stable

freeipa-4.13.1-6.fc45, krb5-1.22.2-2.fc45, & 1 more

FEDORA-2026-351dfea7c7 created by abbra 2 months ago for Fedora 45

Rebase to krb5 1.22.2

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago
User Icon abbra commented 2 months ago

FYI, We've changed SELinux policy in FreeIPA to allow standalone use of SSSD helpers on non-enrolled systems. However, https://openqa.fedoraproject.org/tests/4300757#step/role_deploy_domain_controller/19 shows that SSSD subpackage cannot be installed with new SELinux context.

I am not sure what specifically should I do here, perhaps we have to update main Fedora SELinux policy in the same bodhi update as well?

User Icon abbra commented 2 months ago

I have rules for setfiles_t to relabel the files but it seems dnf runs unconfined and that rule does not exist:

time->Tue Feb 17 03:07:08 2026
type=AVC msg=audit(1771315628.219:384): avc:  denied  { relabelto } for  pid=1412 comm="dnf" name="oidc_child;6994219a" dev="dm-0" ino=5432835 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_mfa_exec_t:s0 tclass=file permissive=0
----
time->Tue Feb 17 03:07:09 2026
type=AVC msg=audit(1771315629.947:434): avc:  denied  { relabelto } for  pid=1412 comm="dnf" name="passkey_child;6994219a" dev="dm-0" ino=5442824 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_mfa_exec_t:s0 tclass=file permissive=0
User Icon jrische provided feedback 2 months ago
karma

abbra edited this update.

New build(s):

  • freeipa-4.13.1-4.fc45

Removed build(s):

  • freeipa-4.13.1-3.fc45

Karma has been reset.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago

abbra edited this update.

New build(s):

  • freeipa-4.13.1-5.fc45

Removed build(s):

  • freeipa-4.13.1-4.fc45

Karma has been reset.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago
User Icon abbra commented 2 months ago

Ok, looks like pk-backend needs the same set of operations permitted as with the unconfined_t domain. I'll work on that tonight.

abbra edited this update.

New build(s):

  • freeipa-4.13.1-6.fc45

Removed build(s):

  • freeipa-4.13.1-5.fc45

Karma has been reset.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'failed'.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago

This update has been submitted for stable by bodhi

a month ago

Please log in to add feedback.

Metadata
Type
bugfix
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
0 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
modified
2 months ago
approved
a month ago
Builds
3
freeipa-4.13.1-6.fc45
krb5-1.22.2-2.fc45
samba-4.24.0-0.4.rc2.fc45
freeipa-4.13.1-6.fc45
krb5-1.22.2-2.fc45
samba-4.24.0-0.4.rc2.fc45

Automated Test Results

Test Cases
0 0 Test Case desktop network smb

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-21-hmlh5.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy