We’ve upgraded Messinet Secure Services from Fedora 26 to Fedora 27. Again there
are a number of SELinux, systemd, gssproxy, and nfs-utils bugs 1494852,
1514241 affecting our systems that probably should
have received more attention before release.
One of the most challenging SELinux & systemd integration bugs is 1471545,
whereby the wrong SELinux file context label is placed on
/run/systemd/resolve/resolv.conf, causing SELinux AVCs and daemon failures
throughout. Unfortunately, the bug’s assignee continues to close the bug as
fixed with each new selinux-policy release and no information as to how the
fix is to work.
After using MariaDB’s GSSAPI Authentication Plugin with great success in
Fedora 26, I was looking to expand GSSAPI/SSO usage in F27, but I was unable to
get things to work, and filed
1514820 for more information.
SELinux still doesn’t really have functional policy support for machinectl,
systemd-nspawn and full OS containers. The same SELinux and systemd integration
issues occurred with the Fedora 25 to Fedora 26 upgrade and it is clear that
upstream Fedora doesn’t prioritize SELinux testing enough, especially with
respect to systemd, it’s init daemon of choice.
All this too, shall pass and with the Messinet Secure Services upgrades complete, I’m
no longer building for Fedora 26, which has been removed from the
Fedora Linux RPM Repository.