-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15790 2010-10-05 13:01:49 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 14 Version : 3.9.5 Release : 10.fc14 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117
-------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 4 2010 Dan Walsh dwalsh@redhat.com 3.9.5-10 - Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context * Thu Sep 30 2010 Dan Walsh dwalsh@redhat.com 3.9.5-9 - Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t * Wed Sep 29 2010 Dan Walsh dwalsh@redhat.com 3.9.5-8 - Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t * Mon Sep 27 2010 Dan Walsh dwalsh@redhat.com 3.9.5-7 - Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program -------------------------------------------------------------------------------- References:
[ 1 ] Bug #637822 - selinux blocks /usr/share/smartmontools/driverdb.h from updated smartmontools https://bugzilla.redhat.com/show_bug.cgi?id=637822 [ 2 ] Bug #638393 - ssh_home_t versus home_ssh_t confusion in ssh.fc https://bugzilla.redhat.com/show_bug.cgi?id=638393 [ 3 ] Bug #638212 - SELinux is preventing /bin/umount "unlink" access on mtab. https://bugzilla.redhat.com/show_bug.cgi?id=638212 [ 4 ] Bug #638155 - nspluginscan Triggering SELinux Security Alerts https://bugzilla.redhat.com/show_bug.cgi?id=638155 [ 5 ] Bug #637986 - SELinux verhindert /usr/lib64/xulrunner-1.9.2/plugin-container "setattr" Zugriff on /home/any0n3/.pulse. https://bugzilla.redhat.com/show_bug.cgi?id=637986 [ 6 ] Bug #638296 - SELinux is preventing /usr/libexec/totem-plugin-viewer "write" access on /home/hicham/.gstreamer-0.10. https://bugzilla.redhat.com/show_bug.cgi?id=638296 [ 7 ] Bug #637524 - SELinux verhindert /usr/lib64/xulrunner-1.9.2/plugin-container "remove_name" Zugriff on CBSI_Eidothea_Volume.sxx. https://bugzilla.redhat.com/show_bug.cgi?id=637524 [ 8 ] Bug #638763 - SELinux is preventing /usr/bin/Xorg "read write" access on /SYSV00000000 (deleted). https://bugzilla.redhat.com/show_bug.cgi?id=638763 [ 9 ] Bug #638919 - SELinux is preventing /usr/libexec/telepathy-haze "name_connect" access . https://bugzilla.redhat.com/show_bug.cgi?id=638919 [ 10 ] Bug #638903 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin "listen" access . https://bugzilla.redhat.com/show_bug.cgi?id=638903 [ 11 ] Bug #638900 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from executing /opt/google/talkplugin/GoogleTalkPlugin. https://bugzilla.redhat.com/show_bug.cgi?id=638900 [ 12 ] Bug #639174 - SELinux is preventing /usr/lib64/xulrunner-2.0b6/plugin-container "write" access on /dev/video0. https://bugzilla.redhat.com/show_bug.cgi?id=639174 [ 13 ] Bug #639172 - SELinux is preventing /usr/bin/sudo "signal" access . https://bugzilla.redhat.com/show_bug.cgi?id=639172 [ 14 ] Bug #639142 - SELinux verhindert /usr/bin/pulseaudio "execute" Zugriff on /usr/bin/pulseaudio. https://bugzilla.redhat.com/show_bug.cgi?id=639142 [ 15 ] Bug #639136 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "open" access on /home/gene/.asoundrc. https://bugzilla.redhat.com/show_bug.cgi?id=639136 [ 16 ] Bug #590883 - qt-4.7.x : SELinux is preventing ... "write" access on ... https://bugzilla.redhat.com/show_bug.cgi?id=590883 [ 17 ] Bug #639175 - SELinux is preventing /usr/lib64/xulrunner-2.0b6/plugin-container "name_connect" access . https://bugzilla.redhat.com/show_bug.cgi?id=639175 [ 18 ] Bug #639659 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin "getattr" access on $HOME https://bugzilla.redhat.com/show_bug.cgi?id=639659 [ 19 ] Bug #639579 - SELinux is preventing /usr/bin/gtk-gnash "name_connect" access . https://bugzilla.redhat.com/show_bug.cgi?id=639579 [ 20 ] Bug #639589 - SELinux is preventing /usr/bin/gtk-gnash "execute" access on /tmp/orcexec.orc_audio_convert_pack_s16.toqzIi (deleted). https://bugzilla.redhat.com/show_bug.cgi?id=639589 [ 21 ] Bug #639572 - SELinux is preventing /usr/libexec/totem-plugin-viewer "create" access on linc-c7d-0-4d35d79d29f8. https://bugzilla.redhat.com/show_bug.cgi?id=639572 [ 22 ] Bug #639539 - SELinux is preventing /usr/bin/nspluginscan "execute" access on /home/timali/.mozilla/plugins/libflashplayer.so. https://bugzilla.redhat.com/show_bug.cgi?id=639539 [ 23 ] Bug #639512 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config access to a leaked /dev/dri/card0 file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=639512 [ 24 ] Bug #639510 - SELinux is preventing /usr/libexec/totem-plugin-viewer "write" access on orbit-hicham. https://bugzilla.redhat.com/show_bug.cgi?id=639510 [ 25 ] Bug #639535 - SELinux powstrzymuje /usr/lib/xulrunner-1.9.2/plugin-container "getattr" dostęp on /home/krzysiek/.ICEauthority https://bugzilla.redhat.com/show_bug.cgi?id=639535 [ 26 ] Bug #639573 - SELinux is preventing /usr/libexec/totem-plugin-viewer "setattr" access on orbit-hicham. https://bugzilla.redhat.com/show_bug.cgi?id=639573 [ 27 ] Bug #630111 - SELinux is preventing /usr/libexec/telepathy-haze "search" access on 1. https://bugzilla.redhat.com/show_bug.cgi?id=630111 [ 28 ] Bug #638233 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "read" access on /etc/resolv.conf. https://bugzilla.redhat.com/show_bug.cgi?id=638233 [ 29 ] Bug #639735 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "getattr" access on /etc/resolv.conf. https://bugzilla.redhat.com/show_bug.cgi?id=639735 [ 30 ] Bug #639736 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "name_connect" access . https://bugzilla.redhat.com/show_bug.cgi?id=639736 [ 31 ] Bug #632875 - SELinux is preventing /usr/bin/nspluginscan "read" access on /usr/lib64/mozilla/plugins-wrapped/npwrapper.so. https://bugzilla.redhat.com/show_bug.cgi?id=632875 [ 32 ] Bug #639468 - SELinux está negando a /usr/libexec/gdm-session-worker el acceso "write" on ivan https://bugzilla.redhat.com/show_bug.cgi?id=639468 [ 33 ] Bug #630323 - SELinux is preventing /usr/lib/xulrunner-1.9.2/plugin-container "create" access on #content.adriver.ru. https://bugzilla.redhat.com/show_bug.cgi?id=630323 [ 34 ] Bug #639568 - SELinux is preventing /usr/bin/gtk-gnash "write" access on /home/hicham/.gnash/SharedObjects/s.ytimg.com/soundData.sol. https://bugzilla.redhat.com/show_bug.cgi?id=639568 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org