Fedora 12 Update: selinux-policy-3.6.32-84.fc12

updates at fedoraproject.org updates at fedoraproject.org
Thu Feb 11 14:44:32 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-1492
2010-02-05 00:46:48
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 12
Version     : 3.6.32
Release     : 84.fc12
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20090730

--------------------------------------------------------------------------------
Update Information:

* Thu Feb 04 2010 Dan Walsh <dwalsh at redhat.com> 3.6.32-84   - Fix /var/lib
labeling in post install     * Thu Feb 04 2010 Miroslav Grepl
<mgrepl at redhat.com> 3.6.32-83 - - Fixes for cluster policy     * Wed Feb 03 2010
Miroslav Grepl <mgrepl at redhat.com> 3.6.32-82   - Add label for /root/.Xdefaults
- Allow xauth to read symbolic links on a NFS filesystem   - Add label for
/var/run/slim.lock   - Add mcelog policy     * Tue Feb 02 2010 Miroslav Grepl
<mgrepl at redhat.com> 3.6.32-81   - Allow policykit-auth to set attributes on
fonts cache directory   - Add label for RealPlayer plugins   - Add label for
/usr/sbin/xrdp   - Allow chrome-sandbox to read gnome homedir content   - Allow
rsyslogd to connect to MySQL using a unix domain stream socket   - Allow apache
to list inotifyfs filesystem   - Add label for /dev/pps device - Fixes for
chronyd policy     * Mon Feb 01 2010 Miroslav Grepl <mgrepl at redhat.com>
3.6.32-80   - Allow xdm to execute octave   - Add label for var/run/lxdm.auth
- Allow pppd sys_admin capability   - Allow cups-pdf fowner capability   - Fix
path for cluster binaries   - Fixes for pulseaudio   - Add label for /var/webmin
directory   - Allow prelink execmod on files in home directory   - Allow cups-
config to read process state of all user domains   - Fixes for vmware policy   -
Fixes for lirc policy   - Allow amavis to read utmp     * Fri Jan 29 2010
Miroslav Grepl <mgrepl at redhat.com> 3.6.32-79   - Fix rpm_dontaudit_leaks   - Fix
typo in rgmanager.if   - Fixes for nis policy
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  4 2010 Dan Walsh <dwalsh at redhat.com> 3.6.32-84
- Fix /var/lib labeling in post install
* Thu Feb  4 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-83
- Fixes for cluster policy
* Wed Feb  3 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-82
- Add label for /root/.Xdefaults 
- Allow xauth to read symbolic links on a NFS filesystem
- Add label for /var/run/slim.lock
- Add mcelog policy
* Tue Feb  2 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-81
- Allow policykit-auth to set attributes on fonts cache directory
- Add label for RealPlayer plugins
- Add label for /usr/sbin/xrdp
- Allow chrome-sandbox to read gnome homedir content
- Allow rsyslogd to connect to MySQL using a unix domain stream socket
- Allow apache to list inotifyfs filesystem
- Add label for /dev/pps device
- Fixes for chronyd policy
* Mon Feb  1 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-80
- Allow xdm to execute octave
- Add label for var/run/lxdm.auth
- Allow pppd sys_admin capability
- Allow cups-pdf fowner capability
- Fix path for cluster binaries
- Fixes for pulseaudio
- Add label for /var/webmin directory
- Allow prelink execmod on files in home directory
- Allow cups-config to read process state of all user domains.
