--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-8d26207af7
2021-05-04 01:00:35.907249
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 34
Version : 34.4
Release : 1.fc34
URL :
https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux core policy package.
Originally based off of reference policy,
the policy has been adjusted to provide support for Fedora.
--------------------------------------------------------------------------------
Update Information:
New F34 selinux-policy build
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 27 2021 Zdenek Pytela <zpytela(a)redhat.com> - 34.4-1
- Allow domain create anonymous inodes
- Add anon_inode class to the policy
- Allow systemd-coredump getattr nsfs files and net_admin capability
- Allow systemd-sleep transition to sysstat_t
- Allow systemd-sleep transition to tlp_t
- Allow systemd-sleep transition to unconfined_service_t on bin_t executables
- Allow systemd-timedated watch runtime dir and its parent
- Allow system dbusd read /var/lib symlinks
- Allow unconfined_service_t confidentiality and integrity lockdown
- Label /var/lib/brltty with brltty_var_lib_t
- Allow domain and unconfined_domain_type watch /proc/PID dirs
- Additional permission for confined users loging into graphic session
- Make for screen fsetid/setuid/setgid permission conditional
- Allow for confined users acces to wtmp and run utempter
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1767745 - Confined users trigger AVC denial when screen accesses wtmp
https://bugzilla.redhat.com/show_bug.cgi?id=1767745
[ 2 ] Bug #1948222 - SELinux is preventing /opt/google/chrome-unstable/chrome from
'watch' accesses on the directory /proc/<pid>.
https://bugzilla.redhat.com/show_bug.cgi?id=1948222
[ 3 ] Bug #1949315 - SELinux is preventing systemd-timesyn from watch access on the
directory /.
https://bugzilla.redhat.com/show_bug.cgi?id=1949315
[ 4 ] Bug #1949785 - SELinux is preventing dbus-daemon from 'read' accesses on
the lnk_file /var/lib/flatpak/exports/share/dbus-1/services/org.gnome.GTG.service.
https://bugzilla.redhat.com/show_bug.cgi?id=1949785
[ 5 ] Bug #1952163 - SELinux is preventing systemd-coredum from 'getattr'
accesses on the file file.
https://bugzilla.redhat.com/show_bug.cgi?id=1952163
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-8d26207af7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------