SUSE Linux Enterprise Micro 5.4 Public RC is out! | SUSE Communities

SUSE Linux Enterprise Micro 5.4 Public RC is out!

Share
Share

We are thrilled to announce the Public Release Candidate (RC 2) of SUSE Linux Enterprise Micro 5.4!

SLE Micro is an ultra-reliable, lightweight operating system purpose built for edge computing. Please check out our Product page to learn more, but for the beta program, please refer to our dedicated beta page.

Notable Changes

  • SLE Micro 5.4 is based on SLES 15 SP4 (like SLE Micro 5.3) but plus Maintenance Updates,
  • The default setting of SELinux for new installations has been changed from permissive to enforcing mode,
  • PCP container integration in cockpit,
  • Podman was updated from 3.x to 4.3.1.

Since Public Beta

  • The installer now includes packages for being able to run in the FIPS mode,
  • FIPS packages are also part of the raw images,
  • Including hardware cryptography acceleration packages for s/390x,
  • A lot of bug fixes.

As always, we highly recommend to check our Release Notes for a complete overview of the changes in this new version.

Debugging SELinux Denials

SELinux will now be set to enforcing by default. That means that you might run into issues because SELinux prevents you from doing something. This might then result in issues that are hard to debug with the approaches you used up to this point.

If you run into strange issues have a look at the audit log to check for AVC entries like these:

type=AVC msg=audit(1669971354.731:25): avc: denied { create } for pid=1264 comm=”ModemManager” scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0

These tell you that SELinux prevented something. You should also check the journal, as some of these messages are only visible there.

The next step is to set the system to permissive mode and try again with executing setenforce 0 command, which switches SELinux to permissive immediately, or with changing the kernel command line too include enforcing=0 and rebooting. After that SELinux will log, but not prevent access. If it works then you have confirmation that SELinux is the culprit.

If you ran in permissive mode you will need to relabel your system until you are in a good state again, as permissive mode allows you to reach states that are not reachable otherwise. For that run touch /etc/selinux/.autorelabel and reboot.

If you identify and issues open a bug for the security team with SELinux in the subject, the AVCs you saw and step by step reproduction steps. We’ll then work on this to get it fixed for future Alpha and Beta snapshots.

Call for feedback

We are eager and excited to retrieve your feedback on this new version of our beloved SLE Micro product! As with any SUSE Public Beta Program, we have a public mailing list in place for technical and product discussion as well as a bugzilla setup to be used for bug report.

Please refer to SLE Micro Beta web page for more information.

Share
Avatar photo
2,736 views