- Fixes for vmware policy
- Fixes for lirc policy
- Allow amavis to read utmp
* Fri Jan 29 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-79
- Fix rpm_dontaudit_leaks
- Fix typo in rgmanager.if
- Fixes for nis policy
* Wed Jan 27 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-78
- Allow to openvpn to read utmp
- Allow xdm to read the video4linux devices
- Add label for /etc/openldap/slapd.d directory
- Allow tgtd to manage fixed disk device nodes
- Allow chsh to execute nxserver
- Allow abrt_helper to send system log messages
- Add label for /etc/zabbix/web directory
- Add label for /sbin/mke4fs
* Mon Jan 25 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-77
- Allow xenstored to manage files on on a XENFS filesystem
- Allow cupsd to setattr on a fonts cache directory
- Allot smolt-client to send system log messages
* Fri Jan 22 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-76
- Add labeling for gitweb
- Allow plymouth to read and write the /dev/ptmx
- Fixes for sanbox 
- Allow nagios_services_plugin_t to read snmpd libraries
* Thu Jan 21 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-75
- Allow sulogin to talk to console and tty_device_t
* Wed Jan 20 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-74
- Fixes for afs
- Remove transtion from system_cronjob to gpg domain
* Tue Jan 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-73
- Add labeling for /var/lib/avahi-autoipd directory
* Tue Jan 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-72
- Fixes for memcached from Dan Walsh
- Allow podsleuth to read user tmpfs files
- Allow tftpd to read system state information in proc
- Fixes for sssd from Dan Walsh
- Allow snmpd chown capability
* Fri Jan 15 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-71
- Allow hotplug to transition to brctl domain
- Fixes for sftpd
* Tue Jan 12 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-70
- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
* Mon Jan 11 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-69
- Fixes for iscsid
- Allow openvpn to bind to http port
- Add wine_mmap_zero_ignore boolean
* Fri Jan  8 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-68
- Fixes for xenconsoled
- Allow xauth to connectto xserver_t unix_stream_socket
- Add textrel_shlib_t fixes
- Add labeling for LXDM
- Allow cupsd_lpd_t to setattr fontconfig directory
- Allow abrt to getattr on all character file device nodes.
- Add labeling for the rest nagios plugins
* Wed Jan  6 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-67
- Allow snmbd to send itself signal
- Allow virt_domain to read /dev/random
- Allow apcupsd to send itself signull
- Allow swat to transition to nmbd
- Add textrel_shlib_t label for /usr/local/lib/codecs/
* Mon Jan  4 2010 Dan Walsh <dwalsh at redhat.com> 3.6.32-66
- Allow lircd to use tcp_socket and connect/bind to port 8675
* Wed Dec 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-65
- Allow traceroute to use all terms
- Fix mgetty use for faxes
- Dontaudit xdm listing fusefs
- Allow xguest to resolve host names
- Allow abrt to read noxattr filesystems (cdrom)
- Allow abrt_helper to send itself signals
- Allow amavis to read certs
- Allow apache to bind to port 3000 (Ruby on rails)
- Asterist uses mysql and snmp
- Allow consolekit to write wtmp file for shutdown
- Allow cups ipc_lock
- Allow hal to transition to ppp
- Fix mailman labels for 64 bit systems
- dontaudit system_mail access to leaked terminals
- Allow mysqld_safe_t to unlink mysqld pid files
- nrpe_t uses getpw calls
- Allow NetworkManager to delete ppp pid files
- Allow pptp_t to sens userdomain signals
- Allow prelude to connect to mysql
- Allow swat to start winbind server
- Fixes for snort
- Allow telnetd to setattr user terminals
- Allow qemu to read fusefs
- Allow domains that have telinit to connectto upstart unix_stream_socket
- Dontaudit ipsec_mgmt sys_tty_config
- Fix labels for postgrestgres test suite
- Other textrel_shlib_t fixes
* Wed Dec 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-64
- Update to Rawhide filesystem.if file
- Allow abrt to read nfs
- Allow cups to search fusefs
- Allow dovecot_auth to search var_log
- Fix label on ksmtuned.pid
- Dontaudit policykit looking at mount points
- Allow xdm to manage /var/cache/fontconfig
- Allow xenstored to search xenfs
* Tue Dec 22 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-63
- Allow sendmail setpgid
- Allow dovecot to read nfs homedirs
* Mon Dec 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-62
- Add label for /var/ekpd
- Allow portreserve to look at bin files
- Allow gssd to ask the kernel to load modules
