Bug 1095222

Summary: seunshare, etc should set no_new_privs
Product: [Fedora] Fedora Reporter: Miroslav Grepl <mgrepl>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: aminoiu, dwalsh, eparis, fweimer, klic, luto, lvrabec, mgrepl, peak, rhbt, security-response-team, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: policycoreutils-2.2.5-4.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 885288 Environment:
Last Closed: 2014-05-31 23:56:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 885288, 1035427    
Bug Blocks:    

Comment 1 Fedora Update System 2014-05-07 12:18:55 UTC 
policycoreutils-2.2.5-4.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/policycoreutils-2.2.5-4.fc20
Comment 2 Fedora Update System 2014-05-08 10:06:48 UTC 
Package policycoreutils-2.2.5-4.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.2.5-4.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-2.2.5-4.fc20
then log in and leave karma (feedback).
Comment 3 Herold Wittyflaps 2014-05-13 11:25:41 UTC 
The update introduces dyntransition. This gets denied by policy. SandboxX still not working.
Comment 4 Miroslav Grepl 2014-05-13 12:31:13 UTC 
(In reply to Herold Wittyflaps from comment #3)
> The update introduces dyntransition. This gets denied by policy. SandboxX
> still not working.

Did you update selinux-policy-sandbox package?
Comment 5 Miroslav Grepl 2014-05-13 12:37:10 UTC 
(In reply to Miroslav Grepl from comment #4)
> (In reply to Herold Wittyflaps from comment #3)
> > The update introduces dyntransition. This gets denied by policy. SandboxX
> > still not working.
> 
> Did you update selinux-policy-sandbox package?

I meant selinux-policy-targeted package.
Comment 6 Miroslav Grepl 2014-05-13 12:39:03 UTC 
Actually I see a bug.
Comment 7 Miroslav Grepl 2014-05-13 13:18:02 UTC 
There are builds with fixes

http://koji.fedoraproject.org/koji/taskinfo?taskID=6845854
Comment 8 Herold Wittyflaps 2014-05-13 13:48:47 UTC 
No, I did not update the policy because it was not in dependencies. Should I update targeted and sandbox or only targeted? Because they seem to share the version number.

You just posted the link while I was asking, when will the fixes reach stable?
Comment 9 Miroslav Grepl 2014-05-13 14:10:25 UTC 
You want to install selinux-policy and selinux-policy-targeted pkgs from the link above. 

We need to get policy pkgs into stable repo first and then I will push policycoreutils pkgs from testing repo.
Comment 10 Fedora Update System 2014-05-31 23:56:25 UTC 
policycoreutils-2.2.5-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.