On 11/17/2009 08:06 AM, Gene Czarcinski wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6
> November and on 6 November you reported that the problem was fixed in selinux-
> policy-3.6.32-42.fc12.noarch
>
> WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????
>
> Today is 17 November. This update (or a later/more-recent version) has not
> appeared in either updates or updates-testing for F12.
>
> This impacts the abrt package's ability to report meaningful bugs!
>
> Gene
>
-46 should be in updates-testing.
When F12 is about to ship packages do not flow as quickly.
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-17-2009, 04:31 PM
Gene Czarcinski
BZ 533427
On Tuesday 17 November 2009 09:00:47 Daniel J Walsh wrote:
> On 11/17/2009 08:06 AM, Gene Czarcinski wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6
> > November and on 6 November you reported that the problem was fixed in
> > selinux- policy-3.6.32-42.fc12.noarch
> >
> > WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????
> >
> > Today is 17 November. This update (or a later/more-recent version) has
> > not appeared in either updates or updates-testing for F12.
> >
> > This impacts the abrt package's ability to report meaningful bugs!
> >
> > Gene
>
> -46 should be in updates-testing.
>
> When F12 is about to ship packages do not flow as quickly.
>
Quickly?? Ten days to get a package pushed??
I just checked updates-testing and there is nothing. Since the mirror might
not have picked up an update yet, I also checked download.fedora.redhat.com
and there are no selinux-* packages in update or update-testing.
Currently, there are 38 CC users on BZ 533427 which indicates to me that a
number of us "leading edgers" have gotten this problem.
Yes, I could go around the standard way of updating to get the fix but why
should I need to do that?
I am a big fan of SELinux and do not want to disable it or even to put it into
permissive mode. However, SELinux is getting in the way of abrt functioning.
Usually, I find that SELinux fixes are distributed in a very timely manner.
Something is broken here.
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Wow. If you really really want it right this instant and aren't willing
to wait for the volunteers that provide this operating system to you to
work through everything they have to do to get Fedora 12 out the door in
addition to the work of getting updates and such out for Fedora 11 and
10, why don't you:
Check the source out of CVS and build it yourself?
Download the build from koji?
http://koji.fedoraproject.org/koji/packageinfo?packageID=32 and pick a
build for the OS version you want. Probably
http://koji.fedoraproject.org/koji/buildinfo?buildID=140508
It's all made available to you, all the source, the buildsystem,
everything. If you simply can't wait for the updates process to catch
up, you have plenty of other means to get the software.
- J<
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-17-2009, 07:14 PM
Gene Czarcinski
BZ 533427
On Tuesday 17 November 2009 12:43:58 Jason L Tibbitts III wrote:
> It's all made available to you, all the source, the buildsystem,
> everything.**If you simply can't wait for the updates process to catch
> up, you have plenty of other means to get the software.
>
Unfortunately, you have missed the entire point of my email!
Yes, I can go get an update from koji, or get the source and do it myself, or simply apply the "fix" suggested by audit2allow, or set permissive mode, or disable selinux. Any of these would get around the problem. But, this would not be the "official" selinux-policy package update.
The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the abrt package's ability to function properly. The abrt package is a really good new feature in Fedora 12 and should help resolve problems more quickly since it provides a lot more information than many users include in the handcrafted reports (myself included).
The problem was reported on 6 November 2009 at 13:33 EDT and Dan Walsh responded on 6 November 2008 at 14:38 EDT (a bit over an hour) that the problem was fixed in selinux-policy-3.6.32-42.fc12.noarch and the BZ report was closed as fixed in rawhide (perhaps closing this problem so quickly was an error).
Today is 17 November 2009 and Fedora 12 is GA but there is no "day zero" fix for the problem ... not even in updates-testing (last I checked around 1400 EST). I claim that something in the process of getting fixes out (at least selinux-policy fixes) is broken. This is what I am trying to get fixed so users do not set permissive mode or simply disable selinux.
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-17-2009, 07:32 PM
Tristan Santore
BZ 533427
On 17/11/09 20:14, Gene Czarcinski wrote:
On Tuesday 17 November 2009
12:43:58 Jason L Tibbitts III wrote:
> It's all made
available to you, all the source, the buildsystem,
> everything.**If you
simply can't wait for the updates process to catch
> up, you have plenty of
other means to get the software.