- If you can run mount you can run fusermount
* Mon Dec 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-61
- Fixes for sandbox_x_server
- Fix ntop policy
- Sandbox fixes
* Fri Dec 18 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-60
- Fixs for cluster policy
- mysql_safe fixes
- Fixes for sssd
- Cgroup access for virtd
- Dontaudit fail2ban leaks
* Tue Dec 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-59
- Dontaudit udp_socket leaks for xauth_t
- Dontaudit rules for iceauth_t
- Let locate read symlinks on noxattr file systems
- Remove wine from unconfined domain if unconfined pp removed
- Add labels for vhostmd
- Add port 546 as a dhcpc port
- Add labeled for /dev/dahdi
- Add certmonger policy
- Allow sysadm to communicate with racoon and zebra
- Allow dbus service dbus_chat with unconfined_t
- Fixes for xguest
- Add dontaudits for abrt
- file contexts for mythtv
- Lots of fixes for asterisk
- Fix file context for certmaster
- Add log dir for dovecot
- Policy for ksmtuned
- File labeling and fixes for mysql and mysql_safe
- New plugin infrstructure for nagios
- Allow nut_upsd_t dac_override
- File context fixes for nx
- Allow oddjob_mkhomedir to create homedir
- Add pcscd_pub interfaces to be used by xdm
- Add stream connect from fenced to corosync
- Fixes for swat
- Allow fsdaemon to manage scsi devices
- Policy for tgtd
- Policy for vhostmd
- Allow ipsec to create tmp files
- Change label on fusermount
* Thu Dec 10 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-58
- Dontaudit udp_socket leaks for xauth_t
* Wed Dec  9 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-57
- Allow unconfined_t to send dbus messages to setroubleshoot
- Allow confined screen app to setattr on user ttys
- remove wine_t from unconfined domain when unconfined.pp disabled
- Allow sysadm_t to communicate with racoon
- Allow xauth to be run from all unconfined user types
- Fix labeling on all /var/cache/mod_* apps
- Allow asterisk to communicate with postgresql
- Fix labeling for /var/lib/certmaster
- Add policy for ksmtuned and tgtd
- Fixes fro vhostmd
* Mon Dec  7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-56
- Dontaudit exec of fusermount from xguest
- Allow licrd to use mouse_device
- Allow sysadm_t to connect to zebra stream socket
- Dontaudit policykit_auth trying to config terminal
- Allow logrotate and asterisk to execute asterisk
- Allow logrotate to read var_lib files (zope) and connect to fail2ban stream
- Allow firewallgui to communicate with unconfined_t
- Allow podsleuth to ask the kernel to load modules
- Fix labeling on vhostmd scripts
- Remove transition from unconfined_t to windbind_helper_t
- Allow abrt_helper to look at inotify
- Fix labels for mythtv
- Allow apache to signal sendmail
- allow asterisk to send mail
- Allow rpcd to get and setcap
- Add tor_bind_all_unreserved_ports boolean
- Add policy for vhostmd
- MOre textrel_shlib_t files
- Add rw_herited_term_perms
* Thu Dec  3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-55
- Add fprintd_chat(unconfined_t) to fix su timeout problem
- Make xguest follow allow_execstack boolean
- Dontaudit dbus looking at nfs
* Thu Dec  3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-54
- Require selinux-policy from selinux-policy-TYPE
- Add labeling to /usr/lib/win32 textrel_shlib_t
- dontaudit all leaks for abrt_helper
- Fix labeling for mythtv
- Dontaudit setroubleshoot_fix leaks
- Allow xauth_t to read usr_t
- Allow iptables to use fifo files
- Fix labeling on /var/lib/wifiroamd
* Tue Dec  1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-53
- Remove transition from dhcpc_t to consoletype_t, just allow exec
- Fixes for prelink cron job
- Fix label on yumex backend
- Allow unconfined_java_t to communicate with iptables
- Allow abrt to read /tmp files
- Fix nut/ups policy
* Tue Dec  1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-52
- Major fixup of ntop policy
- Fix label on /usr/lib/xorg/modules/extensions/libglx.so.195.22
- Allow xdm to signal session bus
- Allow modemmanager to use generic ptys, and sys_tty_config capability
- Allow abrt_helper chown access, dontaudit leaks
- Allow logwatch to list cifs and nfs file systems
- Allow kismet to read network state
- Allow cupsd_config_t to connecto unconfined unix_stream
- Fix avahi labeling and allow avahi to manage /etc/resolv.conf
- Allow sshd to read usr_t files
- Allow login programs to manage pcscd_var_run_t files
- Allow tor to read usr_t files
* Wed Nov 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-51
- Mark google shared libraries as requiring textrel_shlib
- Allow svirt to bind/connect to network ports
- Add label for .libvirt directory.
