We’ve upgraded Messinet Secure Services from Fedora 26 to Fedora 27. Again there are a number of SELinux, systemd, gssproxy, and nfs-utils bugs 1494852, 1497267, 1507817, 1514241 affecting our systems that probably should have received more attention before release.

One of the most challenging SELinux & systemd integration bugs is 1471545, whereby the wrong SELinux file context label is placed on /run/systemd/resolve/resolv.conf, causing SELinux AVCs and daemon failures throughout. Unfortunately, the bug’s assignee continues to close the bug as fixed with each new selinux-policy release and no information as to how the fix is to work.

After using MariaDB’s GSSAPI Authentication Plugin with great success in Fedora 26, I was looking to expand GSSAPI/SSO usage in F27, but I was unable to get things to work, and filed 1514820 for more information.

SELinux still doesn’t really have functional policy support for machinectl, systemd-nspawn and full OS containers. The same SELinux and systemd integration issues occurred with the Fedora 25 to Fedora 26 upgrade and it is clear that upstream Fedora doesn’t prioritize SELinux testing enough, especially with respect to systemd, it’s init daemon of choice.

All this too, shall pass and with the Messinet Secure Services upgrades complete, I’m no longer building for Fedora 26, which has been removed from the Fedora Linux RPM Repository.