New F40 selinux-policy build. It is expected to fix most problems with libvirt, but still not some of them which require additional troubleshooting.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2024-759c80369d
Please login to add feedback.
This update has been submitted for testing by zpytela.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
I no longer see AVCs when working with the virt-manager
No AVCs with basic usage. Tested with:
$ date ; { sleep 60 & } ; sleep 3 ; kill -ABRT %1 ; date
NB: BZ#2277658 occurs with Workstation, but not with Xfce.
@stephent98: please share the denial, permissions is allowed regardless which spin is used; i cannot reproduce it anyway
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
Works.
This update has been submitted for stable by bodhi.
Seems to work fine on my F40 KDE x86_64 with sysadm_u confined user. Up to date as of now, plus the selinux-policy-40.18-2.fc40 package.
I still have denials with
virt-manager
andcockpit
when using KVM/QEMU VMs (virtiofsd_backe , wireplumber , gst-plugin-scan , virtuifsd , rpm-virtqemud , cockpit-bridge), but these can be related to the SELinux confinement settings on my system with sysadm_u on my working user and user_u at__default__
.I have not tested without confinement so I leave the BZ# neutral. However, everything works fine, as before the impact of the F40 issues, despite the persisting "confinement" denials (I have not compared if the denials are the very same as before the F40 occurrences, but there have been denials before F40 when SELinux confinement was imposed - so that's not new). I hope I have soon time to file a report against github about the denials in confined environments.
This update has been pushed to stable.