--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-32ebae3424
2018-03-20 18:11:51.200603
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 27
Version : 3.13.1
Release : 283.28.fc27
URL :
http://github.com/TresysTechnology/refpolicy/wiki
Summary : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
More info:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1054475
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1543997 - SELinux is preventing gnome-directory from 'getattr'
accesses on the fifo_file /run/dmeventd-server.
https://bugzilla.redhat.com/show_bug.cgi?id=1543997
[ 2 ] Bug #1545643 - SELinux is preventing bluetoothd from 'map' accesses on the
file /usr/libexec/bluetooth/bluetoothd.
https://bugzilla.redhat.com/show_bug.cgi?id=1545643
[ 3 ] Bug #1547057 - SELinux is preventing pool from 'read' accesses on the
Datei resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1547057
[ 4 ] Bug #1547098 - SELinux is preventing NetworkManager from 'read' accesses
on the Datei resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1547098
[ 5 ] Bug #1547338 - SELinux is preventing (uetoothd) from 'mounton' accesses on
the directory /var/lib/bluetooth.
https://bugzilla.redhat.com/show_bug.cgi?id=1547338
[ 6 ] Bug #1547761 - SELinux is preventing /usr/lib/systemd/systemd-journald from
'map' accesses on the file
2F6D656D66643A73642D73797374656D642D636F726564756D202864656C6574656429.
https://bugzilla.redhat.com/show_bug.cgi?id=1547761
[ 7 ] Bug #1544273 - SELinux is preventing abrt-action-gen from 'map' accesses
on the file /var/spool/abrt/ccpp-2018-02-12-09:44:13.351807-3048/coredump.
https://bugzilla.redhat.com/show_bug.cgi?id=1544273
[ 8 ] Bug #1544551 - SELinux is preventing openconnect from 'map' accesses on
the file /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit.
https://bugzilla.redhat.com/show_bug.cgi?id=1544551
[ 9 ] Bug #1552437 - SELinux is preventing boinc_client from 'open' accesses on
the file /proc/sys/vm/mmap_min_addr.
https://bugzilla.redhat.com/show_bug.cgi?id=1552437
[ 10 ] Bug #1551842 - SELinux is preventing plymouthd from 'map' accesses on the
chr_file /dev/fb0.
https://bugzilla.redhat.com/show_bug.cgi?id=1551842
[ 11 ] Bug #1547875 - SELinux is preventing powertop from 'read' accesses on the
file id.
https://bugzilla.redhat.com/show_bug.cgi?id=1547875
[ 12 ] Bug #1552416 - SELinux is preventing ffspart from 'map' accesses on the
chr_file /dev/zero.
https://bugzilla.redhat.com/show_bug.cgi?id=1552416
[ 13 ] Bug #1547416 - SELinux is preventing (uetoothd) from 'mounton' accesses
on the directory /var/lib/bluetooth.
https://bugzilla.redhat.com/show_bug.cgi?id=1547416
[ 14 ] Bug #1532015 - SELinux is preventing systemd from 'create' accesses on
the tcp_socket port None (lpr)
https://bugzilla.redhat.com/show_bug.cgi?id=1532015
[ 15 ] Bug #1547227 - SELinux is preventing systemd-update- from
'module_request' accesses on the system Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1547227
[ 16 ] Bug #1552398 - SELinux is preventing rpcbind from 'create' accesses on
the directory rpcbind.
https://bugzilla.redhat.com/show_bug.cgi?id=1552398
[ 17 ] Bug #1543650 - SELinux is preventing systemd-rfkill from 'module_request'
accesses on the system Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1543650
[ 18 ] Bug #1544251 - SELinux is preventing gdm-wayland-ses from 'read' accesses
on the lnk_file machine-id.
https://bugzilla.redhat.com/show_bug.cgi?id=1544251
[ 19 ] Bug #1551770 - SELinux is preventing mkhomedir_helpe from 'write'
accesses on the sock_file system_bus_socket.
https://bugzilla.redhat.com/show_bug.cgi?id=1551770
[ 20 ] Bug #1501331 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1501331
[ 21 ] Bug #1542803 - SELinux preventing L2TP VPN connection
https://bugzilla.redhat.com/show_bug.cgi?id=1542803
[ 22 ] Bug #1534111 - New tmux AVC on F27
https://bugzilla.redhat.com/show_bug.cgi?id=1534111
[ 23 ] Bug #1544627 - SELinux is preventing boinc_client from 'read' accesses on
the file mmap_min_addr.
