Bug 1043258
| Summary: | No SELinux alerts, but SELinux interrupt starting MariaDB 10.0.6 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, mikhail.v.gavrilov, paul.lipps | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | selinux-policy-3.12.1-116.fc20 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2014-01-16 07:10:12 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Mikhail
2013-12-15 13:16:05 UTC
Is auditd running? Maybe you will need to run # semodule -DB to see dontaudit rules. If I was a betting man I would say there is some kind of labeling issue in /run. restorecon -R -v /run Or are you creating the pid file in a different location then the default? Created attachment 915823 [details]
Comment
(This comment was longer than 65,535 characters and has been moved to an attachment by Red Hat Bugzilla).
There is nothing in there about being able to create a pid file. Are you sure this is an SELinux issue? Does it work in permissive mode? Also the error message seems weird. Starting MySQL.The server quit without updating PID file (/[FAILED]mysql/Z87M-D3H.pid). Not sure why the [FAILED] messages is in the name of the pid? ALso why is there no /var/run or /run? Is mysql/mariadb trying to create its pid file in the wrong place? Yes, begins works after # setenforce 0 But still no SELinux alerts about this :( Where does the pid file reside? What is the pid files label? > Where does the pid file reside? /var/lib/mysql/Z87M-D3H.pid > What is the pid files label? [root@Z87M-D3H mysql]# ls -laZ /var/lib/mysql drwxr-xr-x. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 . drwxr-xr-x. root root system_u:object_r:var_lib_t:s0 .. -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 aria_log.00000001 -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 aria_log_control drwx------. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 bankdev -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ibdata1 -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ib_logfile0 -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ib_logfile1 -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 multi-master.info drwx--x--x. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 mysql srwxrwxrwx. mysql mysql unconfined_u:object_r:mysqld_var_run_t:s0 mysql.sock drwx------. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 performance_schema drwxr-xr-x. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 test -rw-r-----. mysql root unconfined_u:object_r:mysqld_db_t:s0 Z87M-D3H.err -rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 Z87M-D3H.pid Try setenforce 1 setsebool daemons_use_tty 1 systemctl restart mysql [root@Z87M-D3H ~]# setenforce 1 [root@Z87M-D3H ~]# setsebool daemons_use_tty 1 [root@Z87M-D3H ~]# systemctl restart mysql Job for mysql.service failed. See 'systemctl status mysql.service' and 'journalctl -xn' for details. [root@Z87M-D3H ~]# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2013-12-17 00:49:16 YEKT; 8s ago Process: 12621 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 13350 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Dec 17 00:49:15 Z87M-D3H systemd[1]: Starting LSB: start and stop MySQL... Dec 17 00:49:16 Z87M-D3H mysql[13350]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/Z87M-D3H.pid).[FAILED] Dec 17 00:49:16 Z87M-D3H systemd[1]: mysql.service: control process exited, code=exited status=1 Dec 17 00:49:16 Z87M-D3H systemd[1]: Failed to start LSB: start and stop MySQL. Dec 17 00:49:16 Z87M-D3H systemd[1]: Unit mysql.service entered failed state. [root@Z87M-D3H ~]# setenforce 0 [root@Z87M-D3H ~]# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2013-12-17 00:49:16 YEKT; 34s ago Process: 12621 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 13350 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Dec 17 00:49:15 Z87M-D3H systemd[1]: Starting LSB: start and stop MySQL... Dec 17 00:49:16 Z87M-D3H mysql[13350]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/Z87M-D3H.pid).[FAILED] Dec 17 00:49:16 Z87M-D3H systemd[1]: mysql.service: control process exited, code=exited status=1 Dec 17 00:49:16 Z87M-D3H systemd[1]: Failed to start LSB: start and stop MySQL. Dec 17 00:49:16 Z87M-D3H systemd[1]: Unit mysql.service entered failed state. [root@Z87M-D3H ~]# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2013-12-17 00:49:16 YEKT; 37s ago Process: 12621 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 13350 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Dec 17 00:49:15 Z87M-D3H systemd[1]: Starting LSB: start and stop MySQL... Dec 17 00:49:16 Z87M-D3H mysql[13350]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/Z87M-D3H.pid).