* Tue Nov 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-50
- Allow modemmanager sys_admin
* Mon Nov 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-49
- Allow sssd to read all processes domain
* Mon Nov 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-48
- Abrt connect to any port
- Dontaudit chrome-sandbox trying to getattr on all processes
- Allow passwd to execute gnome-keyring
- Allow chrome_sandbox_t to read home content inherited from the parent
- Fix eclipse labeling
- Allow mozilla to connect to flash port
- Allow pulseaudio to connect to unix_streams
- Allow sambagui to read secrets file
- Allow mount to mount unlabeled files
- ALlow abrt to use ypbind, send kill signals
- Allow arpwatch to create socket class
- Allow asterisk to read urand
- Allow corosync to communicate with user tmpfs
- Allow devicedisk to read virt images block devices
- Allow gpsd to sys_tty_config
- Fix nagios interfaces
- Policy for nagios plugins
- Fixes for nx 
- Allow rtkit_daemon to read locale file
- Allow snort to create socket 
- Additional perms for xauth
- lots of textrel_lib_t file context
* Tue Nov 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-47
- Make mozilla call in execmem.if optional to fix build of minimum install
- Allow uucpd to execute shells and send mail
- Fix label on libtfmessbsp.so
* Mon Nov 16 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-46
- abrt needs more access to rpm pid files
- Abrt wants to execute its own tmp files
- abrt needs to write sysfs 
- abrt needs to search all file system dirs
- logrotate and tmpreaper need to be able to manage abrt cache
- rtkit_daemon needs to be able to setsched on lots of user apps
- networkmanager creates dirs in /var/lib
- plymouth executes lvm tools
* Fri Nov 13 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-45
- Allow mount on dos file systems
- fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses
* Thu Nov 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-44
- Add lighttpd file context to apache.fc
- Allow tmpreaper to read /var/cache/yum
- Allow kdump_t sys_rawio
- Add execmem_exec_t context for /usr/bin/aticonfig
- Allow dovecot-deliver to signull dovecot
- Add textrel_shlib_t to /usr/lib/libADM5avcodec.so
* Tue Nov 10 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-43
- Fix transition so unconfined_exemem_t creates user_tmp_t
- Allow chrome_sandbox_t to write to user_tmp_t when printing
- Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files
- Allow execmem_t to execmod files in mozilla_home_t
- Allow firewallgui to communicate with nscd
* Mon Nov  9 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-42
- Allow kdump to read the kernel core interface 
- Dontaudit abrt read all files in home dir
- Allow kismet client to write to .kismet dir in homedir
- Turn on  asterisk policy and allow logrotate to communicate with it
- Allow abrt to manage rpm cache files
- Rules to allow sysadm_t to install a kernel
- Allow local_login to read console_device_t to Z series logins
- Allow automount and devicekit_disk to search all filesystem dirs
- Allow corosync to setrlimit
- Allow hal to read modules.dep
- Fix xdm using pcscd
- Dontaudit gssd trying to write user_tmp_t, kerberos libary problem.
- Eliminate transition from unconifned_t to loadkeys_t
- Dontaudit several leaks to xauth_t
- Allow xdm_t to search for man pages
- Allow xdm_dbus to append to xdm log
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #541946 - SELinux is preventing /bin/dbus-daemon access to a leaked unix_dgram_socket file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=541946
  [ 2 ] Bug #546030 - SELinux is preventing the /usr/bin/pulseaudio from using potentially mislabeled files (autospawn.lock).
        https://bugzilla.redhat.com/show_bug.cgi?id=546030
  [ 3 ] Bug #552885 - SELinux blocks LXDM
        https://bugzilla.redhat.com/show_bug.cgi?id=552885
  [ 4 ] Bug #557873 - SELinux is preventing /sbin/iptables-multi access to a leaked tcp_socket file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=557873
  [ 5 ] Bug #558622 - samba_enable_home_dirs if 0 (man page explains) but maybe reporting 'access denied' into the logs would be good
        https://bugzilla.redhat.com/show_bug.cgi?id=558622
  [ 6 ] Bug #558805 - SELinux is preventing /usr/bin/kdeinit4 "execute" access on /usr/bin/octave-3.2.3.
        https://bugzilla.redhat.com/show_bug.cgi?id=558805
  [ 7 ] Bug #559437 - SELinux is preventing /usr/libexec/abrt-hook-python "getattr" access on /.
        https://bugzilla.redhat.com/show_bug.cgi?id=559437
  [ 8 ] Bug #559438 - SELinux is preventing /bin/plymouth "read" access on cmdline.
