stable

systemd-251.11-2.fc37

FEDORA-2023-e4adb7987c created by zbyszek a year ago for Fedora 37

Various small issues (detection of container environments, support for -D_FORTIFY_SOURCE=3, newer libcurl, newer objcopy, latest kernel headers, and other small fixes).

No need to log out or reboot.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-e4adb7987c

This update has been submitted for testing by zbyszek.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago

On the next 2 boots after an update including systemd-251.11-1.fc37.x86_64, processes like sd-worker and systemd-userwork were denied using the sys_resource capability when systemd-userdbd.service was started. I also saw SELinux denial notifications at various times while using Plasma. The same sorts of sys_resource denials were shown in the journal at those times. I reported these denials in more detail at https://bugzilla.redhat.com/show_bug.cgi?id=2166509

I searched for systemd-userdbd in the systemd-stable repository and found a commit units: allow systemd-userdbd to change process name which makes the following change adding the CAP_SYS_RESOURCE capability to the systemd-userdbd.service file https://github.com/systemd/systemd-stable/commit/9357d2342981a8b4fcfa2d170b7749c27d364fdd

  • CapabilityBoundingSet=CAP_DAC_READ_SEARCH
  • CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE

That change might be where these denials are coming from.

User Icon bojan commented & provided feedback a year ago
karma

Works.

User Icon tseewald commented & provided feedback a year ago
karma

As mattf notes, this is causing new selinux alerts on Plasma.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

Let's wait for the selinux-policy update.

User Icon mhayden commented & provided feedback a year ago
karma

Seems to be working okay on a desktop.

User Icon mhayden commented & provided feedback a year ago
karma

Ah yes, I was hit with the SELinux alerts for sd-worker + sys_resource after a while under i3/xorg.

type=AVC msg=audit(1675342350.360:343): avc:  denied  { sys_resource } for  pid=6328 comm="systemd-userwor" capability=24  scontext=system_u:system_r:systemd_userdbd_t:s0 tcontext=system_u:system_r:systemd_userdbd_t:s0 tclass=capability permissive=0
User Icon clnetbox commented & provided feedback a year ago
karma

Same issues as described above on GNOME ... downgraded to the stable version and everything works as expected again.

User Icon agurenko commented & provided feedback a year ago
karma

Same issue as mentioned by others

This update has been obsoleted.

a year ago

A new selinux-policy build should soon be available in testing: FEDORA-2023-7bf3639a5d

This update has been submitted for testing by zbyszek.

a year ago

FEDORA-2023-7bf3639a5d is in stable now. This update should be functional now.

This update has been pushed to testing.

a year ago

This update has been obsoleted.

a year ago
User Icon geraldosimiao commented & provided feedback a year ago
karma

Despite the system being working fine after boot, I noticed this error at dmesg:

[  6.386415] systemd-gpt-auto-generator[598]: Failed to dissect: Permission denied
[  6.400832] systemd[583]: /usr/lib/systemd/system-generators/systemd-gpt-auto-generator failed with exit status 1.

No issues with systemd-251.11-1.fc37 packages noticed after having applied selinux-policy-37.19-1.fc37 !
FYI @geraldosimiao : The bug report @agurenko mentioned has been closed as a duplicate of this bug -> https://bugzilla.redhat.com/show_bug.cgi?id=2083900

zbyszek edited this update.

New build(s):

  • systemd-251.11-2.fc37

Removed build(s):

  • systemd-251.11-1.fc37

Karma has been reset.

a year ago

Something went wrong and the update is 'obsoleted'. But I don't quite know why. I made a build with a tiny adjustment and will submit it as a new update, because I can't edit this one. Please also add karma there.

This update has been submitted for testing by zbyszek.

a year ago

Oh, nvm. I just need to resubmit it.

This update has been pushed to testing.

a year ago
User Icon kparal commented & provided feedback a year ago
karma

my Workstation seems to work fine

User Icon besser82 commented & provided feedback a year ago
karma

Works great! LGTM! =)

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by zbyszek.

a year ago

This update has been pushed to stable.

a year ago
User Icon nixuser commented & provided feedback a year ago
karma

Working for me and I'm not seeing new selinux alerts.


Please login to add feedback.

Metadata
Type
bugfix
Severity
low
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago

Automated Test Results