On Tue, 2017-08-15 at 16:58 +0200, Lukas Vrabec wrote: > On 08/15/2017 01:37 AM, Adam Williamson wrote: > > Hi folks! > > > > Just wanted to give a heads-up on this: it seems that a recent selinux- > > policy update, 3.13.1-269 , introduced a new permission called 'map'. > > This seems to have resulted in rather a large amount of new SELinux > > denials for this permission in various cases. Some are fairly serious - > > e.g. there's a denial for the systemd journal - and in some cases seem > > to prevent systems from booting correctly at all. > > > > I've created a tracker bug for now: > > https://bugzilla.redhat.com/show_bug.cgi?id=1481454 > > > > and intend to mark all the 'map' bugs I find as blocking that tracker. > > Petr, Lukas, it'd be great if we could get as many of these cleaned up > > as fast as possible; it's been hard to get a decent evaluation of > > Rawhide's current state for quite a while, now, due to various > > problems, and now *this* problem is making things difficult too. > > > > Of course, for day-to-day Rawhide users, booting with 'enforcing=0' can > > work around these issues for now (or you could, I suppose, create a > > local policy that just blanket allowed the 'map' permission in all > > cases, so all other SELinux restrictions would remain in place). > > > > Thanks! > > > > Hi Adam, > > I fixed all BZs from tracker bug. selinux-policy build is in koji: > https://koji.fedoraproject.org/koji/taskinfo?taskID=21243824 Thanks a lot, we'll see how the next compose goes. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
