Automatic update for container-selinux-2.233.0-1.fc41.
* Wed Sep 11 2024 Packit <hello@packit.dev> - 2:2.233.0-1
- Update to 2.233.0 upstream release
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2024-52c1264778
Please login to add feedback.
This update has been submitted for testing by packit.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
Works
This update can be pushed to stable now if the maintainer wishes
I can not start bash in containers now, example:
$ podman run --rm -ti registry.access.redhat.com/ubi9/ubi bash <no output, selinux cuts the process> $ sudo tail -n100 /var/log/audit/audit.log | audit2allow
============= container_t ==============
allow container_t container_file_t:chr_file { read write };
avc
type=AVC msg=audit(1726210659.521:22786): avc: denied { read write } for pid=1122774 comm="bash" path="/dev/pts/0" dev="devpts" ino=3 scontext=system_u:system_r:container_t:s0:c539,c854 tcontext=system_u:object_r:container_file_t:s0:c539,c854 tclass=chr_file permissive=0
avc with bin/echo
type=AVC msg=audit(1726210760.204:22810): avc: denied { read write } for pid=1123360 comm="echo" path="/dev/pts/0" dev="devpts" ino=3 scontext=system_u:system_r:container_t:s0:c142,c697 tcontext=system_u:object_r:container_file_t:s0:c142,c697 tclass=chr_file permissive=0
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
Downgrade to 2.232.1 is not helpful.
sudo dnf reinstall '*selinux*'
not helpful eitherReported as: https://bugzilla.redhat.com/show_bug.cgi?id=2313040
Problems were caused by snapd-selinux. Sorry for the noise. +1
This update has been submitted for stable by lsm5.
This update has been pushed to stable.