FEDORA-2021-217fe4e2f3 created by zpytela 10 months ago for Fedora 34

Automatic update for selinux-policy-3.14.7-18.fc34.

* Sun Feb  7 2021 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event
- define lockdown class and access
- Add perfmon capability for all domains using perf_event
- Allow ptp4l_t bpf capability to run bpf programs
- Revert "Allow ptp4l_t sys_admin capability to run bpf programs"
- access_vectors: Add new capabilities to cap2
- Allow systemd and systemd-resolved watch dbus pid objects
- Add new watch interfaces in the base and userdomain policy
- Add watch permissions for contrib packages
- Allow xdm watch /usr directories
- Allow getty watch its private runtime files
- Add watch permissions for nscd and sssd
- Add watch permissions for firewalld and NetworkManager
- Add watch permissions for syslogd
- Add watch permissions for systemd services
- Allow restorecond watch /etc dirs
- Add watch permissions for user domain types
- Add watch permissions for init
- Add basic watch interfaces for systemd
- Add basic watch interfaces to the base module
- Add additional watch object permissions sets and patterns
- Allow init_t to watch localization symlinks
- Allow init_t to watch mount directories
- Allow init_t to watch cgroup files
- Add basic watch patterns
- Add new watch* permissions

How to install

sudo dnf upgrade --advisory=FEDORA-2021-217fe4e2f3

This update was automatically created

10 months ago

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update can be pushed to stable now if the maintainer wishes

10 months ago

This update has been submitted for stable by bodhi

10 months ago
User Icon rantadi commented & provided feedback 10 months ago

SELinx is preventing modprobe modprobe: ERROR: could not insert 'wl': Permission denied

Have to Downgrade to selinux-policy-3.14.7-17.fc34 to solve this Problem

@rantadi, could you show the avc denial? Anyway, I suppose it will be fixed in the next build, allowing watch permissions for modprobe.

@zpytela, no sorry. will have a look for next builds and avc denials. thanks

@rantadi, np, a new build is on the way right now

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
0 days
10 months ago
in testing
10 months ago
in stable
10 months ago

Automated Test Results