https://bugzilla.redhat.com/show_bug.cgi?id=1544627
[ 24 ] Bug #1552436 - SELinux is preventing boinc_client from 'open' accesses on
the file /sys/fs/cgroup/cpuset/cpuset.cpus.
https://bugzilla.redhat.com/show_bug.cgi?id=1552436
[ 25 ] Bug #1544270 - SELinux is preventing telepathy-logge from 'map' accesses
on the file /run/user/1000/dconf/user.
https://bugzilla.redhat.com/show_bug.cgi?id=1544270
[ 26 ] Bug #1547056 - SELinux is preventing abrt-action-sav from 'read' accesses
on the Datei resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1547056
[ 27 ] Bug #1547259 - SELinux is preventing addconn from 'read' accesses on the
file nm-l2tp-ipsec-56798339-a275-487a-a299-1d1d0a179e66.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=1547259
[ 28 ] Bug #1551738 - snapper causes selinux denials after dnf update
https://bugzilla.redhat.com/show_bug.cgi?id=1551738
[ 29 ] Bug #1546423 - SELinux is preventing bluetoothd from 'create' accesses on
the socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1546423
[ 30 ] Bug #1468381 - SELinux is preventing boinc_client from 'read' accesses on
the file cpuset.mems.
https://bugzilla.redhat.com/show_bug.cgi?id=1468381
[ 31 ] Bug #1544272 - SELinux is preventing systemd from using the 'sigkill'
accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1544272
[ 32 ] Bug #1554087 - minidlna service runs as unconfined_service_t because of wrong
file context pattern
https://bugzilla.redhat.com/show_bug.cgi?id=1554087
[ 33 ] Bug #1545348 - SELinux is preventing nm-l2tp-service from 'search'
accesses on the directory strongswan.
https://bugzilla.redhat.com/show_bug.cgi?id=1545348
[ 34 ] Bug #1552765 - SELinux is preventing ABRT a map access to /tmp /var/tmp
https://bugzilla.redhat.com/show_bug.cgi?id=1552765
[ 35 ] Bug #1543375 - SELinux is preventing unix_update from using the 'fsetid'
capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1543375
[ 36 ] Bug #1551033 - SELinux is preventing colord from 'map' accesses on the
file /home/fedora/kasmith/.local/share/icc/edid-a920bbe26e6ac81fc5b993f93b3b4cba.icc.
https://bugzilla.redhat.com/show_bug.cgi?id=1551033
[ 37 ] Bug #1543033 - SELinux is preventing memcached from starting
https://bugzilla.redhat.com/show_bug.cgi?id=1543033
[ 38 ] Bug #1552535 - SELinux is preventing modprobe from 'map' accesses on the
file /usr/lib/modules/4.15.6-300.fc27.x86_64/modules.dep.bin.
https://bugzilla.redhat.com/show_bug.cgi?id=1552535
[ 39 ] Bug #1552536 - SELinux is preventing php-fpm from 'create' accesses on
the netlink_kobject_uevent_socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1552536
[ 40 ] Bug #1542903 - SELinux is preventing hostname from read, write access on the
chr_file /dev/ttyUSB1.
https://bugzilla.redhat.com/show_bug.cgi?id=1542903
[ 41 ] Bug #1554150 - SELinux is preventing lxdm-session from 'sys_ptrace'
accesses on the cap_userns Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1554150
[ 42 ] Bug #1547874 - SELinux is preventing powertop from 'setopt' accesses on
the netlink_generic_socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1547874
[ 43 ] Bug #1471545 - SElinux prevents postfix from reading
/run/systemd/resolve/resolv.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1471545
[ 44 ] Bug #1547876 - SELinux is preventing systemd from 'bind' accesses on the
netlink_selinux_socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1547876
[ 45 ] Bug #1542746 - SELinux is preventing addconn from 'search' accesses on
the directory /var/lib/unbound.
https://bugzilla.redhat.com/show_bug.cgi?id=1542746
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade selinux-policy' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------