stable
FEDORA-2021-217fe4e2f3 created by zpytela a year ago for Fedora 34

Automatic update for selinux-policy-3.14.7-18.fc34.

Changelog
* Sun Feb  7 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event
- define lockdown class and access
- Add perfmon capability for all domains using perf_event
- Allow ptp4l_t bpf capability to run bpf programs
- Revert "Allow ptp4l_t sys_admin capability to run bpf programs"
- access_vectors: Add new capabilities to cap2
- Allow systemd and systemd-resolved watch dbus pid objects
- Add new watch interfaces in the base and userdomain policy
- Add watch permissions for contrib packages
- Allow xdm watch /usr directories
- Allow getty watch its private runtime files
- Add watch permissions for nscd and sssd
- Add watch permissions for firewalld and NetworkManager
- Add watch permissions for syslogd
- Add watch permissions for systemd services
- Allow restorecond watch /etc dirs
- Add watch permissions for user domain types
- Add watch permissions for init
- Add basic watch interfaces for systemd
- Add basic watch interfaces to the base module
- Add additional watch object permissions sets and patterns
- Allow init_t to watch localization symlinks
- Allow init_t to watch mount directories
- Allow init_t to watch cgroup files
- Add basic watch patterns
- Add new watch* permissions

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-217fe4e2f3

This update was automatically created

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi

a year ago
User Icon rantadi commented & provided feedback a year ago
karma

SELinx is preventing modprobe modprobe: ERROR: could not insert 'wl': Permission denied

Have to Downgrade to selinux-policy-3.14.7-17.fc34 to solve this Problem

@rantadi, could you show the avc denial? Anyway, I suppose it will be fixed in the next build, allowing watch permissions for modprobe.

@zpytela, no sorry. will have a look for next builds and avc denials. thanks

@rantadi, np, a new build is on the way right now


Please login to add feedback.

Metadata
Type
unspecified
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
0 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago

Automated Test Results