Re: dropping NSS DBM format support in F33+

oject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Ondrej Mosn

Re: dropping NSS DBM format support in F33+

On Fri, Apr 24, 2020 at 8:50 PM Ondrej Mosnacek wrote: > On Wed, Apr 22, 2020 at 10:12 AM Daiki Ueno wrote: > > Hello, > > > > I am not sure if this deserves a Fedora Change proposal, so I'd like to > > hear any opinions first before proceeding with the process.

Re: dropping NSS DBM format support in F33+

On Fri, Apr 24, 2020 at 11:12 PM Ondrej Mosnacek wrote: > On Fri, Apr 24, 2020 at 8:50 PM Ondrej Mosnacek wrote: > > On Wed, Apr 22, 2020 at 10:12 AM Daiki Ueno wrote: > > > Hello, > > > > > > I am not sure if this deserves a Fedora Change proposal, so I

Re: dropping NSS DBM format support in F33+

On Mon, Apr 27, 2020 at 5:54 PM Paul Moore wrote: > On Sat, Apr 25, 2020 at 1:21 PM Justin Forbes wrote: > > On Sat, Apr 25, 2020 at 10:21 AM Daiki Ueno wrote: > > > > > > Hello Ondrej, > > > > > > Ondrej Mosnacek writes: > > > &g

Re: F37 proposal: SELinux Parallel Autorelabel (Self-Contained Change proposal)

ome > /run /run/user/1000 /sys /sys/fs/cgroup /sys/fs/pstore /sys/kernel/debug > /sys/kernel/debug/tracing /sys/kernel/tracing /tmp /var > / 100.0% > ... > real4m5.450s > user3m55.017s > sys 0m10.088s Also see the original commit message, which co

Re: F37 proposal: SELinux Parallel Autorelabel (Self-Contained Change proposal)

se this in virt tools & virt-v2v: > > https://github.com/libguestfs/libguestfs/blob/master/daemon/selinux-relabel.c > > We actually use setfiles instead of fixfiles. setfiles appears to > have no -T option unfortunately. Is there a reason why setfiles > doesn't have

Fedora Cloud rawhide images not updating?

image seems a bit long... Thanks, [1] https://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Cloud/x86_64/images/ -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc. ___ devel mailing list -- devel

Re: Fedora Cloud rawhide images not updating?

pungi-fedora/pull-request/923 > > That did fix it. Thanks! Indeed, the images are now being updated. Thanks to everyone involved for fixing this! -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc. __

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

/zipl to improve this would likely be a pretty heroic endeavor... I plan to at least add some convenience scripts to the selinux-policy package that would do the "add/remove selinux=0 to/from GRUB_CMDLINE_LINUX and run grub2-mkconfig" dance automatically so that there is still some convenient way

Re: F34 Change proposal: Wayland by Default for KDE Plasma Desktop (System-Wide Change)

is understandable), so I'm wondering if I did something wrong... I simply installed plasma-workspace-wayland, logged out, and then logged in selecting "Plasma (Wayland) (Wayland)" from the session dropdown. -- Ondrej Mosnacek Software Engineer, Platform Securi

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

> be hardened via read-only-after-initialization protections. > > > > Migrate users to using ''selinux=0'' if they want to disable SELinux. > > > > == Owner == > > * Name: [[User:plautrba| Petr Lautrbach]] > > * Email: plaut...@redhat.com > &g

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

t any selinux regression not triggering an AVC > > (which is fixed using selinux=0) would block this kind of proposal? > > Did "setenforce 0" also fix it? If the issue is in (or rather hidden by) the dontaudit rules, then "setenforce 0" should indeed make it work a

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

default + semodule -DB for debugging is IMHO the only reasonable compromise. Anyway, this is getting off-topic w,r,t. the proposal. Please start a new thread if you want to continue discussing dontaudit rules. -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc.

