On Tue, May 17, 2022 at 6:20 PM Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote:
On Tue, 2022-05-17 at 09:33 -0500, Richard Shaw wrote:
> I don't remember seeing any change proposals around SELinux for the Fedora
> 36 release but there seems to be several issues reported one way or
> another...
>
> https://ask.fedoraproject.org/t/high-number-of-selinux-issues-after-upgrading-to-fedora-36/22381/24
> https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/UYLMXFQPAQBZFAXA6GT6E7UOLHIW5V3X/
> https://bugzilla.redhat.com/show_bug.cgi?id=2083923
>
> These seem to all be after upgrading and not fresh install issues.
>
> Anyone know what's going on? I'm afraid this is harming end user
> experiences after largely positive reviews of Fedora I've seen on Youtube
> and Reddit.
The third one isn't one I knew about previously, but not an unusual
kind of situation with upgrades, honestly. When I ran my own servers
I'd run into something like this on just about every upgrade. The bug
is properly filed. It's assigned to fail2ban because fail2ban ships its
own selinux policy (fail2ban-selinux); that needs to be updated to
allow whatever it's being denied here, most likely. That will be up to
the fail2ban maintainer (Richard Shaw, it seems).
Yup, that's me. I was just listing all the ones I was aware of (including my own).
Yeah, I don't like the fact it ships its own policy because I'm certainly not qualified to maintain that part but that's how I inherited it as it does require access to a lot of sensitive logs for it to work.
I was planning on taking a look at Orion's suggestion today but it looks like he took care of it for me. Thanks!
Richard
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure