Hide Forgot
Description of problem: In Fedora 21 we added new sub-package bind-pkcs11 which contains new bind binary called named-pkcs11. This binary has wrong context and therefore runs as an unconfined process. The context of named-pkcs11 should be the same as for named and named-sdb. [0 root@localhost ~]# ls -lZ /usr/sbin/named{-pkcs11,-sdb,} -rwxr-xr-x. root root system_u:object_r:named_exec_t:s0 /usr/sbin/named -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/sbin/named-pkcs11 -rwxr-xr-x. root root system_u:object_r:named_exec_t:s0 /usr/sbin/named-sdb As a result, the daemon runs as unconfined process.
selinux-policy-3.13.1-158.20.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb
selinux-policy-3.13.1-158.21.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7bed6e7c72
selinux-policy-3.13.1-158.21.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.