Fedora 15 Update: selinux-policy-3.9.16-18.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Mon May 2 03:39:34 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-5789
2011-04-22 00:08:33
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 15
Version : 3.9.16
Release : 18.fc15
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
- Allow spamd to sent mail
- Needs to be able to write to its systemhigh log file
- Fix aide policy to run on MLS boxes
- Allow NetworkManager to manage content in /etc/NetworkManager/system-connections
- Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners
- Allow telepath_msn_t to read /proc/PARENT/cmdline
- ftpd needs kill capability
- Allow telepath_msn_t to connect to sip port
- keyring daemon does not work on nfs homedirs
- Allow $1_sudo_t to read default SELinux context
- Add label for tgtd sock file in /var/run/
- Add apache_exec_rotatelogs interface
- allow all zaraha domains to signal themselves, server writes to /tmp
- Allow syslog to read the process state
- Add label for /usr/lib/chromium-browser/chrome
- Remove the telepathy transition from unconfined_t
- Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts
- Allow initrc_t domain to manage abrt pid files
- Add support for AEOLUS project
- Virt_admin should be allowed to manage images and processes
- Allow plymountd to send signals to init
- Change labeling of fping6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #695563 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the filesystem /.
https://bugzilla.redhat.com/show_bug.cgi?id=695563
[ 2 ] Bug #698884 - SELinux is preventing /usr/libexec/mission-control-5 from 'read' accesses on the unix_stream_socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=698884
[ 3 ] Bug #699328 - SELinux is preventing /usr/sbin/ntpd from read, write access on the shared memory Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=699328
[ 4 ] Bug #699533 - selinux blocking dhclient
https://bugzilla.redhat.com/show_bug.cgi?id=699533
[ 5 ] Bug #699535 - dhclient spawned script (bash) blocked by Selinux default policy
https://bugzilla.redhat.com/show_bug.cgi?id=699535
[ 6 ] Bug #696610 - SELinux is preventing plymouthd from using the 'signal' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=696610
[ 7 ] Bug #696921 - SELinux is preventing systemd-kmsg-sy from 'search' accesses on the directory 22673.
https://bugzilla.redhat.com/show_bug.cgi?id=696921
[ 8 ] Bug #697670 - SELinux is preventing /usr/libexec/mission-control-5 from 'read' accesses on the file /proc/<pid>/cmdline.
https://bugzilla.redhat.com/show_bug.cgi?id=697670
[ 9 ] Bug #698266 - SELinux is preventing /usr/libexec/telepathy-haze from 'name_connect' accesses on the tcp_socket port 5061.
https://bugzilla.redhat.com/show_bug.cgi?id=698266
[ 10 ] Bug #698372 - SELinux is preventing /usr/libexec/telepathy-haze from 'read' accesses on the file /proc/<pid>/cmdline.
https://bugzilla.redhat.com/show_bug.cgi?id=698372
[ 11 ] Bug #698559 - SELinux is preventing /usr/libexec/telepathy-sofiasip from name_bind access on the tcp_socket port
https://bugzilla.redhat.com/show_bug.cgi?id=698559
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list