From beta-programs at suse.com Fri Feb 17 14:27:32 2023 From: beta-programs at suse.com (SUSE Beta Program) Date: Fri, 17 Feb 2023 15:27:32 +0100 Subject: [ANNOUNCE] SUSE Linux Enterprise Micro 5.4 Public Beta (beta 2) is out! Message-ID: <63ef8ed4310f6_7e52bc-26b@MacBouille.local.mail> We are thrilled to announce the Public Beta (Beta 2) of SUSE Linux Enterprise Micro 5.4! Download[1] Notable Changes - SLE Micro 5.4 is based on SLES 15 SP4 (like SLE Micro 5.3) but plus Maintenance Updates, - The default setting of SELinux for new installations has been changed from permissive to enforcing mode, - PCP container integration in cockpit, - Podman was updated from 3.x to 4.3.1. As always, we highly recommend to check our Release Notes[2] for a complete overview of the changes in this new version. Debugging SELinux Denials SELinux will now be set to enforcing by default. That means that you might run into issues because SELinux prevents you from doing something. This might then result in issues that are hard to debug with the approaches you used up to this point. If you run into strange issues have a look at the audit log to check for AVC entries like these: type=AVC msg=audit(1669971354.731:25): avc: denied { create } for pid=1264 comm="ModemManager" scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0 These tell you that SELinux prevented something. You should also check the journal, as some of these messages are only visible there. The next step is to set the system to permissive mode and try again with executing setenforce 0 command, which switches SELinux to permissive immediately, or with changing the kernel command line too include enforcing=0 and rebooting. After that SELinux will log, but not prevent access. If it works then you have confirmation that SELinux is the culprit. If you ran in permissive mode you will need to relabel your system until you are in a good state again, as permissive mode allows you to reach states that are not reachable otherwise. For that run touch /etc/selinux/.autorelabel and reboot. If you identify and issues open a bug for the security team with SELinux in the subject, the AVCs you saw and step by step reproduction steps. We'll then work on this to get it fixed for future Alpha and Beta snapshots. Known issues - bsc#1207679 - [s390x] z/KVM image does not boot to jeos-firsboot An updated list of known issues can be found here[3]. Call for feedback We are eager and excited to retrieve your feedback on this new version of our beloved SLE Micro product! As with any SUSE Public Beta Program[4], we have a public mailing list[5] in place for technical and product discussion as well as a bugzilla setup[6] to be used for bug report. Please refer to SLE Micro Beta web page[7] for more information. More information FAQ[8] Feedback[9] Documentation[10] Questions? If you have any questions, please contact us at beta-programs at suse.com. Your SUSE Linux Enterprise Micro team Click here to unsubscribe[11] [1]:https://suse.com/betaprogram/micro-beta/#download [2]:https://www.suse.com/releasenotes/x86_64/SLE-Micro/5.4/in dex.html [3]:https://www.suse.com/betaprogram/micro-beta#knownissues [4]:https://www.suse.com/betaprogram/beta/ [5]:https://suse.com/betaprogram/micro-beta/#mailinglist [6]:https://suse.com/betaprogram/micro-beta/#bugzilla [7]:https://suse.com/betaprogram/micro-beta/ [8]:https://suse.com/betaprogram/micro-beta/#faq [9]:https://suse.com/betaprogram/micro-beta/#feedback [10]:https://suse.com/betaprogram/micro-beta/#documentation [11]:mailto:beta-programs at suse.com?subject=Unsubscribe%20from %20SLE%20Micro%20Public%20Beta%20Program&body=Unsubscribe%20f rom%20SLE%20Micro%20Public%20Beta%20Program -------------- next part -------------- An HTML attachment was scrubbed... URL: