With some SELinux & systemd challenges, we’ve upgraded Messinet Secure Services from
Fedora 24 to Fedora 25. It is clear that upstream Fedora is not getting
enough testing for systemd daemons and SELinux
In addition, it’s a bit disappointing that SELinux doesn’t really have policy
support for systemd-nspawn and full OS containers.
Kerberized NFS support via rpc.gssd is broken due to
1264556, now fixed
as described in 1398370. This can be temporarily resolved by running
rpc.gssd in the foreground by updating
/usr/lib/systemd/system/rpc-gssd.service as shown below, though you’ll run
[Unit] Description=RPC security service for NFS client and server DefaultDependencies=no Conflicts=umount.target Requires=var-lib-nfs-rpc_pipefs.mount After=var-lib-nfs-rpc_pipefs.mount ConditionPathExists=/etc/krb5.keytab PartOf=nfs-utils.service Wants=nfs-config.service After=nfs-config.service [Service] EnvironmentFile=-/run/sysconfig/nfs-utils #Type=forking #ExecStart=/usr/sbin/rpc.gssd $RPCSVCGSSDARGS Type=simple ExecStart=/usr/sbin/rpc.gssd -f $RPCSVCGSSDARGS
All that aside, the upgrades are complete and I’m no longer building for Fedora 24, which is removed from the Fedora Linux RPM Repository.