Fedora 16 Update: selinux-policy-3.10.0-38.fc16

Sun Oct 9 19:37:11 UTC 2011

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13775
2011-10-04 20:40:57
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 16
Version     : 3.10.0
Release     : 38.fc16
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

- Allow logrotate setuid and setgid since logrotate is supposed to do it
- Fixes for thumb policy by grift
- Add new nfsd ports
- Added fix to allow confined apps to execmod on chrome
- Add labeling for additional vdsm directories
- Allow Exim and Dovecot SASL
- Add label for /var/run/nmbd
- Add fixes to make virsh and xen working together
- Colord executes ls
- /var/spool/cron  is now labeled as user_cron_spool_t
- Add support for Clustered Samba commands
-  Allow ricci_modrpm_t to send log msgs
- move permissive virt_qmf_t from virt.te to permissivedomains.te
- Allow ssh_t to use kernel keyrings
- Add policy for libvirt-qmf and more fixes for linux containers
- Initial Polipo
- Sanlock needs to run ranged in order to kill svirt processes
- Allow smbcontrol to stream connect to ctdbd
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #733127 - SELinux prevents the NFS server from coming up.
        https://bugzilla.redhat.com/show_bug.cgi?id=733127
  [ 2 ] Bug #742095 - SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown.
        https://bugzilla.redhat.com/show_bug.cgi?id=742095
  [ 3 ] Bug #743336 - SELinux is preventing /lib/systemd/systemd-logind from 'search' accesses on the directory dconf.
        https://bugzilla.redhat.com/show_bug.cgi?id=743336
  [ 4 ] Bug #743337 - SELinux is preventing /lib/systemd/systemd-logind from 'getattr' accesses on the directory /run/user/gdm/dconf.
        https://bugzilla.redhat.com/show_bug.cgi?id=743337
  [ 5 ] Bug #743339 - SELinux is preventing /sbin/ldconfig from 'write' accesses on the file /home/james.cape/.config/autostart/dropbox.desktop.
        https://bugzilla.redhat.com/show_bug.cgi?id=743339
  [ 6 ] Bug #743340 - SELinux is preventing /bin/systemctl from 'getattr' accesses on the file /proc/<pid>/comm.
        https://bugzilla.redhat.com/show_bug.cgi?id=743340
  [ 7 ] Bug #743539 - nmb.service fails to start
        https://bugzilla.redhat.com/show_bug.cgi?id=743539
  [ 8 ] Bug #743701 - SELinux is preventing /bin/systemctl from 'read' accesses on the directory system.
        https://bugzilla.redhat.com/show_bug.cgi?id=743701
  [ 9 ] Bug #739896 - Snmpd isn't allowed to tell systemd it is up and running
        https://bugzilla.redhat.com/show_bug.cgi?id=739896
  [ 10 ] Bug #739946 - NFS server fails to start
        https://bugzilla.redhat.com/show_bug.cgi?id=739946
  [ 11 ] Bug #741143 - Selinux avc during login systemd_logind_t
        https://bugzilla.redhat.com/show_bug.cgi?id=741143
  [ 12 ] Bug #741328 - The acroread plugin is denied access to a curl-ca-bundle.crt link over NFS
        https://bugzilla.redhat.com/show_bug.cgi?id=741328
  [ 13 ] Bug #742642 - logrotate can now switch user
        https://bugzilla.redhat.com/show_bug.cgi?id=742642
  [ 14 ] Bug #742704 - selinux problems accessing xen from libvirt
        https://bugzilla.redhat.com/show_bug.cgi?id=742704
  [ 15 ] Bug #732937 - SELinux is preventing /sbin/ldconfig from 'append' accesses on the chr_file /dev/tty3.
        https://bugzilla.redhat.com/show_bug.cgi?id=732937
  [ 16 ] Bug #739301 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs.
        https://bugzilla.redhat.com/show_bug.cgi?id=739301
  [ 17 ] Bug #739307 - inconsistent permissions on /dev/pts/ptmx after boot
        https://bugzilla.redhat.com/show_bug.cgi?id=739307
  [ 18 ] Bug #739326 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the file /home/zeenix/.local/share/icc/edid-9273c8341557b23c5b028113288023e8.icc.
        https://bugzilla.redhat.com/show_bug.cgi?id=739326
  [ 19 ] Bug #741018 - SELinux is preventing /bin/systemctl from 'getattr' accesses on the directory /lib/systemd/system.
        https://bugzilla.redhat.com/show_bug.cgi?id=741018
  [ 20 ] Bug #741079 - SELinux is preventing /lib/systemd/systemd-logind from 'rmdir' accesses on the directory dconf.
        https://bugzilla.redhat.com/show_bug.cgi?id=741079
  [ 21 ] Bug #741223 - SELinux is preventing /lib/systemd/systemd-logind from 'getattr' accesses on the tcp_socket port None.
        https://bugzilla.redhat.com/show_bug.cgi?id=741223
  [ 22 ] Bug #741261 - SELinux is preventing /bin/bash from 'search' accesses on the directory /lib/systemd/system.
        https://bugzilla.redhat.com/show_bug.cgi?id=741261
  [ 23 ] Bug #741285 - SELinux is preventing /usr/sbin/acpid from 'ioctl' accesses on the chr_file /dev/input/event10.
        https://bugzilla.redhat.com/show_bug.cgi?id=741285
  [ 24 ] Bug #741368 - SELinux is preventing /bin/systemctl from 'search' accesses on the directory 1.
        https://bugzilla.redhat.com/show_bug.cgi?id=741368
  [ 25 ] Bug #742107 - SELinux is preventing /usr/sbin/vpnc from 'getattr' accesses on the unix_stream_socket unix_stream_socket.
        https://bugzilla.redhat.com/show_bug.cgi?id=742107
  [ 26 ] Bug #742630 - /usr/bin/passwd produces lots of selinux errors
        https://bugzilla.redhat.com/show_bug.cgi?id=742630
  [ 27 ] Bug #742900 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/vga_arbiter.
        https://bugzilla.redhat.com/show_bug.cgi?id=742900
  [ 28 ] Bug #743128 - SELinux is preventing /bin/bash from 'search' accesses on the directorio /lib/systemd/system.
        https://bugzilla.redhat.com/show_bug.cgi?id=743128
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------