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

posal is only about fully disabling SELinux. Gentoo happens to have a nice article about the different SELinux modes/states: https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc. __

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

On Thu, Sep 10, 2020 at 4:05 PM Michal Schorm wrote: > On Thu, Sep 10, 2020 at 3:58 PM Ondrej Mosnacek wrote: > > On Thu, Sep 10, 2020 at 3:48 PM Michal Schorm wrote: > > > Does this mean, the "setenforce 0" won't work anymore? > > No, no, don't worr

Re: F34 Change proposal: Wayland by Default for KDE Plasma Desktop (System-Wide Change)

ew user :) If I find some time I'll try it on my other laptop and/or dig deeper... > > On Thu, Sep 10, 2020 at 6:24 AM Ondrej Mosnacek wrote: >> >> On Tue, Sep 8, 2020 at 5:30 PM Ben Cotton wrote: >> > https://fedoraproject.org/wiki/Changes/WaylandByDefaultForPlasma

Re: F34 Change proposal: Wayland by Default for KDE Plasma Desktop (System-Wide Change)

ind regards, > Lailah > > > > On Thu, 10 Sep 2020 at 12:24, Ondrej Mosnacek wrote: >> >> On Tue, Sep 8, 2020 at 5:30 PM Ben Cotton wrote: >> > https://fedoraproject.org/wiki/Changes/WaylandByDefaultForPlasma >> > >> > == Summary == >> > Ch

Re: F34 Change proposal: Remove support for SELinux runtime disable (System-Wide Change)

On Thu, Sep 10, 2020 at 6:05 PM Robbie Harwood wrote: > > Ondrej Mosnacek writes: > > > James Cassell wrote: > >> Ben Cotton wrote: > >> > >>> https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable > >>> >

Re: F34 Change proposal: Wayland by Default for KDE Plasma Desktop (System-Wide Change)

On Mon, Sep 21, 2020 at 12:22 PM Pavel Raiskup wrote: > On Thursday, September 10, 2020 6:00:09 PM CEST Ondrej Mosnacek wrote: > > On Thu, Sep 10, 2020 at 12:58 PM Neal Becker wrote: > > > Might be interesting to try logging in as a new user to see if some older > > &g

Unable to login as root with a recent Rawhide Fedora Cloud image

ional, what do I need to do to make root login work again? If it's a bug, any idea which component to report it against? Thanks, -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ___ devel mailing list -- devel@lis

Re: Unable to login as root with a recent Rawhide Fedora Cloud image

On Mon, Dec 20, 2021 at 7:36 PM Adam Williamson wrote: > On Mon, 2021-12-20 at 09:35 -0800, Adam Williamson wrote: > > On Mon, 2021-12-20 at 10:43 -0500, Stephen John Smoogen wrote: > > > On Mon, 20 Dec 2021 at 10:31, Ondrej Mosnacek wrote: > > > > > > >

Re: 11 minutes to update the breeze-icon-theme package

: https://bugzilla.redhat.com/show_bug.cgi?id=2048168 Fixed by: https://bodhi.fedoraproject.org/updates/FEDORA-2022-a9a84f2456 -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ___ devel mailing list -- devel@lists.fedo

Re: RPM spec feedback directly in your editor

t stdin/stdout natively. (Sometimes even that doesn't work, e.g. if the program tries to seek or mmap it, but often it does.) > > Best regards > > > Andreas > > > [1] https://github.com/jose-elias-alvarez/null-ls.nvim/ > [2] https://gi

Re: Orphaned packages looking for new maintainers​

/orphan > > Package (co)maintainers Status > Change > > stockfish orphan 1 weeks ago Going to take a stab at this o

License change for stockfish: GPLv3+ -> GPLv3+ and CC0

-- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org

Re: Ars claims: Fedora 32 is sluggish

PU governor looks pretty significant to me, but I > couldn't find any discussions about it. CCing the Fedora kernel list and Justin. At the ARK tree level, the change was introduced in this commit, with no explanation: https://gitlab.com

Re: More distgit attached to Fedora Zuul CI

M -> start the build even when the tarball hadn't yet been uploaded to the lookaside cache. Fedora CI wasn't able to do that at that time (probably still can't) and Zuul CI wasn't enabled on that repo back then. Was I just imagining things or does simple-koji-ci really ha

Re: Fedora 34 selinux blocking out-of-tree module loading even when secureboot is disabled???

o unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: >

Re: Fedora 34 selinux blocking out-of-tree module loading even when secureboot is disabled???

