I haven't seen other issues mentioned here before or after the update.
But #1594585 is back, it looks like a regression.
(SELinux is preventing (upowerd) from 'mounton' accesses on the directory /var/lib/upower)
Altough I have a module my-upowerd dated June 20th of the following content:
module my-upowerd 1.0;
require {
type usb_device_t;
type devicekit_var_lib_t;
type init_t;
type devicekit_power_t;
class dir mounton;
class process2 nnp_transition;
class chr_file read;
}
#============= init_t ==============
#!!!! This avc is allowed in the current policy
allow init_t devicekit_power_t:process2 nnp_transition;
#!!!! This avc is allowed in the current policy
allow init_t devicekit_var_lib_t:dir mounton;
allow init_t usb_device_t:chr_file read;
@dhgutteridge: Yes, I have upower-0.99.8-1 installed. I'm up to date with updates-testing. Yet I'm getting the issue referenced in #1594585 on every reboot.
@proski: If you revert upower to the version before what you'd pulled from updates-testing (in other words, what's in the updates repository: 0.99.7-3), that should fix your problem. There are unresolved interaction issues between the newest version of upower and selinux-policy. E.g. another issue filed is #1598649, where someone's noted a related upstream bug report for upower from a month ago which seems to have had no traction to date. (My workaround was to revert upower on F27 and F28, and block upower-0.99.8-1 with the dnf versionlock plugin, so I wouldn't keep getting it included in every updates-testing pull for F27.)
(Of course, if you revert upower on F28, you probably won't be able to move back to 0.99.8-1 if you want to re-test later, since it's been obsoleted by negative karma in Bodhi, and subsequently deleted from Koji.)
@dhgutteridge: The issue is gone with the downgrade of upower. Thank you! I'm going to give positive karma to this update, I hope that will cancel the negative karma I left before.
I'm still getting the denials of send_msg between boltd, polkit, and gdm on dbus and of acquire_svc between boltd and dbus shortly after gdm and boltd start. I described those denials in more detail on the page for 3.14.1-39. My system is functioning normally otherwise.
This update has been submitted for testing by lvrabec.
This update has obsoleted selinux-policy-3.14.1-39.fc28, and has inherited its bugs and notes.
Getting a lot of pmdalinux denials after installing 3.14.1-40 version.
If you believe that pmdalinux should be allowed unix_read access on the Unknown shm by default.If you believe that pmdalinux should be allowed getattr associate access on the Unknown shm by default.hmm, that didn't format the way I thought it would...
1614333 appears to be fixed.
I haven't seen other issues mentioned here before or after the update. But #1594585 is back, it looks like a regression. (SELinux is preventing (upowerd) from 'mounton' accesses on the directory /var/lib/upower)
No regressions and preventing mounting /var/lib/upower noticed
Altough I have a module
my-upowerddated June 20th of the following content:@proski: do you have upower-0.99.8-1 installed from updates-testing?
@dhgutteridge: Yes, I have upower-0.99.8-1 installed. I'm up to date with updates-testing. Yet I'm getting the issue referenced in #1594585 on every reboot.
@proski: If you revert upower to the version before what you'd pulled from updates-testing (in other words, what's in the updates repository: 0.99.7-3), that should fix your problem. There are unresolved interaction issues between the newest version of upower and selinux-policy. E.g. another issue filed is #1598649, where someone's noted a related upstream bug report for upower from a month ago which seems to have had no traction to date. (My workaround was to revert upower on F27 and F28, and block upower-0.99.8-1 with the dnf versionlock plugin, so I wouldn't keep getting it included in every updates-testing pull for F27.)
(Of course, if you revert upower on F28, you probably won't be able to move back to 0.99.8-1 if you want to re-test later, since it's been obsoleted by negative karma in Bodhi, and subsequently deleted from Koji.)
@dhgutteridge: The issue is gone with the downgrade of upower. Thank you! I'm going to give positive karma to this update, I hope that will cancel the negative karma I left before.
This update has been pushed to testing.
Works here.
no regression noted
Working fine.
This update has been submitted for batched by bodhi.
I'm still getting the denials of send_msg between boltd, polkit, and gdm on dbus and of acquire_svc between boltd and dbus shortly after gdm and boltd start. I described those denials in more detail on the page for 3.14.1-39. My system is functioning normally otherwise.
karma: +1
No regressions noted.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.