On 08/15/2017 01:37 AM, Adam Williamson wrote:
Hi folks! Just wanted to give a heads-up on this: it seems that a recent selinux- policy update, 3.13.1-269 , introduced a new permission called 'map'. This seems to have resulted in rather a large amount of new SELinux denials for this permission in various cases. Some are fairly serious - e.g. there's a denial for the systemd journal - and in some cases seem to prevent systems from booting correctly at all. I've created a tracker bug for now: https://bugzilla.redhat.com/show_bug.cgi?id=1481454 and intend to mark all the 'map' bugs I find as blocking that tracker. Petr, Lukas, it'd be great if we could get as many of these cleaned up as fast as possible; it's been hard to get a decent evaluation of Rawhide's current state for quite a while, now, due to various problems, and now *this* problem is making things difficult too. Of course, for day-to-day Rawhide users, booting with 'enforcing=0' can work around these issues for now (or you could, I suppose, create a local policy that just blanket allowed the 'map' permission in all cases, so all other SELinux restrictions would remain in place). Thanks!
Hi Adam, I fixed all BZs from tracker bug. selinux-policy build is in koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=21243824 Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