>
Unfortunately, you have
missed the entire point of my email!
Yes, I can go get an update
from koji, or get the source and do it myself, or simply apply the
"fix" suggested by audit2allow, or set permissive mode, or disable
selinux. Any of these would get around the problem. But, this would not
be the "official" selinux-policy package update.
The problem in
https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the abrt
package's ability to function properly. The abrt package is a really
good new feature in Fedora 12 and should help resolve problems more
quickly since it provides a lot more information than many users
include in the handcrafted reports (myself included).
The problem was reported on
6 November 2009 at 13:33 EDT and Dan Walsh responded on 6 November 2008
at 14:38 EDT (a bit over an hour) that the problem was fixed in selinux-policy-3.6.32-42.fc12.noarch
and the BZ report was closed as fixed in rawhide (perhaps closing this
problem so quickly was an error).
Today is 17 November 2009
and Fedora 12 is GA but there is no "day zero" fix for the problem ...
not even in updates-testing (last I checked around 1400 EST). I claim
that something in the process of getting fixes out (at least
selinux-policy fixes) is broken. This is what I am trying to get fixed
so users do not set permissive mode or simply disable selinux.
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
We were change frozen, as F12 was about to get released. Further,
F12 was beta until today, so you have no reason to complain, as it is
not supported, and last not least, the mirrors are currently syncing
loads of stuff, which will add a delay.
Can this list now get back to selinux as a topic ? Fedora infra and
releng issues are really off-topic here.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore@internexusconnect.net
Thawte Notary
For Fedora related issues, please email me at:
TSantore@fedoraproject.org
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-17-2009, 07:37 PM
Bruno Wolff III
BZ 533427
On Tue, Nov 17, 2009 at 20:32:19 +0000,
Tristan Santore <tristan.santore@internexusconnect.net> wrote:
> We were change frozen, as F12 was about to get released. Further,
> F12 was beta until today, so you have no reason to complain, as it
> is not supported, and last not least, the mirrors are currently
> syncing loads of stuff, which will add a delay.
Stuff has been pushable through bodhi for about a week.
> Can this list now get back to selinux as a topic ? Fedora infra and
> releng issues are really off-topic here.
I think he may have been hoping that Dan would intervene or at least comment
why the policy was not suitable to be pushed.
Gene, you might try raising this issue with the QA guys. I think they are
more likely to feel as you do and try to get the problem fixed.
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-17-2009, 09:57 PM
Daniel J Walsh
BZ 533427
On 11/17/2009 03:14 PM, Gene Czarcinski wrote:
> On Tuesday 17 November 2009 12:43:58 Jason L Tibbitts III wrote:
>>>>>>> "GC" == Gene Czarcinski <gene@czarc.net> writes:
>>
>> GC> Quickly?? Ten days to get a package pushed??
>>
>> Wow. If you really really want it right this instant and aren't willing
>> to wait for the volunteers that provide this operating system to you to
>> work through everything they have to do to get Fedora 12 out the door in
>> addition to the work of getting updates and such out for Fedora 11 and
>> 10, why don't you:
>>
>> Check the source out of CVS and build it yourself?
>>
>> Download the build from koji?
>> http://koji.fedoraproject.org/koji/packageinfo?packageID=32 and pick a
>> build for the OS version you want. Probably
>> http://koji.fedoraproject.org/koji/buildinfo?buildID=140508
>>
>> It's all made available to you, all the source, the buildsystem,
>> everything. If you simply can't wait for the updates process to catch
>> up, you have plenty of other means to get the software.
>>
>
> Unfortunately, you have missed the entire point of my email!
>
> Yes, I can go get an update from koji, or get the source and do it myself, or
> simply apply the "fix" suggested by audit2allow, or set permissive mode, or
> disable selinux. Any of these would get around the problem. But, this would
> not be the "official" selinux-policy package update.
>
> The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the
> abrt package's ability to function properly. The abrt package is a really
> good new feature in Fedora 12 and should help resolve problems more quickly
> since it provides a lot more information than many users include in the
> handcrafted reports (myself included).
No it should not. abrt_t is a permissive domain.
If you look at the AVC you will see success=yes. Which indicates that the AVC did not block anything.
So if abrt is not working properly for some reason, it is not SELinux causing the problem.
