Fedora 14 Update: selinux-policy-3.9.5-10.fc14
updates at fedoraproject.org
updates at fedoraproject.org
Tue Oct 5 13:10:16 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-15790
2010-10-05 13:01:49
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 14
Version : 3.9.5
Release : 10.fc14
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 4 2010 Dan Walsh <dwalsh at redhat.com> 3.9.5-10
- Start adding support for use_fusefs_home_dirs
- Add /var/lib/syslog directory file context
- Add /etc/localtime as locale file context
* Thu Sep 30 2010 Dan Walsh <dwalsh at redhat.com> 3.9.5-9
- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user
- Turn off iptables from unconfined user
- Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
- locate tried to read a symbolic link, will dontaudit
- New labels for telepathy-sunshine content in homedir
- Google is storing other binaries under /opt/google/talkplugin
- bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
- Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
- modemmanger and bluetooth send dbus messages to devicekit_power
- Samba needs to getquota on filesystems labeld samba_share_t
* Wed Sep 29 2010 Dan Walsh <dwalsh at redhat.com> 3.9.5-8
- Dontaudit attempts by xdm_t to write to bin_t for kdm
- Allow initrc_t to manage system_conf_t
* Mon Sep 27 2010 Dan Walsh <dwalsh at redhat.com> 3.9.5-7
- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory.
- Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets
- Allow confined users to read xdm_etc_t files
- Allow xdm_t to transition to xauth_t for lxdm program
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #637822 - selinux blocks /usr/share/smartmontools/driverdb.h from updated smartmontools
https://bugzilla.redhat.com/show_bug.cgi?id=637822
[ 2 ] Bug #638393 - ssh_home_t versus home_ssh_t confusion in ssh.fc
https://bugzilla.redhat.com/show_bug.cgi?id=638393
[ 3 ] Bug #638212 - SELinux is preventing /bin/umount "unlink" access on mtab.
https://bugzilla.redhat.com/show_bug.cgi?id=638212
[ 4 ] Bug #638155 - nspluginscan Triggering SELinux Security Alerts
https://bugzilla.redhat.com/show_bug.cgi?id=638155
[ 5 ] Bug #637986 - SELinux verhindert /usr/lib64/xulrunner-1.9.2/plugin-container "setattr" Zugriff on /home/any0n3/.pulse.
https://bugzilla.redhat.com/show_bug.cgi?id=637986
[ 6 ] Bug #638296 - SELinux is preventing /usr/libexec/totem-plugin-viewer "write" access on /home/hicham/.gstreamer-0.10.
https://bugzilla.redhat.com/show_bug.cgi?id=638296
[ 7 ] Bug #637524 - SELinux verhindert /usr/lib64/xulrunner-1.9.2/plugin-container "remove_name" Zugriff on CBSI_Eidothea_Volume.sxx.
https://bugzilla.redhat.com/show_bug.cgi?id=637524
[ 8 ] Bug #638763 - SELinux is preventing /usr/bin/Xorg "read write" access on /SYSV00000000 (deleted).
https://bugzilla.redhat.com/show_bug.cgi?id=638763
[ 9 ] Bug #638919 - SELinux is preventing /usr/libexec/telepathy-haze "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=638919
[ 10 ] Bug #638903 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin "listen" access .
https://bugzilla.redhat.com/show_bug.cgi?id=638903
[ 11 ] Bug #638900 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from executing /opt/google/talkplugin/GoogleTalkPlugin.
https://bugzilla.redhat.com/show_bug.cgi?id=638900
[ 12 ] Bug #639174 - SELinux is preventing /usr/lib64/xulrunner-2.0b6/plugin-container "write" access on /dev/video0.
https://bugzilla.redhat.com/show_bug.cgi?id=639174
[ 13 ] Bug #639172 - SELinux is preventing /usr/bin/sudo "signal" access .
