#314 8/17 - tracking open BZs against Fedora Rawhide Atomic Host
Closed: Fixed 6 years ago Opened 6 years ago by miabbott.

There were a few BZs that I opened or commented on, which affect Fedora Rawhide Atomic Host (mostly related to 'selinux-policy'):

  • BZ1451379 SELinux is preventing unix_chkpwd from using the 'dac_read_search' capabilities.
  • BZ1451380 SELinux is preventing systemd-logind from using the 'dac_read_search' capabilities.
  • BZ1464770 SELinux is preventing sshd from using the 'dac_read_search' capabilities.
  • BZ1474752 docker fails to run containers while crashing in the background
  • BZ1474890 kernel oops - unable to handle kernel NULL pointer dereference at 0000000000000418
  • BZ1474940 SELinux is preventing systemd-tmpfile from using the 'dac_read_search' capabilities.
  • BZ1474941 SELinux is preventing sm-notify from using the 'dac_read_search' capabilities.
  • BZ1479960 grub2 symlink handling causing FAH ISO installer failures
  • BZ1481346 SELinux violations preventing systemd-journald from starting
  • BZ1485055 incorrect selinux context for /usr/bin/docker-storage-setup NOTABUG
  • BZ1485050 selinux avc denial for auditd on rawhide

Metadata Update from @dustymabe:
- Issue tagged with: host, rawhide

6 years ago

Reformatted description and added
- BZ1479960 grub2 symlink handling causing FAH ISO installer failures

All of the SELinux dac_read_search bugs apply to Fedora 26 (and possibly Fedora 25) when the kernel is 4.12 or higher. It's not unique to Rawhide Atomic Host. The problem does not occur with a 4.11 kernel.
BZ# 1460882

All of the SELinux dac_read_search bugs apply to Fedora 26 (and possibly Fedora 25) when the kernel is 4.12 or higher. It's not unique to Rawhide Atomic Host. The problem does not occur with a 4.11 kernel.
BZ# 1460882

Thanks for the heads up.

Added:
- BZ1481346 SELinux violations preventing systemd-journald from starting

Struck BZ1474890 from list

Struck BZ1451379, BZ1451380, BZ1464770, BZ1474752, BZ1474940, BZ1474941 from the list

Strike: BZ1479960 - it is now fixed.

Please add the following BZ to the list for auditd selinux policy denial BZ1485050

Add this too BZ1485055

Struck out BZ1481346. Added BZ1485055 and BZ1485055 to the list.

Struck BZ1485055 - NOTABUG

struck BZ1485050 - selinux avc denial for auditd on rawhide

closing this issue as all bugs are closed. we will open a new tracker for future rawhide issues.

Metadata Update from @dustymabe:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Login to comment on this ticket.

Metadata