[FAILED] Dec 17 00:49:16 Z87M-D3H systemd[1]: mysql.service: control process exited, code=exited status=1 Dec 17 00:49:16 Z87M-D3H systemd[1]: Failed to start LSB: start and stop MySQL. Dec 17 00:49:16 Z87M-D3H systemd[1]: Unit mysql.service entered failed state. [root@Z87M-D3H ~]# service mysql restart MySQL server PID file could not be found! [FAILED] Starting MySQL. [ OK ] [root@Z87M-D3H ~]# service mysql restart Shutting down MySQL.. [ OK ] Starting MySQL. [ OK ] [root@Z87M-D3H ~]# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2013-12-17 00:49:16 YEKT; 1min 7s ago Process: 12621 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 13350 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Dec 17 00:49:15 Z87M-D3H systemd[1]: Starting LSB: start and stop MySQL... Dec 17 00:49:16 Z87M-D3H mysql[13350]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/Z87M-D3H.pid).[FAILED] Dec 17 00:49:16 Z87M-D3H systemd[1]: mysql.service: control process exited, code=exited status=1 Dec 17 00:49:16 Z87M-D3H systemd[1]: Failed to start LSB: start and stop MySQL. Dec 17 00:49:16 Z87M-D3H systemd[1]: Unit mysql.service entered failed state. [root@Z87M-D3H ~]# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Tue 2013-12-17 00:49:16 YEKT; 1min 11s ago Process: 12621 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS) Process: 13350 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Dec 17 00:49:15 Z87M-D3H systemd[1]: Starting LSB: start and stop MySQL... Dec 17 00:49:16 Z87M-D3H mysql[13350]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/Z87M-D3H.pid).[FAILED] Dec 17 00:49:16 Z87M-D3H systemd[1]: mysql.service: control process exited, code=exited status=1 Dec 17 00:49:16 Z87M-D3H systemd[1]: Failed to start LSB: start and stop MySQL. Dec 17 00:49:16 Z87M-D3H systemd[1]: Unit mysql.service entered failed state. [root@Z87M-D3H ~]# Ok this is strange could you try the semodule -DB again. # semodule -DB # systemctl mysqld restart # ausearch -m avc,user_avc -ts recent > /tmp/audit.log # semodule -B Then attach a compresses audit.log. Created attachment 837384 [details]
audit.log
*** Bug 1043257 has been marked as a duplicate of this bug. *** Ok I see mysqld_safe trying to write into /? which is labeled root_t? # ls -Z / lrwxrwxrwx. root root system_u:object_r:bin_t:s0 bin -> usr/bin dr-xr-xr-x. root root system_u:object_r:boot_t:s0 boot drwxr-xr-x. root root system_u:object_r:device_t:s0 dev drwxr-xr-x. root root system_u:object_r:etc_t:s0 etc drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib -> usr/lib lrwxrwxrwx. root root system_u:object_r:lib_t:s0 lib64 -> usr/lib64 drwx------. root root system_u:object_r:lost_found_t:s0 lost+found drwxr-xr-x. root root system_u:object_r:mnt_t:s0 media drwxr-xr-x. root root system_u:object_r:mnt_t:s0 mnt drwxr-xr-x. root root system_u:object_r:usr_t:s0 opt dr-xr-xr-x. root root system_u:object_r:proc_t:s0 proc drwxr-xr-x. root root system_u:object_r:admin_home_t:s0 root drwxr-xr-x. root root system_u:object_r:var_run_t:s0 run lrwxrwxrwx. root root system_u:object_r:bin_t:s0 sbin -> usr/sbin drwxr-xr-x. root root system_u:object_r:var_t:s0 srv dr-xr-xr-x. root root system_u:object_r:sysfs_t:s0 sys drwxrwxrwt. root root system_u:object_r:tmp_t:s0 tmp drwxr-xr-x. root root system_u:object_r:usr_t:s0 usr drwxr-xr-x. root root system_u:object_r:var_t:s0 var Why no SELinux alert? # ls -dZ / drwxr-xr-x. root root system_u:object_r:root_t:s0 / Right the question is why is it trying to write there? If you add that rule. grep mysql_safe YOURLOGS.log | audit2allow -M mypol semodule -i mypol.pp Does everything work in enforcing mode? # semodule -DB
# systemctl mysqld restart
# ausearch -m avc,user_avc -ts recent > /tmp/audit.log
# semodule -B
# grep mysqld_safe /tmp/audit.log | audit2allow -M mypol
compilation failed:
sh: /usr/bin/checkmodule: No such file or directory
# cat /tmp/audit.log | grep mysqld_safe
type=SYSCALL msg=audit(1388700812.349:633): arch=c000003e syscall=59 success=yes exit=0 a0=e6efb0 a1=e6f0d0 a2=e757e0 a3=7fff4de597e0 items=0 ppid=17484 pid=17490 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm="mysqld_safe" exe="/usr/bin/bash" subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
