New F36 selinux-policy build
This update has been submitted for testing by zpytela.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
Works for me. I'm not 100% sure it fixes BZ#2093285, because that AVC presented itself only occasionally.
This update has been pushed to testing.
Works.
This update can be pushed to stable now if the maintainer wishes
This does not fully fix BZ#2092808. Invoking smbcontrol works, but testparm is still returning an empty string.
works fine no issues
works
works for me
no issues
@rakuco the denials mentioned in the bz should be addressed. Please open a new bz and add some details and avc denials you see.
I've added more information to bz#2092808 (the bug report already mentions the issue with testparm).
This is causing IPA CI to fail. I'm not completely sure why. The behavior we see is that the current principal is cifs/<fqdn> when we expect it to be something else.
The AVC we see is:
type=AVC msg=audit(1657297049.999:3709): avc: denied { sendto } for pid=13209 comm="smbcontrol" path="/var/lib/samba/private/msg.sock/13151" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=system_u:system_r:winbind_rpcd_t:s0 tclass=unix_dgram_socket permissive=0
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
@zpytela, it looks like smbcontrol_t lacks rights for winbind_rpcd_t, so SELinux policy needs to be extended.
BZ https://bugzilla.redhat.com/show_bug.cgi?id=2106006 opened for the issue reported by rcritten
no issues on my Workstation
Didn't break anything for me on my Workstation
Working fine on a desktop
Thanks everybody for the feedback, I am working on another build to replace this one.
This update has been obsoleted by selinux-policy-36.12-1.fc36.
Please login to add feedback.
Confirm request to re-trigger tests.
This update has been submitted for testing by zpytela.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
Works for me. I'm not 100% sure it fixes BZ#2093285, because that AVC presented itself only occasionally.
This update has been pushed to testing.
Works.
This update can be pushed to stable now if the maintainer wishes
This does not fully fix BZ#2092808. Invoking smbcontrol works, but testparm is still returning an empty string.
works fine no issues
works
works for me
no issues
@rakuco the denials mentioned in the bz should be addressed. Please open a new bz and add some details and avc denials you see.
I've added more information to bz#2092808 (the bug report already mentions the issue with testparm).
This is causing IPA CI to fail. I'm not completely sure why. The behavior we see is that the current principal is cifs/<fqdn> when we expect it to be something else.
The AVC we see is:
type=AVC msg=audit(1657297049.999:3709): avc: denied { sendto } for pid=13209 comm="smbcontrol" path="/var/lib/samba/private/msg.sock/13151" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=system_u:system_r:winbind_rpcd_t:s0 tclass=unix_dgram_socket permissive=0
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
@zpytela, it looks like smbcontrol_t lacks rights for winbind_rpcd_t, so SELinux policy needs to be extended.
BZ https://bugzilla.redhat.com/show_bug.cgi?id=2106006 opened for the issue reported by rcritten
no issues on my Workstation
Didn't break anything for me on my Workstation
Working fine on a desktop
Thanks everybody for the feedback, I am working on another build to replace this one.
This update has been obsoleted by selinux-policy-36.12-1.fc36.