https://bugzilla.redhat.com/show_bug.cgi?id=639172
[ 14 ] Bug #639142 - SELinux verhindert /usr/bin/pulseaudio "execute" Zugriff on /usr/bin/pulseaudio.
https://bugzilla.redhat.com/show_bug.cgi?id=639142
[ 15 ] Bug #639136 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "open" access on /home/gene/.asoundrc.
https://bugzilla.redhat.com/show_bug.cgi?id=639136
[ 16 ] Bug #590883 - qt-4.7.x : SELinux is preventing ... "write" access on ...
https://bugzilla.redhat.com/show_bug.cgi?id=590883
[ 17 ] Bug #639175 - SELinux is preventing /usr/lib64/xulrunner-2.0b6/plugin-container "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=639175
[ 18 ] Bug #639659 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin "getattr" access on $HOME
https://bugzilla.redhat.com/show_bug.cgi?id=639659
[ 19 ] Bug #639579 - SELinux is preventing /usr/bin/gtk-gnash "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=639579
[ 20 ] Bug #639589 - SELinux is preventing /usr/bin/gtk-gnash "execute" access on /tmp/orcexec.orc_audio_convert_pack_s16.toqzIi (deleted).
https://bugzilla.redhat.com/show_bug.cgi?id=639589
[ 21 ] Bug #639572 - SELinux is preventing /usr/libexec/totem-plugin-viewer "create" access on linc-c7d-0-4d35d79d29f8.
https://bugzilla.redhat.com/show_bug.cgi?id=639572
[ 22 ] Bug #639539 - SELinux is preventing /usr/bin/nspluginscan "execute" access on /home/timali/.mozilla/plugins/libflashplayer.so.
https://bugzilla.redhat.com/show_bug.cgi?id=639539
[ 23 ] Bug #639512 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config access to a leaked /dev/dri/card0 file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=639512
[ 24 ] Bug #639510 - SELinux is preventing /usr/libexec/totem-plugin-viewer "write" access on orbit-hicham.
https://bugzilla.redhat.com/show_bug.cgi?id=639510
[ 25 ] Bug #639535 - SELinux powstrzymuje /usr/lib/xulrunner-1.9.2/plugin-container "getattr" dostęp on /home/krzysiek/.ICEauthority
https://bugzilla.redhat.com/show_bug.cgi?id=639535
[ 26 ] Bug #639573 - SELinux is preventing /usr/libexec/totem-plugin-viewer "setattr" access on orbit-hicham.
https://bugzilla.redhat.com/show_bug.cgi?id=639573
[ 27 ] Bug #630111 - SELinux is preventing /usr/libexec/telepathy-haze "search" access on 1.
https://bugzilla.redhat.com/show_bug.cgi?id=630111
[ 28 ] Bug #638233 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "read" access on /etc/resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=638233
[ 29 ] Bug #639735 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "getattr" access on /etc/resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=639735
[ 30 ] Bug #639736 - SELinux is preventing /usr/lib64/xulrunner-1.9.2/plugin-container "name_connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=639736
[ 31 ] Bug #632875 - SELinux is preventing /usr/bin/nspluginscan "read" access on /usr/lib64/mozilla/plugins-wrapped/npwrapper.so.
https://bugzilla.redhat.com/show_bug.cgi?id=632875
[ 32 ] Bug #639468 - SELinux está negando a /usr/libexec/gdm-session-worker el acceso "write" on ivan
https://bugzilla.redhat.com/show_bug.cgi?id=639468
[ 33 ] Bug #630323 - SELinux is preventing /usr/lib/xulrunner-1.9.2/plugin-container "create" access on #content.adriver.ru.
https://bugzilla.redhat.com/show_bug.cgi?id=630323
[ 34 ] Bug #639568 - SELinux is preventing /usr/bin/gtk-gnash "write" access on /home/hicham/.gnash/SharedObjects/s.ytimg.com/soundData.sol.
https://bugzilla.redhat.com/show_bug.cgi?id=639568
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list