stable

selinux-policy-35.11-1.fc35

FEDORA-2022-87a0b7e8d0 created by zpytela 3 years ago for Fedora 35

New F35 selinux-policy build. This update fixes a problem with the previous build when packages with custom selinux modules were installed, causing the custom module not to be active.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-87a0b7e8d0

This update has been submitted for testing by zpytela.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago
User Icon zpytela commented & provided feedback 3 years ago

Note the update from selinux-policy-35.10-1.fc35 will still report:

Running transaction Running scriptlet: selinux-policy-targeted-35.11-1.fc35.noarch 1/1 Preparing : 1/1 Upgrading : selinux-policy-35.11-1.fc35.noarch 1/4 Running scriptlet: selinux-policy-35.11-1.fc35.noarch 1/4 Problems processing filecon rules Failed post db handling Post process failed /usr/sbin/semodule: Failed!

but it should finish sucessfully and with the previously inactive modules active again.

User Icon clnetbox commented & provided feedback 3 years ago
karma

That was fast ! Works without all the issues mentioned in versions 35.9 and 35.10 ! Thank you very much @zpytela !
Also, the update process is back to normal - it was quick as usual ... what you mentioned in your note did not occur.

User Icon adamwill commented & provided feedback 3 years ago

@zpytela thanks for the quick turnaround. Could you build this for Rawhide too? Thanks!

User Icon xvitaly commented & provided feedback 3 years ago
karma

LGTM. Installed from Koji.

User Icon rudi3 commented & provided feedback 3 years ago

I manually ran semodule -nB and it seems that cockpit and miscfiles are listed in semodule -l. However, as described, the command failed (See comments on https://bodhi.fedoraproject.org/updates/FEDORA-2022-41fa7610dd).

I still get the Regex version mismatch when running su.

User Icon pghmcfc commented & provided feedback 3 years ago

This is much better for me but I'm not using cockpit so I'll defer karma until someone mentions that cockpit's OK.

User Icon adamwill commented & provided feedback 3 years ago

The openQA tests that failed on 35.10 pass on 35.11.

User Icon rudi3 commented & provided feedback 3 years ago
karma

cockpit seems to work fine. (I didn't install the update, but ran the command from the package)

but the other issues remain.

BZ#2042369 New selinux-policy release breaks Cockpit

This update's test gating status has been changed to 'failed'.

3 years ago
User Icon zpytela commented & provided feedback 3 years ago

@adamwill, I already initiated the build some time ago, this time CI cannot even make a scratchbuild.

User Icon dhcpme commented & provided feedback 3 years ago
karma

Excellent! None of the issues as seen with the previous release on any of my machines.

User Icon cbrannan commented & provided feedback 3 years ago
karma

Didn't have issues with Cockpit following last release, but this has restored Podman container functionality for me.

This update's test gating status has been changed to 'passed'.

3 years ago
User Icon marinmo commented & provided feedback 3 years ago
karma

This update seems to undo all the issues -9 and -10 created, at least as far as I can tell. Just like cbrannan mentions this restored podman functionality, thankfully.

BZ#2042369 New selinux-policy release breaks Cockpit

This update has been submitted for stable by bodhi.

3 years ago
User Icon rudi3 commented & provided feedback 3 years ago

After applying update from koji, the Regex version mismatch is fixed for me as well. Looks good. Thank you for the quick fix.

User Icon adamwill commented & provided feedback 3 years ago

@zpytela I'm not sure what you mean about CI, but there definitely isn't any 35.11 build for Rawhide logged anywhere, and the Rawhide dist-git repo is still at 35.10, no 35.11 bump has even been committed. The same problems we had in F35 showed up in today's Rawhide compose, so it'd be good to have them fixed in Rawhide too.

User Icon adamwill commented & provided feedback 3 years ago

@zpytela compared to the f35 branch, it looks like the rawhide branch has the "Force a rebuild of policy unconditionally" commit, but not the "* Wed Jan 19 2022 Zdenek Pytela zpytela@redhat.com - 35.11-1" commit.

User Icon zpytela commented & provided feedback 3 years ago

@adamwill, that's it - for a new build we use a PR and a CI pipeline is run to execute selected tests. It has just successfully finished, so a rawhide build should be there in an hour or so.

This update has been pushed to stable.

3 years ago
User Icon geraldosimiao commented & provided feedback 3 years ago
karma

WFM, regex message solved.

User Icon chder commented & provided feedback 3 years ago
karma

Updating to 35.11 resolved my selinux related problems that started when I updated from .8 -> .10. I had run an autorelabel on .10 which seemed to make things worse so I ran it again after updating to .11 and I can login my system normally again and the frequent selinux alerts went away.


Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
8
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-2
Stable by Karma
5
Stable by Time
14 days
Dates
submitted
3 years ago
in stable
3 years ago
BZ#2042369 New selinux-policy release breaks Cockpit
0
1

Automated Test Results