Fedora 13 Update: selinux-policy-3.7.19-21.fc13

updates at fedoraproject.org updates at fedoraproject.org
Fri May 28 18:02:28 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-9087
2010-05-26 20:46:00
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 13
Version     : 3.7.19
Release     : 21.fc13
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
ChangeLog:

* Mon May 24 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-21
- Allow login programs to read krb5_home_t
Resolves: #594833
- Add obsoletes for cachefilesfd-selinux package
Resolves: #575084
* Thu May 20 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-20
- Allow mount to r/w abrt fifo file
Resolves: #594014
- Allow svirt_t to getattr on hugetlbfs
Resolves: #537389
- Allow abrt to create a directory under /var/spool
* Wed May 19 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-19
- Add labels for /sys
- Allow sshd to getattr on shutdown
- Fixes for munin
- Allow sssd to use the kernel key ring
- Allow tor to send syslog messages
- Allow iptabels to read usr files
- allow policykit to read all domains state
Resolves: #591561
* Thu May 13 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-17
- Fix path for /var/spool/abrt
Resolves: #591561
- Allow nfs_t as an entrypoint for http_sys_script_t
Resolves: #580568
- Add policy for piranha
Resolves: #584415
- Lots of fixes for sosreport
* Wed May 12 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-16
- Allow xm_t to read network state and get and set capabilities
- Allow policykit to getattr all processes
- Allow denyhosts to connect to tcp port 9911
- Allow pyranha to use raw ip sockets and ptrace itself
- Allow unconfined_execmem_t and gconfsd mechanism to dbus
- Allow staff to kill ping process
- Add additional MLS rules
* Mon May 10 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-15
- Allow gdm to edit ~/.gconf dir
Resolves: #590677
- Allow dovecot to create directories in /var/lib/dovecot
Partially resolves 590224
- Allow avahi to dbus chat with NetworkManager
- Fix cobbler labels
- Dontaudit iceauth_t leaks
- fix /var/lib/lxdm file context
- Allow aiccu to use tun tap devices
- Dontaudit shutdown using xserver.log
* Thu May  6 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-14
- Fixes for sandbox_x_net_t  to match access for sandbox_web_t ++
- Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory
- Add dontaudit interface for bluetooth dbus
- Add chronyd_read_keys, append_keys for initrc_t
- Add log support for ksmtuned
Resolves: #586663
* Thu May  6 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-13
- Allow boinc to send mail
* Wed May  5 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-12
- Allow initrc_t to remove dhcpc_state_t
- Fix label on sa-update.cron
- Allow dhcpc to restart chrony initrc
- Don't allow sandbox to send signals to its parent processes
- Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t
Resolves: #589136
* Mon May  3 2010 Dan Walsh <dwalsh at redhat.com> 3.7.19-11
- Fix location of oddjob_mkhomedir
Resolves: #587385
- fix labeling on /root/.shosts and ~/.shosts
- Allow ipsec_mgmt_t to manage net_conf_t
Resolves: #586760
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #591347 - SELinux empêche l'accès en "signal" à /bin/bash
        https://bugzilla.redhat.com/show_bug.cgi?id=591347
  [ 2 ] Bug #591514 - SELinux is preventing /bin/bash "signal" access     .
        https://bugzilla.redhat.com/show_bug.cgi?id=591514
  [ 3 ] Bug #591854 - SELinux empêche /usr/bin/vlc de charger /usr/lib/vlc/plugins/codec/libdmo_plugin.so qui exige une réinstallation du texte.
        https://bugzilla.redhat.com/show_bug.cgi?id=591854
  [ 4 ] Bug #592651 - SELinux is preventing /usr/bin/cpufreq-selector "read" access      on /usr/share/locale/locale.alias.
        https://bugzilla.redhat.com/show_bug.cgi?id=592651
  [ 5 ] Bug #592529 - SELinux is preventing /usr/sbin/crond "sigchld" access     .
        https://bugzilla.redhat.com/show_bug.cgi?id=592529
  [ 6 ] Bug #593087 - SELinux is preventing /usr/bin/tor "create" access     .
        https://bugzilla.redhat.com/show_bug.cgi?id=593087
  [ 7 ] Bug #593737 - SELinux is preventing /sbin/consoletype access to a leaked /var/log/wicd/wicd.log file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=593737
  [ 8 ] Bug #591680 - SELinux belet /usr/sbin/sshd "getattr" toegang      on /sbin/shutdown.
        https://bugzilla.redhat.com/show_bug.cgi?id=591680
  [ 9 ] Bug #595430 - SELinux is preventing /usr/sbin/usbmuxd "write" access      on /var/run/usbmuxd.pid.
        https://bugzilla.redhat.com/show_bug.cgi?id=595430
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list