Automatic update for selinux-policy-41.10-1.fc41.
* Mon Jul 22 2024 Zdenek Pytela <zpytela@redhat.com> - 41.10-1
- Update afterburn file transition policy
- Allow systemd_generator read attributes of all filesystems
- Allow fstab-generator read and write cryptsetup-generator unit file
- Allow cryptsetup-generator read and write fstab-generator unit file
- Allow systemd_generator map files in /etc
- Allow systemd_generator read init's process state
- Allow coreos-installer-generator read sssd public files
- Allow coreos-installer-generator work with partitions
- Label /etc/mdadm.conf.d with mdadm_conf_t
- Confine coreos generators
- Label /run/metadata with afterburn_runtime_t
- Allow afterburn list ssh home directory
- Label samba certificates with samba_cert_t
- Label /run/coreos-installer-reboot with coreos_installer_var_run_t
- Allow virtqemud read virt-dbus process state
- Allow staff user dbus chat with virt-dbus
- Allow staff use watch /run/systemd
- Allow systemd_generator to write kmsg
Please log in to add feedback.
This update was automatically created
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'failed'.
Is there any way to retract this update quickly? This breaks so much, it's rather unbearable..
By the timing and symptoms, I'm also quite sure this is what breaks the stratis tests (like https://github.com/stratis-storage/stratisd/pull/3642 and a handful of others):
@martinpitt which firewalld version do you have? I have firewalld-2.1.2-3.fc41.noarch and the service starts properly
That's hard to say unfortunately, the TF log doesn't print them anywhere: https://artifacts.dev.testing-farm.io/eceffdf6-95df-4eec-a623-a1aaca405ac7/ (presumably because it's not installed, but is part of the base image).
But I suspect it may actually be the unpushed 2.2.0-1.fc41 from FEDORA-2024-3766dd8914 , that mentioned the same problem.
However, even if that is a firewalld problem, the "automated tests" here has 24 failures, including your own (functional): https://artifacts.dev.testing-farm.io/93dcde52-a95e-460f-881f-9f2fcfad0507/
firewalld 2.2.0 was untagged from Rawhide today because it was broken, perhaps the issue is related to that
I'm in the process of restarting update.* tests, there was another problem in shadow-utils
This update's test gating status has been changed to 'waiting'.
@kparal, if it was because of adding NoNewPrivileges, that's easy to detect and fix https://github.com/fedora-selinux/selinux-policy/pull/2254
Certainly I reviewed our tests results before merging the distgit PR, all are known issues and no new problem was found
This update's test gating status has been changed to 'passed'.
This update has been obsoleted by selinux-policy-41.11-1.fc41.