Re: Trouble with install ordering and SELinux config

/commit/5f366657da0c7c67f2448be03620581437c2dfbb >> >> Fixing it also in Rawhide and F31. > > Thanks a lot! Can it also happen for epel7 and 8? > > Pretty please :) > Please open bugzilla ticket. THanks, Lukas. > Dridi > -- Lukas Vrabec SELinux Evangelist, Senior So

Re: Trouble with install ordering and SELinux config

g/wiki/Mailing_list_guidelines >>>> List >>>> Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org >>> >>> >>> >>> ___ >>> devel mailing list -- devel@lists.f

[SELinux] xdp_socket in Rawhide

ASAP. Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le

Re: CVE-2018-14665 : Xorg X Server Vulnerabilities

a.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: Open

Re: CVE-2018-14665 : Xorg X Server Vulnerabilities

.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Condu

Re: [heads up] SELinux support for boltd service

Thanks, Lukas. On 08/07/2018 11:19 AM, Lukas Vrabec wrote: > Hi, > > I saw several bugs where boltd daemon runs as unconfined_service_t. I > have prepared new SELinux module for it. > > I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will > be in permissive mod

[heads up] SELinux support for boltd service

even if the whole system will be in Enforcing state. If you'll find some AVCs related to boltd, please use this bugzilla[1] to report them. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974. Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc

Re: Heads up: selinux-policy-3.14.1-25.fc28 breaks GDM

ist Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/M2FHUCS3YBQQQCBQKS7BXTXIAZHR2B54/ > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: OpenPGP digital signature ___

Re: SELinux Policy Modules Packaging Draft

s[2]. [2] https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy [3] https://pagure.io/packaging-committee/issue/726 Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. signature.asc Description: OpenPGP digital signature __

Re: wrong selinux label on user-1000.journal, AVC denials

r? Michal, what you think about this? How is the user-100.journal file created? It's end up as unlabeled_t so some actions during early state of booting system? Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.

Re: GCL and SELinux: help requested

On 11/23/2017 10:17 AM, Javier Martinez Canillas wrote: Hello, On Fri, Oct 20, 2017 at 2:12 PM, Lukas Vrabec <lvra...@redhat.com> wrote: [snip] Hello community, We, as Red Hat SELinux team, apologise for recent delays with our answers to your requests and questions related to SELin

Re: GCL and SELinux: help requested

On 10/21/2017 08:48 PM, Kevin Fenzi wrote: On 10/20/2017 05:12 AM, Lukas Vrabec wrote: Hello community, Hey Lukas. Thanks for chiming in here. We, as Red Hat SELinux team, apologise for recent delays with our answers to your requests and questions related to SELinux. We have been quite

Re: GCL and SELinux: help requested

d what was needed and we are ready to react more flexibly in the future. Note: If you are interested in writing custom SELinux policy for your package, you can follow the https://fedoraproject.org/wiki/SELinux/IndependentPolicy documentation on wiki. Regards, Lukas -- Lukas Vrabec Software En

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:30 PM, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5 days. Together with Dan Walsh, we agreed

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:30 PM, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5 days. Together with Dan Walsh, we agreed

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 04:39 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: On 09/29/2017 03:57 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving

Re: [HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

On 09/29/2017 03:57 PM, Alexander Bokovoy wrote: On pe, 29 syys 2017, Lukas Vrabec wrote: I'm planning change the default value of httpd_graceful_shutdown boolean in Fedora Rawhide because of improving SELinux configuration. Rawhide builds with this change will be available in ~5 days

[HEADS UP] Default value of SELinux boolean httpd_graceful_shutdown will changed.

questions, feel free to contact me. Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

[HEADS UP] Removing unnecessary dac_override capability in SELinux modules

://copr.fedorainfracloud.org/coprs/lvrabec/selinux-policy-nightly/ Thanks, Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le

Re: Many 'map' SELinux denials in current Rawhide

On 08/15/2017 05:25 PM, Adam Williamson wrote: On Tue, 2017-08-15 at 16:58 +0200, Lukas Vrabec wrote: On 08/15/2017 01:37 AM, Adam Williamson wrote: Hi folks! Just wanted to give a heads-up on this: it seems that a recent selinux- policy update, 3.13.1-269 , introduced a new permission called

Re: Re: Many 'map' SELinux denials in current Rawhide

On 08/15/2017 04:58 PM, Lukas Vrabec wrote: On 08/15/2017 01:37 AM, Adam Williamson wrote: Hi folks! Just wanted to give a heads-up on this: it seems that a recent selinux- policy update, 3.13.1-269 , introduced a new permission called 'map'. This seems to have resulted in rather a large

Re: Many 'map' SELinux denials in current Rawhide

BZs from tracker bug. selinux-policy build is in koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=21243824 Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org

Re: SELinux policy contibutions

. Lukas. -- Lukas Vrabec SELinux Solutions Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Adding SELinux Policy to a (Private) Package

@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org -- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org