        https://bugzilla.redhat.com/show_bug.cgi?id=559438
  [ 9 ] Bug #559450 - SELinux is preventing /usr/libexec/abrt-hook-python "create" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=559450
  [ 10 ] Bug #559487 - SELinux is preventing /usr/sbin/dovecot "create" access on dovecot.conf.
        https://bugzilla.redhat.com/show_bug.cgi?id=559487
  [ 11 ] Bug #559574 - SELinux is preventing /usr/libexec/polkit-1/polkitd "search" access on /root/.config.
        https://bugzilla.redhat.com/show_bug.cgi?id=559574
  [ 12 ] Bug #560118 - SELinux is preventing /usr/bin/qemu-system-x86_64 "read" access on Documents and Settings.
        https://bugzilla.redhat.com/show_bug.cgi?id=560118
  [ 13 ] Bug #560122 - SELinux is preventing /usr/sbin/sendmail.sendmail access to a leaked unix_stream_socket file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=560122
  [ 14 ] Bug #560186 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin "open" access on pulse-shm-178669718.
        https://bugzilla.redhat.com/show_bug.cgi?id=560186
  [ 15 ] Bug #560205 - SELinux is preventing /usr/sbin/wpa_supplicant access to a leaked /var/log/wicd.log file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=560205
  [ 16 ] Bug #560220 - SELinux is preventing /usr/lib/cups/backend/cups-pdf "fowner" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=560220
  [ 17 ] Bug #560267 - SELinux is preventing /usr/bin/pulseaudio "read" access on /dev/snd/controlC0.
        https://bugzilla.redhat.com/show_bug.cgi?id=560267
  [ 18 ] Bug #560294 - SELinux is preventing /opt/real/RealPlayer/realplay.bin from loading /opt/real/RealPlayer/plugins/swfrender.so which requires text relocation.
        https://bugzilla.redhat.com/show_bug.cgi?id=560294
  [ 19 ] Bug #560297 - SELinux is preventing /sbin/hwclock access to a leaked /var/webmin/miniserv.error file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=560297
  [ 20 ] Bug #560305 - SELinux is preventing /lib/ld-2.11.1.so from loading /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libnnz10.so which requires text relocation.
        https://bugzilla.redhat.com/show_bug.cgi?id=560305
  [ 21 ] Bug #560370 - SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1 "read" access on /dev/video0.
        https://bugzilla.redhat.com/show_bug.cgi?id=560370
  [ 22 ] Bug #560390 - SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1 "getattr" access on /root/.pam-face-authentication/config/mace.xml.
        https://bugzilla.redhat.com/show_bug.cgi?id=560390
  [ 23 ] Bug #560393 - SELinux is preventing /sbin/mount.fuse.ifuse "getattr" access on /var/run/usbmuxd.
        https://bugzilla.redhat.com/show_bug.cgi?id=560393
  [ 24 ] Bug #560417 - SELinux is preventing /usr/bin/python "search" access on /root/.local.
        https://bugzilla.redhat.com/show_bug.cgi?id=560417
  [ 25 ] Bug #560520 - SELinux is preventing /usr/bin/mono from using potentially mislabeled files inotify.
        https://bugzilla.redhat.com/show_bug.cgi?id=560520
  [ 26 ] Bug #560557 - SELinux is preventing /usr/libexec/polkit-gnome-authentication-agent-1.#prelink#.H5skzc (deleted) "setattr" access on /var/cache/fontconfig.
        https://bugzilla.redhat.com/show_bug.cgi?id=560557
  [ 27 ] Bug #560644 - SELinux is preventing /sbin/rsyslogd "search" access on /var/lib/mysql.
        https://bugzilla.redhat.com/show_bug.cgi?id=560644
  [ 28 ] Bug #560689 - chrony policy update
        https://bugzilla.redhat.com/show_bug.cgi?id=560689
  [ 29 ] Bug #560759 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "read" access on /home/bioy/.config/chromium/Default/databases/chrome-extension_nfboenbdenomdojedikbbgoemlghpkjn_0.
        https://bugzilla.redhat.com/show_bug.cgi?id=560759
  [ 30 ] Bug #561177 - SELinux is preventing /usr/bin/python "search" access on /root/.local.
        https://bugzilla.redhat.com/show_bug.cgi?id=561177
  [ 31 ] Bug #561539 - SELinux is preventing /usr/bin/slim "unlink" access on /var/run/slim.lock.
