stable

container-selinux-2.42-1.fc27

FEDORA-2018-324df658f1 created by dwalsh 6 years ago for Fedora 27

Allow unconfined domains to transition to container domains even in no-new-privs environment.


Fixes for typebounds


Fixes bounds check problems on systems with unconfined domain disabled.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-324df658f1

This update has been submitted for testing by dwalsh.

6 years ago

This update has obsoleted container-selinux-2.41-1.fc27, and has inherited its bugs and notes.

6 years ago
User Icon runcom provided feedback 6 years ago
karma
BZ#1531858 On fully upgraded F27, can't install container-selinux
BZ#1532594 container-selinux-v2.41.0 is available
BZ#1514795 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
User Icon mpatel provided feedback 6 years ago
karma
BZ#1531858 On fully upgraded F27, can't install container-selinux
BZ#1532594 container-selinux-v2.41.0 is available
BZ#1514795 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
karma
User Icon santiago commented & provided feedback 6 years ago
karma

Docker labeling seems broken:

# docker run --rm --security-opt label:disable fedora cat /proc/self/attr/current
system_u:system_r:container_runtime_t:s0
[expected: spc_t]

# docker run --rm --privileged --userns=host fedora  cat /proc/self/attr/current
[same thing]

Sorry for the bad news.

User Icon santiago commented & provided feedback 6 years ago
karma

Never mind my last comment. I can't reproduce this failure on a fresh f27 virt.

User Icon jwhonce commented & provided feedback 6 years ago
karma

LGTM

This update has been pushed to testing.

6 years ago

This update has been submitted for batched by bodhi.

6 years ago

This update has been submitted for stable by dwalsh.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1514795 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
0
2
BZ#1531858 On fully upgraded F27, can't install container-selinux
0
2
BZ#1532594 container-selinux-v2.41.0 is available
0
2

Automated Test Results