>
> The problem was reported on 6 November 2009 at 13:33 EDT and Dan Walsh
> responded on 6 November 2008 at 14:38 EDT (a bit over an hour) that the
> problem was fixed in selinux-policy-3.6.32-42.fc12.noarch and the BZ report was
> closed as fixed in rawhide (perhaps closing this problem so quickly was an
> error).
>
No the problem was we were frozen while F12 was moving to the Mirrors. I held off on posting an updated selinux-policy package til the last second, so I can fix as many bugs in F12 policy as possible soon after F12 ships (Today). I waited to request the package until I got Mondays AVC's in. Monday is the busiest day of the week for AVC/Bugzillas. Since I do not review them over the weekend.
I posted to updates-testing at 2009-11-16 19:36:03 And it now says it is moving to the mirrors.
> Today is 17 November 2009 and Fedora 12 is GA but there is no "day zero" fix
> for the problem ... not even in updates-testing (last I checked around 1400
> EST). I claim that something in the process of getting fixes out (at least
> selinux-policy fixes) is broken. This is what I am trying to get fixed so
> users do not set permissive mode or simply disable selinux.
>
> Gene
>
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-18-2009, 09:44 PM
Gene Czarcinski
BZ 533427
On Tuesday 17 November 2009 15:37:28 Bruno Wolff III wrote:
> On Tue, Nov 17, 2009 at 20:32:19 +0000,
>
> Tristan Santore <tristan.santore@internexusconnect.net> wrote:
> > We were change frozen, as F12 was about to get released. Further,
> > F12 was beta until today, so you have no reason to complain, as it
> > is not supported, and last not least, the mirrors are currently
> > syncing loads of stuff, which will add a delay.
>
> Stuff has been pushable through bodhi for about a week.
>
> > Can this list now get back to selinux as a topic ? Fedora infra and
> > releng issues are really off-topic here.
>
> I think he may have been hoping that Dan would intervene or at least
> comment why the policy was not suitable to be pushed.
Yes!
>
> Gene, you might try raising this issue with the QA guys. I think they are
> more likely to feel as you do and try to get the problem fixed.
I thought of posting this to the test list also but I normally avoid posting
the same problem to multiple lists. I will do that now.
As far as F12 only being GA recently, a an individual who has been installing
the development spins (alpha, beta, and all of the RCx), I have been running
F12 since RC3 or RC4 timeframe and anyone else could also ... especially with
F12 updates and F12 updates-testing being available in parallel.
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-18-2009, 10:03 PM
Bruno Wolff III
BZ 533427
On Wed, Nov 18, 2009 at 17:44:45 -0500,
Gene Czarcinski <gene@czarc.net> wrote:
>
> I thought of posting this to the test list also but I normally avoid posting
> the same problem to multiple lists. I will do that now.
>
> As far as F12 only being GA recently, a an individual who has been installing
> the development spins (alpha, beta, and all of the RCx), I have been running
> F12 since RC3 or RC4 timeframe and anyone else could also ... especially with
> F12 updates and F12 updates-testing being available in parallel.
It looks like the update is out now. I got 3.6.32-46 today in updates or
updates-testing, so it looks like its available to more normal people now.
(Though the mirrors may need some time to get it because of the higher than
normal load.)
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
11-19-2009, 09:11 PM
Daniel J Walsh
BZ 533427
On 11/18/2009 06:03 PM, Bruno Wolff III wrote:
> On Wed, Nov 18, 2009 at 17:44:45 -0500,
> Gene Czarcinski <gene@czarc.net> wrote:
>>
>> I thought of posting this to the test list also but I normally avoid posting
>> the same problem to multiple lists. I will do that now.
>>
>> As far as F12 only being GA recently, a an individual who has been installing
>> the development spins (alpha, beta, and all of the RCx), I have been running
>> F12 since RC3 or RC4 timeframe and anyone else could also ... especially with
>> F12 updates and F12 updates-testing being available in parallel.
>
> It looks like the update is out now. I got 3.6.32-46 today in updates or
> updates-testing, so it looks like its available to more normal people now.
> (Though the mirrors may need some time to get it because of the higher than
> normal load.)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
I have released it out of updated-testing and tomorrow will put the next update into updates-testing.
Probably will do this every Friday for the next few weeks, until the bugzillas calm down. Of course if people give the thumbs up
the release will get pushed sooner.
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
BZ 533427
