-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-98603a3cde 2019-04-29 01:40:59.966398 --------------------------------------------------------------------------------

Name : selinux-policy Product : Fedora 30 Version : 3.14.3 Release : 32.fc30 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux Base package for SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117

-------------------------------------------------------------------------------- Update Information:

More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1257499 -------------------------------------------------------------------------------- ChangeLog:

* Thu Apr 25 2019 Lukas Vrabec lvrabec@redhat.com - 3.14.3-32 - Introduce deny_bluetooth boolean - Allow greylist_milter_t to read network system state BZ(1702672) - Allow freeipmi domains to mmap freeipmi_var_cache_t files - Allow rhsmcertd_t and rpm_t domains to chat over dbus - Allow thumb_t domain to delete cache_home_t files BZ(1701643) - Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind over dbus - Add new interface boltd_dbus_chat() - Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791) - Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750) - Allow cockpit_ws_t domain to set limits BZ(1701703) - Update Nagios policy when sudo is used - Deamon rhsmcertd is able to install certs for docker again - Introduce deny_bluetooth boolean - Don't allow a container to connect to random services - Remove file context /usr/share/spamassassin/sa-update.cron -> bin_t to label sa-update.cron as spamd_update_exec_t. - Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus - Allow unconfined_t to use bpf tools - Allow x_userdomains to communicate with boltd daemon over dbus * Fri Apr 19 2019 Lukas Vrabec lvrabec@redhat.com - 3.14.3-31 - Fix typo in cups SELinux policy - Allow iscsid_t to read modules deps BZ(1700245) - Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442) - Allow httpd_rotatelogs_t to execute generic binaries - Update system_dbus policy because of dbus-broker-20-2 - Allow httpd_t doman to read/write /dev/zero device BZ(1700758) - Allow tlp_t domain to read module deps files BZ(1699459) - Add file context for /usr/lib/dotnet/dotnet - Update dev_rw_zero() interface by adding map permission - Allow bounded transition for executing init scripts -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1701643 - SELinux is preventing pool-tumblerd from 'unlink' accesses on the file 67df3f1cac7a74531f2f433d15409aaa.png. https://bugzilla.redhat.com/show_bug.cgi?id=1701643 [ 2 ] Bug #1701791 - Denials of ModemManager sending messages to fwupd when gnome-software was started in F30 https://bugzilla.redhat.com/show_bug.cgi?id=1701791 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-98603a3cde' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------