Bug 1865748
Summary: | SELinux prevents systemd-nspawn from launching a machine | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 33 | CC: | dwalsh, grepl.miroslav, lvrabec, mikhail.v.gavrilov, mmalik, plautrba, vmojzis, zpytela |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.14.6-25.fc33 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-02 15:42:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1812955 | ||
Bug Blocks: |
Description
Orion Poplawski
2020-08-04 04:03:52 UTC
hmm, the last connectto denials may be from other tasks. This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle. Changing version to 33. The first set is already handled in bz#1862686, so addressing the second one. https://github.com/fedora-selinux/selinux-policy/pull/407 *** Bug 1862681 has been marked as a duplicate of this bug. *** *** Bug 1862682 has been marked as a duplicate of this bug. *** *** Bug 1862684 has been marked as a duplicate of this bug. *** *** Bug 1862685 has been marked as a duplicate of this bug. *** *** Bug 1862690 has been marked as a duplicate of this bug. *** The bugzillas were created for these domains: sshd_t policykit_t policykit_auth_t systemd_logind_t xdm_t NetworkManager_t auditd_t commit 6fe205674f9cd1face5e2cf1aeb90d265ef89ba8 (HEAD -> rawhide, upstream/rawhide, origin/rawhide, origin/HEAD) Author: Zdenek Pytela <zpytela> Date: Wed Aug 12 12:09:21 2020 +0200 Allow nsswitch_domain to connect to systemd-machined using a unix socket Create the systemd_machined_stream_connect() interface. Resolves: rhbz#1865748 *** Bug 1871022 has been marked as a duplicate of this bug. *** FEDORA-2020-8f3381648b has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-8f3381648b FEDORA-2020-8f3381648b has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-8f3381648b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-8f3381648b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-8f3381648b has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. |