials
0
0
BZ#1824196 SELinux is preventing /usr/lib/systemd/systemd-resolved from 'read' accesses on the file /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c.
-1
0
BZ#1832790 Upgrade of selinux-polixy takes very long time
This update has been submitted for testing by zpytela.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
Please note updating from the previous package version selinux-policy-3.14.5-38.fc32 will have all filesystems relabeling as a result which cannot be prevented. If relabeling takes a lot of time, consider unmounting some filesystems, updating manually, postponing the update to later.
Updating from older versions of the package should not trigger the relabeling.
This update has been pushed to testing.
Works.
This update can be pushed to stable now if the maintainer wishes
Installed
selinux-policy-targeted-3.14.5-39.fc32.noarch
, relabeled entire system, rebooted...After a full reboot...
grepping the selinux-policy.git source, I don't see that
systemd_resolved_t
has thefs_read_efivars_files
applied.Note, on another system the same issue occurs with
systemd_modules_load_t
update hangs
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
no issues yet
@jpbn what do you mean by "hangs"? Note the update can take a long time, see c#1.
@amessina, you are right the update addresses most of the issues reported, but not the one in the bz description, sorry for that.
@zpytela the script did not end. had to close terminal.
No regressions found
Works
Works for me.
Two time this AVC is logged, but nothing breaks (note: I disable secure-boot in the UEFI).
Works
works for me
Pushing to stable given the prevailing positive feedback. The remaining bugs (systemd-resolved, systemd-modules) will be resolved in the next build.
This update has been submitted for stable by zpytela.
This update has been pushed to stable.