        https://bugzilla.redhat.com/show_bug.cgi?id=561539
  [ 32 ] Bug #559587 - SELinux is preventing rpc.ypxfrd "lock" access on /var/run/ypxfrd.pid.
        https://bugzilla.redhat.com/show_bug.cgi?id=559587
  [ 33 ] Bug #559703 - SELinux is preventing /bin/mailx "getattr" access on /var/run/packagekit-cron.9HXVBh.
        https://bugzilla.redhat.com/show_bug.cgi?id=559703
  [ 34 ] Bug #559756 - SELinux is preventing /usr/bin/xauth "read" access on @sys.
        https://bugzilla.redhat.com/show_bug.cgi?id=559756
  [ 35 ] Bug #559819 - SELinux is preventing /usr/sbin/pppd "sys_admin" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=559819
  [ 36 ] Bug #559843 - SELinux is preventing /usr/bin/metacity "write" access on /var/run/pulse/native.
        https://bugzilla.redhat.com/show_bug.cgi?id=559843
  [ 37 ] Bug #559859 - SELinux is preventing /usr/bin/python "create" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=559859
  [ 38 ] Bug #560003 - the ever growing config file
        https://bugzilla.redhat.com/show_bug.cgi?id=560003
  [ 39 ] Bug #560320 - SELinux is preventing /usr/libexec/cups-pk-helper-mechanism "read" access on /proc/<pid>/cmdline.
        https://bugzilla.redhat.com/show_bug.cgi?id=560320
  [ 40 ] Bug #560321 - SELinux is preventing /usr/bin/python "execute" access on /tmp/ffiSwFIhF (deleted).
        https://bugzilla.redhat.com/show_bug.cgi?id=560321
  [ 41 ] Bug #560337 - SELinux is preventing /usr/sbin/lircd "sys_admin" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=560337
  [ 42 ] Bug #560382 - SELinux is preventing /usr/lib/vmware-tools/sbin32/vmware-guestd "write" access on /tmp.
        https://bugzilla.redhat.com/show_bug.cgi?id=560382
  [ 43 ] Bug #560388 - SELinux is preventing /usr/libexec/abrt-hook-python access to a leaked socket file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=560388
  [ 44 ] Bug #560488 - SELinux is preventing /usr/libexec/gdm-simple-slave "read" access on /root/.Xdefaults.
        https://bugzilla.redhat.com/show_bug.cgi?id=560488
  [ 45 ] Bug #561007 - SELinux is preventing /sbin/mount.cifs "read" access on /home/joel/.smbpasswd.
        https://bugzilla.redhat.com/show_bug.cgi?id=561007
  [ 46 ] Bug #561031 - SELinux is preventing /usr/bin/python "search" access on /root/.local.
        https://bugzilla.redhat.com/show_bug.cgi?id=561031
  [ 47 ] Bug #561058 - SELinux is preventing /usr/libexec/polkit-1/polkitd "getattr" access on /root/.config/user-dirs.dirs.
        https://bugzilla.redhat.com/show_bug.cgi?id=561058
  [ 48 ] Bug #561080 - SELinux is preventing /usr/bin/xauth "read" access on @sys.
        https://bugzilla.redhat.com/show_bug.cgi?id=561080
  [ 49 ] Bug #561091 - SELinux is preventing /usr/bin/xauth "write" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=561091
  [ 50 ] Bug #561100 - SELinux prevented tuned from reading from the urandom device.
        https://bugzilla.redhat.com/show_bug.cgi?id=561100
  [ 51 ] Bug #561481 - SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files .wapi.
        https://bugzilla.redhat.com/show_bug.cgi?id=561481
  [ 52 ] Bug #559298 - SELinux is preventing /usr/sbin/smbd "connectto" access on /var/run/slapd-*.socket
        https://bugzilla.redhat.com/show_bug.cgi?id=559298
  [ 53 ] Bug #560411 - SELinux is preventing /usr/bin/uptime "read" access on /var/run/utmp
        https://bugzilla.redhat.com/show_bug.cgi?id=560411
  [ 54 ] Bug #560317 - SELinux is preventing /usr/sbin/NetworkManager "create" access on NetworkManager.state.5ACA7U.
        https://bugzilla.redhat.com/show_bug.cgi?id=560317
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list