Fedora 13 Update: selinux-policy-3.7.19-23.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 8 19:28:59 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-9256
2010-05-31 17:41:13
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 13
Version : 3.7.19
Release : 23.fc13
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
* Tue Jun 01 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-23 - Add cmirrord
policy - Fixes for accountsd policy - Fixes for boinc policy - Allow cups-
pdf to set attributes on fonts cache directory - Allow radiusd to setrlimit
- Allow nscd sys_ptrace capability * Tue May 25 2010 Dan Walsh
<dwalsh at redhat.com> 3.7.19-22 - Allow procmail to execute scripts in the users
home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 1 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-23
- Add cmirrord policy
- Fixes for accountsd policy
- Fixes for boinc policy
- Allow cups-pdf to set attributes on fonts cache directory
- Allow radiusd to setrlimit
- Allow nscd sys_ptrace capability
* Tue May 25 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-22
- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t
- Fix /var/run/abrtd.lock label
* Mon May 24 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-21
- Allow login programs to read krb5_home_t
Resolves: 594833
- Add obsoletes for cachefilesfd-selinux package
Resolves: #575084
* Thu May 20 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-20
- Allow mount to r/w abrt fifo file
- Allow svirt_t to getattr on hugetlbfs
- Allow abrt to create a directory under /var/spool
* Wed May 19 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-19
- Add labels for /sys
- Allow sshd to getattr on shutdown
- Fixes for munin
- Allow sssd to use the kernel key ring
- Allow tor to send syslog messages
- Allow iptabels to read usr files
- allow policykit to read all domains state
* Thu May 13 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-17
- Fix path for /var/spool/abrt
- Allow nfs_t as an entrypoint for http_sys_script_t
- Add policy for piranha
- Lots of fixes for sosreport
* Wed May 12 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-16
- Allow xm_t to read network state and get and set capabilities
- Allow policykit to getattr all processes
- Allow denyhosts to connect to tcp port 9911
- Allow pyranha to use raw ip sockets and ptrace itself
- Allow unconfined_execmem_t and gconfsd mechanism to dbus
- Allow staff to kill ping process
- Add additional MLS rules
* Mon May 10 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-15
- Allow gdm to edit ~/.gconf dir
Resolves: #590677
- Allow dovecot to create directories in /var/lib/dovecot
Partially resolves 590224
- Allow avahi to dbus chat with NetworkManager
- Fix cobbler labels
- Dontaudit iceauth_t leaks
- fix /var/lib/lxdm file context
- Allow aiccu to use tun tap devices
- Dontaudit shutdown using xserver.log
* Thu May 6 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-14
- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++
- Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory
- Add dontaudit interface for bluetooth dbus
- Add chronyd_read_keys, append_keys for initrc_t
- Add log support for ksmtuned
Resolves: #586663
* Thu May 6 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-13
- Allow boinc to send mail
* Wed May 5 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-12
- Allow initrc_t to remove dhcpc_state_t
- Fix label on sa-update.cron
- Allow dhcpc to restart chrony initrc
- Don't allow sandbox to send signals to its parent processes
- Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t
Resolves: #589136
* Mon May 3 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-11
- Fix location of oddjob_mkhomedir
Resolves: #587385
- fix labeling on /root/.shosts and ~/.shosts
- Allow ipsec_mgmt_t to manage net_conf_t
Resolves: #586760
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #575639 - procmail cannot call/run user created script, SELinux denied execute
https://bugzilla.redhat.com/show_bug.cgi?id=575639
[ 2 ] Bug #595491 - SELinux is preventing /sbin/mount.cifs "dac_read_search" access .
https://bugzilla.redhat.com/show_bug.cgi?id=595491
[ 3 ] Bug #596110 - SELinux is preventing /usr/bin/perl "dac_override" access .
https://bugzilla.redhat.com/show_bug.cgi?id=596110
[ 4 ] Bug #596413 - SELinux is preventing /usr/sbin/usbmuxd "lock" access on /var/run/usbmuxd.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=596413
[ 5 ] Bug #596415 - bug in git policy
https://bugzilla.redhat.com/show_bug.cgi?id=596415
[ 6 ] Bug #596436 - SELinux is preventing /usr/bin/passwd "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=596436
[ 7 ] Bug #596121 - SELinux is preventing /usr/bin/boinc_client "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=596121
[ 8 ] Bug #596535 - SELinux is preventing /usr/bin/which "getattr" access on /usr/sbin/sendmail.sendmail.
https://bugzilla.redhat.com/show_bug.cgi?id=596535
[ 9 ] Bug #567454 - SELinux is preventing /usr/sbin/tzdata-update access to a leaked /tmp/tmpNJCaKB file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=567454
[ 10 ] Bug #596569 - SELinux is preventing /usr/libexec/gdm-simple-greeter "read" access on /var/lib/AccountsService/icons/hadess.
https://bugzilla.redhat.com/show_bug.cgi?id=596569
[ 11 ] Bug #596533 - SELinux is preventing /usr/bin/passwd "write" access on /etc/passwd-.
https://bugzilla.redhat.com/show_bug.cgi?id=596533
[ 12 ] Bug #596872 - SELinux is preventing /usr/sbin/hddtemp "read" access on /etc/gai.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=596872
[ 13 ] Bug #595528 - SELinux is preventing /usr/sbin/clamd "create" access on clamd.sock.
https://bugzilla.redhat.com/show_bug.cgi?id=595528
[ 14 ] Bug #595835 - selinux breaks nagios
https://bugzilla.redhat.com/show_bug.cgi?id=595835
[ 15 ] Bug #596564 - SELinux is preventing /var/lib/boinc/projects/www.rnaworld.de_rnaworld/cmswrapper_0.10_x86_64-pc-linux-gnu "search" access .
https://bugzilla.redhat.com/show_bug.cgi?id=596564
[ 16 ] Bug #597103 - SELinux is preventing /usr/libexec/accounts-daemon "search" access .
https://bugzilla.redhat.com/show_bug.cgi?id=597103
[ 17 ] Bug #597104 - SELinux is preventing /usr/libexec/accounts-daemon "setuid" access .
https://bugzilla.redhat.com/show_bug.cgi?id=597104
[ 18 ] Bug #597105 - SELinux is preventing /usr/libexec/accounts-daemon "setgid" access .
https://bugzilla.redhat.com/show_bug.cgi?id=597105
[ 19 ] Bug #597098 - SELinux is preventing /var/lib/boinc/projects/climateprediction.net/hadam3p_6.14_i686-pc-linux-gnu "signull" access .
https://bugzilla.redhat.com/show_bug.cgi?id=597098
[ 20 ] Bug #597879 - SELinux is preventing /var/lib/boinc/slots/3/freeze "read" access on tcp.
https://bugzilla.redhat.com/show_bug.cgi?id=597879
[ 21 ] Bug #597432 - SELinux is preventing /sbin/consoletype access to a leaked /var/log/pm-suspend.log file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=597432
[ 22 ] Bug #597939 - SELinux is preventing /usr/bin/gs "setattr" access on /var/cache/fontconfig.
https://bugzilla.redhat.com/show_bug.cgi?id=597939
[ 23 ] Bug #597614 - SELinux is preventing /usr/libexec/gnome-system-monitor-mechanism "search" access on /usr/share/locale.
https://bugzilla.redhat.com/show_bug.cgi?id=597614
[ 24 ] Bug #598658 - libsemanage.semanage_install_active: setfiles returned error code 1 installing 3.7.19-22.fc13
https://bugzilla.redhat.com/show_bug.cgi?id=598658
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list