type=AVC msg=audit(1388700812.349:633): avc: denied { read write } for pid=17490 comm="mysqld_safe" path="/dev/pts/5" dev="devpts" ino=8 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1388700812.372:635): arch=c000003e syscall=269 success=no exit=-13 a0=ffffffffffffff9c a1=1712220 a2=2 a3=8 items=0 ppid=17484 pid=17490 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm="mysqld_safe" exe="/usr/bin/bash" subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
type=AVC msg=audit(1388700812.372:635): avc: denied { write } for pid=17490 comm="mysqld_safe" name="/" dev="sda1" ino=2 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=AVC msg=audit(1388700812.387:636): avc: denied { noatsecure } for pid=17581 comm="mysqld" scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:system_r:mysqld_t:s0 tclass=process
type=AVC msg=audit(1388700812.387:636): avc: denied { siginh } for pid=17581 comm="mysqld" scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:system_r:mysqld_t:s0 tclass=process
type=AVC msg=audit(1388700812.387:636): avc: denied { rlimitinh } for pid=17581 comm="mysqld" scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:system_r:mysqld_t:s0 tclass=process
yum install checkpolicy and then audit2allow will work. (In reply to Daniel Walsh from comment #16) > Right the question is why is it trying to write there? > > If you add that rule. > > grep mysql_safe YOURLOGS.log | audit2allow -M mypol > semodule -i mypol.pp > > Does everything work in enforcing mode? yes Did you find any new files/directories in /? nothing unusual [mikhail@Z87M-D3H ~]$ ls -Zla / total 284 drwxr-xr-x. 18 system_u:object_r:root_t:s0 root root 4096 янв 3 23:22 . drwxr-xr-x. 18 system_u:object_r:root_t:s0 root root 4096 янв 3 23:22 .. lrwxrwxrwx. 1 system_u:object_r:bin_t:s0 root root 7 дек 5 15:57 bin -> usr/bin dr-xr-xr-x. 5 system_u:object_r:boot_t:s0 root root 4096 дек 25 22:22 boot drwxr-xr-x. 20 system_u:object_r:device_t:s0 root root 3400 янв 3 23:22 dev drwxr-xr-x. 136 system_u:object_r:etc_t:s0 root root 12288 янв 3 23:22 etc drwxr-xr-x. 6 system_u:object_r:home_root_t:s0 root root 4096 авг 7 15:10 home lrwxrwxrwx. 1 system_u:object_r:lib_t:s0 root root 7 дек 5 15:57 lib -> usr/lib lrwxrwxrwx. 1 system_u:object_r:lib_t:s0 root root 9 дек 5 15:57 lib64 -> usr/lib64 drwx------. 2 system_u:object_r:lost_found_t:s0 root root 16384 дек 5 15:53 lost+found drwxr-xr-x. 2 system_u:object_r:mnt_t:s0 root root 4096 авг 7 15:10 media drwxr-xr-x. 2 system_u:object_r:mnt_t:s0 root root 4096 авг 7 15:10 mnt drwxr-xr-x. 3 system_u:object_r:usr_t:s0 root root 4096 дек 11 01:08 opt dr-xr-xr-x. 347 system_u:object_r:proc_t:s0 root root 0 янв 3 23:21 proc -rw-r--r--. 1 system_u:object_r:etc_runtime_t:s0 root root 215799 янв 3 23:22 .readahead drwxr-xr-x. 7 system_u:object_r:admin_home_t:s0 root root 4096 янв 4 00:11 root drwxr-xr-x. 36 system_u:object_r:var_run_t:s0 root root 1020 янв 3 23:53 run lrwxrwxrwx. 1 system_u:object_r:bin_t:s0 root root 8 дек 5 15:57 sbin -> usr/sbin drwxr-xr-x. 2 system_u:object_r:var_t:s0 root root 4096 авг 7 15:10 srv dr-xr-xr-x. 13 system_u:object_r:sysfs_t:s0 root root 0 янв 3 23:21 sys drwxrwxrwt. 25 system_u:object_r:tmp_t:s0 root root 580 янв 4 00:12 tmp drwxr-xr-x. 12 system_u:object_r:usr_t:s0 root root 4096 дек 5 15:57 usr drwxr-xr-x. 21 system_u:object_r:var_t:s0 root root 4096 янв 3 23:21 var I wonder if it did not need to write to / but did need noatsecure or one of the other access. If you try to add
# cat mypol.te
policy_module(mypol, 1.0)
require {
type mysqld_safe_t;
type mysqld_t;
}
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
and run
# make -f /usr/share/selinux/devel/Makefile mypol.pp
# semodule -i mypol.pp
I run # service mariadb start system_u:system_r:mysqld_safe_t:s0 1601 ? 00:00:00 mysqld_safe system_u:system_r:mysqld_t:s0 1782 ? 00:00:00 mysqld (In reply to Miroslav Grepl from comment #23) > If you try to add > > # cat mypol.te > policy_module(mypol, 1.0) > > require { > type mysqld_safe_t; > type mysqld_t; > } > > allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh }; > > > and run > > # make -f /usr/share/selinux/devel/Makefile mypol.pp > # semodule -i mypol.pp For this experiment I need revert changes was made in Comment 19? If yes how I can do it? As long as you called the original mypol, this one will replace it. In my case content of mypol.te are different.
