FEDORA-2021-217fe4e2f3 created by zpytela a year ago for Fedora 34

Automatic update for selinux-policy-3.14.7-18.fc34.

* Sun Feb  7 2021 Zdenek Pytela <> - 3.14.7-18
- Allow lockdown confidentiality for domains using perf_event
- define lockdown class and access
- Add perfmon capability for all domains using perf_event
- Allow ptp4l_t bpf capability to run bpf programs
- Revert "Allow ptp4l_t sys_admin capability to run bpf programs"
- access_vectors: Add new capabilities to cap2
- Allow systemd and systemd-resolved watch dbus pid objects
- Add new watch interfaces in the base and userdomain policy
- Add watch permissions for contrib packages
- Allow xdm watch /usr directories
- Allow getty watch its private runtime files
- Add watch permissions for nscd and sssd
- Add watch permissions for firewalld and NetworkManager
- Add watch permissions for syslogd
- Add watch permissions for systemd services
- Allow restorecond watch /etc dirs
- Add watch permissions for user domain types
- Add watch permissions for init
- Add basic watch interfaces for systemd
- Add basic watch interfaces to the base module
- Add additional watch object permissions sets and patterns
- Allow init_t to watch localization symlinks
- Allow init_t to watch mount directories
- Allow init_t to watch cgroup files
- Add basic watch patterns
- Add new watch* permissions

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-217fe4e2f3

This update was automatically created

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi

a year ago
User Icon rantadi commented & provided feedback a year ago

SELinx is preventing modprobe modprobe: ERROR: could not insert 'wl': Permission denied

Have to Downgrade to selinux-policy-3.14.7-17.fc34 to solve this Problem

@rantadi, could you show the avc denial? Anyway, I suppose it will be fixed in the next build, allowing watch permissions for modprobe.

@zpytela, no sorry. will have a look for next builds and avc denials. thanks

@rantadi, np, a new build is on the way right now

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
0 days
a year ago
in testing
a year ago
in stable
a year ago

Automated Test Results