On Fri, Feb 19, 2021 at 5:23 PM Hans de Goede wrote: > Hi, > > On 2/19/21 2:24 PM, Ondrej Mosnacek wrote: > > Hi Hans, > > > > On Fri, Feb 19, 2021 at 1:36 PM Hans de Goede wrote: > >> Hi All, > >> > >> While dogfooding F34 I noticed that out

Looking for users of userfaultfd(2) syscall in Fedora

/torvalds/linux.git/commit/?id=b537900f1598b67bcb8acac20da73c6e26ebbf99 -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fe

Re: Looking for users of userfaultfd(2) syscall in Fedora

On Tue, Apr 6, 2021 at 7:33 PM Zbigniew Jędrzejewski-Szmek wrote: > On Tue, Apr 06, 2021 at 06:57:27PM +0200, Ondrej Mosnacek wrote: > > Hi all, > > > > Kernel 5.12 added support to SELinux for controlling access to the > > userfaultfd interface [1][2] and we&

Re: Looking for users of userfaultfd(2) syscall in Fedora

On Tue, Apr 6, 2021 at 10:30 PM Florian Weimer wrote: > * Ondrej Mosnacek: > > > Kernel 5.12 added support to SELinux for controlling access to the > > userfaultfd interface [1][2] and we'd like to implement this in > > Fedora's selinux-policy. However, once we

Re: dist-git force push

edpkg build Yes, it'll still take longer, but you won't need to context switch unless the scratch build fails (which would make you do a fixup commit + another build anyway). This workflow allows you to amend the commit until you get a successful scratch build, after which it is u

Re: Undetected ABI change in libkcapi (rawhide)

kage in Fedora currently links against libkcapi, so there should be no impact on other packages. [1] https://src.fedoraproject.org/rpms/libkcapi/pull-request/24 -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ___ dev

Updating quazip to version 1.1 in rawhide - rebuild of several packages in side-tag needed

bit (for example due to a conflict with other group rebuild). Thanks! [1] https://bugzilla.redhat.com/show_bug.cgi?id=1895170 [2] https://src.fedoraproject.org/rpms/quazip/pull-request/2 [3] https://copr.fedorainfracloud.org/coprs/omos/quazip/monitor/ -- Ondrej Mosnacek Software Engineer, Linux Sec

Re: Updating quazip to version 1.1 in rawhide - rebuild of several packages in side-tag needed

On Thu, Aug 19, 2021 at 12:34 PM Björn 'besser82' Esser wrote: > Am Mittwoch, dem 18.08.2021 um 10:45 +0200 schrieb Ondrej Mosnacek: > > Hello, > > > > I would like to update quazip to version 1.1 in rawhide (i.e. future > > F36) [1][2], but since this upd

Re: Updating quazip to version 1.1 in rawhide - rebuild of several packages in side-tag needed

On Thu, Aug 19, 2021 at 1:41 PM Björn 'besser82' Esser wrote: > Am Donnerstag, dem 19.08.2021 um 12:49 +0200 schrieb Björn 'besser82' > Esser: > > Am Donnerstag, dem 19.08.2021 um 12:43 +0200 schrieb Ondrej Mosnacek: > > > On Thu, Aug 19, 2021 at 12:

Re: Updating quazip to version 1.1 in rawhide - rebuild of several packages in side-tag needed

On Thu, Aug 19, 2021 at 2:43 PM Björn 'besser82' Esser wrote: > Am Donnerstag, dem 19.08.2021 um 14:14 +0200 schrieb Ondrej Mosnacek: > > On Thu, Aug 19, 2021 at 1:41 PM Björn 'besser82' Esser > > wrote: > > > Am Donnerstag, dem 19.08.2021

Re: Wine MinGW system libraries

> And, of course, I hate developing with static libraries :-( Could you perhaps just build a new dynamic library (with the adjusted name) by linking an empty/dummy object with the Fedora-provided static library? (Not sure if that's possible, but it's what came to my mind when reading t