I needed edit it that it was like your file?
# cat mypol.te
module mypol 1.0;
require {
type user_devpts_t;
type mysqld_safe_t;
type root_t;
type mysqld_t;
class process { siginh rlimitinh noatsecure };
class dir write;
class chr_file { read write };
}
#============= mysqld_safe_t ==============
#!!!! This avc has a dontaudit rule in the current policy
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
allow mysqld_safe_t root_t:dir write;
#!!!! This avc can be allowed using the boolean 'daemons_use_tty'
allow mysqld_safe_t user_devpts_t:chr_file { read write };
Right, we want to isolate which one of these you actually need. [root@Z87M-D3H ~]# cat mypol.te
module mypol 1.0;
require {
type mysqld_safe_t;
type mysqld_t;
}
allow mysqld_safe_t cedit mypol.te
[root@Z87M-D3H ~]# cat mypol.te
module mypol 1.0;
require {
type mysqld_safe_t;
type mysqld_t;
}
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
[root@Z87M-D3H ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp
mypol.te":9:ERROR 'unknown class process' at token ';' on line 987:
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/mypol.mod] Error 1
Try:
policy_module(mypol, 1.0)
require {
type mysqld_safe_t;
type mysqld_t;
}
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
[root@Z87M-D3H ~]# cat mypol.te
policy_module(mypol, 1.0)
require {
type mysqld_safe_t;
type mysqld_t;
}
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
[root@Z87M-D3H ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 17) to tmp/mypol.mod
Creating targeted mypol.pp policy package
rm tmp/mypol.mod.fc tmp/mypol.mod
[root@Z87M-D3H ~]# semodule -i mypol.pp
[root@Z87M-D3H ~]# service mysql restart
Shutting down MySQL.. [ OK ]
Starting MySQL.The server quit without updating PID file (/[FAILED]mysql/Z87M-D3H.pid).
[root@Z87M-D3H ~]# cat mypol.te
policy_module(mypol, 1.0)
require {
type mysqld_safe_t;
type root_t;
type mysqld_t;
}
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
allow mysqld_safe_t root_t:dir write;
[root@Z87M-D3H ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 17) to tmp/mypol.mod
Creating targeted mypol.pp policy package
rm tmp/mypol.mod.fc tmp/mypol.mod
[root@Z87M-D3H ~]# semodule -i mypol.pp
[root@Z87M-D3H ~]# service mysql restart
MySQL server PID file could not be found! [FAILED]
Starting MySQL. [ OK ]
[root@Z87M-D3H ~]#
What about alerting with SELinux Troubleshooter? It will be works someday? Ok one more pass, comment out the
allow mysqld_safe_t mysqld_t:process { siginh noatsecure rlimitinh };
Line and just allow it to write to root_t.
[root@Z87M-D3H ~]# cat mypol.te
policy_module(mypol, 1.0)
require {
type mysqld_safe_t;
type root_t;
}
allow mysqld_safe_t root_t:dir write;
[root@Z87M-D3H ~]# make -f /usr/share/selinux/devel/Makefile mypol.pp
Compiling targeted mypol module
/usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 17) to tmp/mypol.mod
Creating targeted mypol.pp policy package
rm tmp/mypol.mod.fc tmp/mypol.mod
[root@Z87M-D3H ~]# semodule -i mypol.pp
[root@Z87M-D3H ~]# service mysql restart
Shutting down MySQL.. [ OK ]
Starting MySQL. [ OK ]
I guess we have to add this. Not sure what it is doing to require it, since it does not seem to actually write anything in /. But I have no problem adding the access. *** Bug 1023749 has been marked as a duplicate of this bug. *** selinux-policy-3.12.1-116.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-116.fc20 Package selinux-policy-3.12.1-116.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-116.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-116.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |