FEDORA-2021-ea3fa543f0 created by zpytela 2 months ago for Fedora 35
stable

New F35 selinux-policy build

How to install

sudo dnf upgrade --advisory=FEDORA-2021-ea3fa543f0

This update has been submitted for testing by zpytela.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'passed'.

2 months ago

This update has been pushed to testing.

2 months ago
User Icon bojan commented & provided feedback 2 months ago
karma

Works.

User Icon filiperosset commented & provided feedback 2 months ago
karma

no regressions noted

This update can be pushed to stable now if the maintainer wishes

2 months ago
User Icon geraldosimiao commented & provided feedback 2 months ago
karma

its fine

User Icon gotmax23 commented & provided feedback 2 months ago

From the changelog:

  • Allow PID 1 and dbus-broker IPC with a systemd user session

This is supposed to fix #2023332, but the systemd rpm scriptlet is still failing. Am I missing something here?

  Running scriptlet: syncthing-1.18.4-1.fc35.x86_64                                                                                                                                                                                     2/2 
Failed to start transient service unit: Connection reset by peer
Failed to set unit properties on syncthing.service: Transport endpoint is not connected

Additionally, I am getting the following errors in the audit log:

$ sudo ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent
time->Tue Nov 30 23:05:02 2021
type=AVC msg=audit(1638335102.617:397): avc:  denied  { mmap_zero } for  pid=1506 comm="check" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=memprotect permissive=0
User Icon besser82 commented & provided feedback 2 months ago
karma

Works great! LGTM! =)

User Icon jpbn commented & provided feedback 2 months ago
karma

ok

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago
User Icon zpytela commented & provided feedback a month ago

@gotmax23: 1. maybe the policy was updated after syncthing? 2. you need to turn mmap_low_allowed boolean on


Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
5
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
BZ#2020531 SELinux denial appears when printing via lpd (cups-lpd)
0
0
BZ#2023163 SELinux denies rpmdb access to /root/.rpmmacros
0
0
BZ#2025931 smbcontrol fails in SELinux Enforcing mode
0
0

Automated Test Results