stable

selinux-policy-37.17-1.fc37

FEDORA-2022-fc84e3e4d5 created by zpytela 3 months ago for Fedora 37

New F37 selinux-policy build

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-fc84e3e4d5

This update has been submitted for testing by zpytela.

3 months ago

This update's test gating status has been changed to 'waiting'.

3 months ago
User Icon mmuehlfeldrh commented & provided feedback 3 months ago

This build does not fix BZ#2128246. The problem is the same as before. I updated the BZ.

BZ#2128246 SELinux prevents systemd-resolved to start at boot time if host runs in systemd.volatile=overlay mode

This update's test gating status has been changed to 'passed'.

3 months ago
User Icon imabug provided feedback 3 months ago
karma
BZ#2122918 avc: denied { execmem } for comm="libvirt_leasesh"

This update has been pushed to testing.

3 months ago
User Icon bojan commented & provided feedback 3 months ago
karma

Works.

This update can be pushed to stable now if the maintainer wishes

3 months ago
User Icon nixuser commented & provided feedback 3 months ago
karma

This has certainly fixed BZ#2122918 for me, I was having this issue right up to installing this update. After a reboot it's gone. As for the others, some were driving me so crazy I created local rules to fix the alerts... and I've lost touch with which ones I fixed locally.

BZ#2122918 avc: denied { execmem } for comm="libvirt_leasesh"
User Icon zpytela commented & provided feedback 3 months ago

@nixuser An easy (or the only) way how to verify it is to remove all custom modules. The actual fix in the policy is not always the same as rules provided by audit2allow.

User Icon frantisekz commented & provided feedback 3 months ago
karma

Didn't break anything

User Icon dm0 provided feedback 3 months ago
karma
BZ#2151806 systemd-timesyncd fails to start with a SELinux denial

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
5
Stable by Time
14 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
3 months ago
BZ#2075527 avc: denied { relabelfrom } for pid=450 comm="journal-offline" name=".#system@5c47f64a69a0445caa29606353ac37a0-000000000000047a-0005dc9bd60ad1ec.journal48541a33e01aab65" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:obj
0
0
BZ#2122918 avc: denied { execmem } for comm="libvirt_leasesh"
0
2
BZ#2128246 SELinux prevents systemd-resolved to start at boot time if host runs in systemd.volatile=overlay mode
-1
0
BZ#2149254 SELinux is preventing rndc from 'read' accesses on the file enabled.
0
0
BZ#2151806 systemd-timesyncd fails to start with a SELinux denial
0
1
BZ#2153800 SELinux is preventing gpsd from 'create' accesses on the sock_file gpsd.sock.
0
0
BZ#2153881 SELinux is preventing gpsd from 'sys_ptrace' accesses on the cap_userns labeled gpsd_t.
0
0

Automated Test Results

passed