-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-759c80369d 2024-05-12 04:16:43.337247 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 40 Version : 40.18 Release : 2.fc40 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora.
-------------------------------------------------------------------------------- Update Information:
New F40 selinux-policy build. It is expected to fix most problems with libvirt, but still not some of them which require additional troubleshooting. -------------------------------------------------------------------------------- ChangeLog:
* Mon May 6 2024 Zdenek Pytela zpytela@redhat.com - 40.18-2 - Update rpm configuration for the /var/run equivalency change * Mon May 6 2024 Zdenek Pytela zpytela@redhat.com - 40.18-1 - Allow virtqemud read vfio devices - Allow virtqemud get attributes of a tmpfs filesystem - Allow svirt_t read vm sysctls - Allow virtqemud create and unlink files in /etc/libvirt/ - Allow virtqemud get attributes of cifs files - Allow virtqemud get attributes of filesystems with extended attributes - Allow virtqemud get attributes of NFS filesystems - Allow virt_domain read and write usb devices conditionally - Allow virtstoraged use the io_uring API - Allow virtstoraged execute lvm programs in the lvm domain - Allow virtnodevd_t map /var/lib files - Allow svirt_tcg_t map svirt_image_t files - Allow abrt-dump-journal-core connect to systemd-homed - Allow abrt-dump-journal-core connect to systemd-machined - Allow sssd create and use io_uring - Allow selinux-relabel-generator create units dir - Allow dbus-broker read/write inherited user ttys -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2265926 - SELinux is preventing /usr/bin/abrt-dump-journal-core from 'connectto' accesses on the unix_stream_socket /run/systemd/userdb/io.systemd.Home. https://bugzilla.redhat.com/show_bug.cgi?id=2265926 [ 2 ] Bug #2270668 - SELinux is preventing rpc-virtqemud from 'getattr' accesses on the syst��me de fichiers /. https://bugzilla.redhat.com/show_bug.cgi?id=2270668 [ 3 ] Bug #2271831 - SELinux is preventing rpc-virtqemud from 'getattr' accesses on the filesystem /. https://bugzilla.redhat.com/show_bug.cgi?id=2271831 [ 4 ] Bug #2276768 - SELinux is preventing lvs from 'unlink' accesses on the file V_vm-pool:aux. https://bugzilla.redhat.com/show_bug.cgi?id=2276768 [ 5 ] Bug #2276779 - SELinux is preventing daemon-init from 'map' accesses on the file /var/lib/flatpak/exports/share/mime/mime.cache. https://bugzilla.redhat.com/show_bug.cgi?id=2276779 [ 6 ] Bug #2276937 - SELinux: AVC avc: denied { create } for pid=868 comm="nsupdate" anonclass=[io_uring] scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=0 https://bugzilla.redhat.com/show_bug.cgi?id=2276937 [ 7 ] Bug #2277028 - Errors happened with the container-selinux-2:2.231.0-1.fc40.noarch postinstall scriplet https://bugzilla.redhat.com/show_bug.cgi?id=2277028 [ 8 ] Bug #2277658 - SELinux is preventing abrt-dump-journ from 'connectto' accesses on the unix_stream_socket /run/systemd/userdb/io.systemd.Machine. https://bugzilla.redhat.com/show_bug.cgi?id=2277658 [ 9 ] Bug #2278803 - SELinux is preventing qemu-system-x86 from read, write access on the chr_file 005. https://bugzilla.redhat.com/show_bug.cgi?id=2278803 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-759c80369d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org