--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-98603a3cde
2019-04-29 01:40:59.966398
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 30
Version : 3.14.3
Release : 32.fc30
URL :
https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
More info:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1257499
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 25 2019 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.3-32
- Introduce deny_bluetooth boolean
- Allow greylist_milter_t to read network system state BZ(1702672)
- Allow freeipmi domains to mmap freeipmi_var_cache_t files
- Allow rhsmcertd_t and rpm_t domains to chat over dbus
- Allow thumb_t domain to delete cache_home_t files BZ(1701643)
- Update gnome_role_template() to allow _gkeyringd_t domains to chat with systemd_logind
over dbus
- Add new interface boltd_dbus_chat()
- Allow fwupd_t and modemmanager_t domains to communicate over dbus BZ(1701791)
- Allow keepalived_t domain to create and use netlink_connector sockets BZ(1701750)
- Allow cockpit_ws_t domain to set limits BZ(1701703)
- Update Nagios policy when sudo is used
- Deamon rhsmcertd is able to install certs for docker again
- Introduce deny_bluetooth boolean
- Don't allow a container to connect to random services
- Remove file context /usr/share/spamassassin/sa-update\.cron -> bin_t to label
sa-update.cron as spamd_update_exec_t.
- Allow systemd_logind_t and systemd_resolved_t domains to chat over dbus
- Allow unconfined_t to use bpf tools
- Allow x_userdomains to communicate with boltd daemon over dbus
* Fri Apr 19 2019 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.3-31
- Fix typo in cups SELinux policy
- Allow iscsid_t to read modules deps BZ(1700245)
- Allow cups_pdf_t domain to create cupsd_log_t dirs in /var/log BZ(1700442)
- Allow httpd_rotatelogs_t to execute generic binaries
- Update system_dbus policy because of dbus-broker-20-2
- Allow httpd_t doman to read/write /dev/zero device BZ(1700758)
- Allow tlp_t domain to read module deps files BZ(1699459)
- Add file context for /usr/lib/dotnet/dotnet
- Update dev_rw_zero() interface by adding map permission
- Allow bounded transition for executing init scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701643 - SELinux is preventing pool-tumblerd from 'unlink' accesses
on the file 67df3f1cac7a74531f2f433d15409aaa.png.
https://bugzilla.redhat.com/show_bug.cgi?id=1701643
[ 2 ] Bug #1701791 - Denials of ModemManager sending messages to fwupd when
gnome-software was started in F30
https://bugzilla.redhat.com/show_bug.cgi?id=1701791
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-98603a3cde' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------