It seems that mock otherwise works. Not sure if the denials are important or not.
$ mock -r fedora-rawhide-x86_64 --enablerepo=local init
...
(AVC denial notification when installing packages)
$ sealert -l '*'
...
SELinux is preventing dnf from entrypoint access on the file /usr/bin/bash.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/usr/bin/bash default label should be shell_exec_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /usr/bin/bash
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that dnf should be allowed entrypoint access on the bash file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dnf' --raw | audit2allow -M my-dnf
# semodule -X 300 -i my-dnf.pp
Additional Information:
Source Context unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1
023
Target Context unconfined_u:object_r:mock_var_lib_t:s0
Target Objects /usr/bin/bash [ file ]
Source dnf
Source Path dnf
Port <Unknown>
Host carbon
Source RPM Packages
Target RPM Packages bash-5.0.7-1.fc30.x86_64
Policy RPM selinux-policy-3.14.3-41.fc30.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name carbon
Platform Linux carbon 5.1.19-300.fc30.x86_64 #1 SMP Mon Jul
22 16:32:45 UTC 2019 x86_64 x86_64
Alert Count 4
First Seen 2019-08-10 15:51:55 CEST
Last Seen 2019-08-10 15:52:09 CEST
Local ID 7e4896a3-a0f7-41a8-b8a5-ac7622bf68c5
Raw Audit Messages
type=AVC msg=audit(1565445129.101:549): avc: denied { entrypoint } for pid=30796 comm="dnf" path="/usr/bin/bash" dev="dm-1" ino=1728912 scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=file permissive=0
Hash: dnf,rpm_script_t,mock_var_lib_t,file,entrypoint
SELinux is preventing groupadd from read access on the lnk_file run.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that groupadd should be allowed read access on the run lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'groupadd' --raw | audit2allow -M my-groupadd
# semodule -X 300 -i my-groupadd.pp
Additional Information:
Source Context unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c102
3
Target Context unconfined_u:object_r:mock_var_lib_t:s0
Target Objects run [ lnk_file ]
Source groupadd
Source Path groupadd
Port <Unknown>
Host carbon
Source RPM Packages
Target RPM Packages filesystem-3.10-1.fc30.x86_64
Policy RPM selinux-policy-3.14.3-41.fc30.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name carbon
Platform Linux carbon 5.1.19-300.fc30.x86_64 #1 SMP Mon Jul
22 16:32:45 UTC 2019 x86_64 x86_64
Alert Count 12
First Seen 2019-08-10 15:46:58 CEST
Last Seen 2019-08-10 15:57:42 CEST
Local ID c73a2255-ca38-4478-90f1-89e6386c8b9d
Raw Audit Messages
type=AVC msg=audit(1565445462.986:646): avc: denied { read } for pid=2278 comm="groupadd" name="run" dev="dm-1" ino=1710665 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=lnk_file permissive=0
Hash: groupadd,groupadd_t,mock_var_lib_t,lnk_file,read
I can uninstall tracker and keep GNOME Boxes. Thanks.
I've removed the link to #1665490.
This is needed to make https://bodhi.fedoraproject.org/updates/FEDORA-2019-64c013e73f installable. qgis starts, I am unfortunately not able to test anything further.
no regressions noted.
oh, python3-rpy-2.9.5-3.fc29 is part of this update, but the buildroot override is only for R itself. carry on.
nothing provides R-core = 3.5.3 needed by python3-rpy-2.9.5-2.fc29.x86_64
$ wifi-radar
File "/usr/sbin/wifi-radar", line 179
except OSError, exception:
^
SyntaxError: invalid syntax
Seems to work fine so far.
Seems the desktop still desktops.
So far so good.
So far so good.
Getting some crash reports by ABRT that it doesn't allow to report. Nothing that I would notice without ABRT.
So far so good.
So far so good.
You cannot drop python2-more-itertools from stable releases. Also I consider update from 4.1.0 to 7.0.0 a bit dangerous as well.
You cannot drop python2-more-itertools from stable releases. Also I consider update from 4.1.0 to 7.0.0 a bit dangerous as well.
What does this do (you can N it, when it asks Is this ok [y/N]
)?
$ sudo dnf --releasever=30 --setopt=module_platform_id=platform:f30 --enablerepo=updates-testing distro-sync
OK, so
mock -r fedora-rawhide-x86_64 init && mock -r fedora-rawhide-x86_64 remove '*rpm-macros'
fails with:With selinux enabled and this mock version. Works fine with previous mock version (from stable).