stable

fprintd-0.8.0-1.fc27

FEDORA-2017-65297dc913 created by hadess 7 years ago for Fedora 27

This update locks the fprintd daemon down, thus reducing the reach of potential security issues. It also makes it possible to avoid waking up fingerprint readers when no fingerprints are enrolled.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-65297dc913

This update has been submitted for testing by hadess.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon pwalter commented & provided feedback 7 years ago
karma

Works

User Icon cserpentis commented & provided feedback 7 years ago
karma

works for me in a VM

After installing this update, "su -" in gnome-terminal suffers from a 15 seconds delay. Downgrading to 0.7.0-4.fc27 fixes it.

Would be enough for a -1, but maybe I'm missing something.

User Icon mschwendt commented & provided feedback 7 years ago
karma

Not only "su -" is affected, also "su USERNAME".

There's also SELinux errors. Since the downgrade works, I assume something is broken in this test update.

Sep 19 00:39:10 noname audit[4498]: AVC avc: denied { mounton } for pid=4498 comm="(fprintd)" path="/var/lib/fprint" dev="sda5" ino=793064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprin Sep 19 00:39:10 noname audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:fprintd_t:s0 Sep 19 00:39:10 noname audit[4498]: AVC avc: denied { map } for pid=4498 comm="fprintd" path="/usr/libexec/fprintd" dev="sda5" ino=1704831 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprin Sep 19 00:39:10 noname audit[4498]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:init_t:s0 pid=4498 comm="fprintd" exe="/usr/libexec/fprintd" sig=11 res=1

SELinux is preventing (fprintd) from mounton access on the directory /var/lib/fprint.

* Plugin catchall (100. confidence) suggests ******

If you believe that (fprintd) should be allowed mounton access on the fprint directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:

ausearch -c '(fprintd)' --raw | audit2allow -M my-fprintd

semodule -X 300 -i my-fprintd.pp

Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fprintd_var_lib_t:s0 Target Objects /var/lib/fprint [ dir ] Source (fprintd) Source Path (fprintd) Port <Unknown> Host localhost.localdomain Source RPM Packages
Target RPM Packages fprintd-0.8.0-1.fc27.x86_64 Policy RPM selinux-policy-3.13.1-283.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name noname Platform Linux noname 4.13.0-0.rc7.git0.1.fc27.x86_64 #1 SMP Mon Aug 28 02:33:21 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-09-18 01:29:51 CEST Last Seen 2017-09-18 01:29:51 CEST Local ID 4aeb873a-c1c8-49bf-9c12-7dbc75c68ec5

Raw Audit Messages type=AVC msg=audit(1505690991.218:591): avc: denied { mounton } for pid=22890 comm="(fprintd)" path="/var/lib/fprint" dev="sda5" ino=793064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fprintd_var_lib_t:s0 tclass=dir permissive=0

Hash: (fprintd),init_t,fprintd_var_lib_t,dir,mounton

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 years ago
User Icon besser82 commented & provided feedback 6 years ago
karma

Works great! LGTM! =)

This update strictly needs the newer selinux-policy package that has now been pushed, too: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1b4dab97d

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago
User Icon mschwendt commented & provided feedback 6 years ago
karma

Withdrawing my earlier -1 vote since the needed selinux-policy package has been made available and has been pushed to stable meanwhile.

User Icon nb commented & provided feedback 6 years ago
karma

works

This update has been submitted for batched by hadess.

6 years ago

This update has been submitted for stable by hadess.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
6 years ago

Automated Test Results