obsolete

selinux-policy-40.15-1.fc40

FEDORA-2024-883c7e0684 created by zpytela 7 months ago for Fedora 40

New F40 selinux-policy build


New F40 selinux-policy build

This update has been submitted for testing by zpytela.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update has obsoleted selinux-policy-40.14-2.fc40, and has inherited its bugs and notes.

7 months ago

This update has been pushed to testing.

7 months ago

This update's test gating status has been changed to 'passed'.

7 months ago
karma

This update can be pushed to stable now if the maintainer wishes

7 months ago
User Icon nixuser commented & provided feedback 7 months ago
karma

Working fine.

User Icon jrische commented & provided feedback 7 months ago
karma

krb5kdc and kadmind daemons are working with Berkeley DB backend with this update.

User Icon ciupicri commented & provided feedback 7 months ago
karma

no issues

User Icon geraldosimiao commented & provided feedback 7 months ago

oh dear, after e few days, now SELinux stops the creation of new VMs with TPM enabled:

 Additional Information:        
Source Context                system_u:system_r:virtqemud_t:s0       
Target Context                system_u:object_r:virt_var_lib_t:s0       
Target Objects                tpm2 [ dir ]        
Source                        rpc-virtqemud       
Source Path                   rpc-virtqemud
User Icon geraldosimiao commented & provided feedback 7 months ago
karma

Yeah, I opened the bug reports. when set selinux to permissive the new VMs with TPM can be created. Will change karma here to reflect this.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 months ago
User Icon zpytela commented & provided feedback 7 months ago

@geraldosimiao, you should give negative karma if this update brings a regression. Otherwise I don't see the point.

User Icon geraldosimiao commented & provided feedback 7 months ago

but it bring a regression, I can't start TPM VMs with this version. I downgraded to selinux-policy-40.13-1.fc40.noarch and selinux-policy-targeted-40.13-1.fc40.noarch and VMs can be created again with TPM enabled.

User Icon zpytela commented & provided feedback 7 months ago

We usually don't remove existing permissions, so I wonder why updating would make anything worse. Are you sure no other package was updated?

User Icon geraldosimiao commented & provided feedback 7 months ago

Well, I tested it downgrading the selinux-policy. The other package that could be involved on this (TPM emulator) is swtpm, and its the same since 01-28-2024 (swtpm-0.8.1-5.fc40 )

User Icon genodeftest commented & provided feedback 7 months ago
karma

No problems reported with selinux-policy-40.15-1.fc40.noarch on Fedora 40 GNOME desktop usage

karma
User Icon bojan commented & provided feedback 6 months ago
karma

Works.

This update has been obsoleted by selinux-policy-40.16-1.fc40.

6 months ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 months ago
in testing
7 months ago
approved
6 months ago
BZ#2256442 avc: denied { read write } for pid=12364 comm="plymouthd" name="kmsg" dev="devtmpfs" ino=10 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file permissive=1
0
0

Automated Test Results