Various small issues (detection of container environments, support for -D_FORTIFY_SOURCE=3, newer libcurl, newer objcopy, latest kernel headers, and other small fixes).
No need to log out or reboot.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-e4adb7987c
Please login to add feedback.
This update has been submitted for testing by zbyszek.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
On the next 2 boots after an update including systemd-251.11-1.fc37.x86_64, processes like sd-worker and systemd-userwork were denied using the sys_resource capability when systemd-userdbd.service was started. I also saw SELinux denial notifications at various times while using Plasma. The same sorts of sys_resource denials were shown in the journal at those times. I reported these denials in more detail at https://bugzilla.redhat.com/show_bug.cgi?id=2166509
I searched for systemd-userdbd in the systemd-stable repository and found a commit units: allow systemd-userdbd to change process name which makes the following change adding the CAP_SYS_RESOURCE capability to the systemd-userdbd.service file https://github.com/systemd/systemd-stable/commit/9357d2342981a8b4fcfa2d170b7749c27d364fdd
That change might be where these denials are coming from.
Works.
As mattf notes, this is causing new selinux alerts on Plasma.
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
Let's wait for the selinux-policy update.
Seems to be working okay on a desktop.
Ah yes, I was hit with the SELinux alerts for sd-worker + sys_resource after a while under i3/xorg.
Same issues as described above on GNOME ... downgraded to the stable version and everything works as expected again.
Same issue as mentioned by others
This update has been obsoleted.
A new selinux-policy build should soon be available in testing: FEDORA-2023-7bf3639a5d
This update has been submitted for testing by zbyszek.
FEDORA-2023-7bf3639a5d is in stable now. This update should be functional now.
This update has been pushed to testing.
This update has been obsoleted.
Despite the system being working fine after boot, I noticed this error at dmesg:
@geraldosimiao it's a known issue: https://bugzilla.redhat.com/show_bug.cgi?id=2141998
No issues with systemd-251.11-1.fc37 packages noticed after having applied selinux-policy-37.19-1.fc37 !
FYI @geraldosimiao : The bug report @agurenko mentioned has been closed as a duplicate of this bug -> https://bugzilla.redhat.com/show_bug.cgi?id=2083900
zbyszek edited this update.
New build(s):
Removed build(s):
Karma has been reset.
Something went wrong and the update is 'obsoleted'. But I don't quite know why. I made a build with a tiny adjustment and will submit it as a new update, because I can't edit this one. Please also add karma there.
This update has been submitted for testing by zbyszek.
Oh, nvm. I just need to resubmit it.
This update has been pushed to testing.
my Workstation seems to work fine
Works great! LGTM! =)
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by zbyszek.
This update has been pushed to stable.
Working for me and I'm not seeing new selinux alerts.