Fedora 16 Update: selinux-policy-3.10.0-40.fc16

updates at fedoraproject.org updates at fedoraproject.org
Wed Oct 19 04:32:57 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-14363
2011-10-15 14:26:21
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 16
Version     : 3.10.0
Release     : 40.fc16
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) - Make corosync to be able to relabelto cluster lib fies - Allow samba domains to search /var/run/nmbd - Allow dirsrv to use pam - Allow thumb to call getuid - chrome less likely to get mmap_zero bug so removing dontaudit - gimp help-browser has built in javascript - Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t - Re-write glance policy- Fixes for bootloader policy - $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore - Allow nsplugin to read /usr/share/config - Allow sa-update to update rules - Add use_fusefs_home_dirs for chroot ssh option - Fixes for grub2 - Update systemd_exec_systemctl() interface - Allow gpg to read the mail spool - More fixes for sa-update running out of cron job - Allow ipsec_mgmt_t to read hardware state information - Allow pptp_t to connect to unreserved_port_t - Dontaudit getattr on initctl in /dev from chfn - Dontaudit getattr on kernel_core from chfn - Add systemd_list_unit_dirs to systemd_exec_systemctl call - Fixes for collectd policy - CHange sysadm_t to create content as user_tmp_t under /tmp

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #743553 - SELinux is preventing /usr/lib64/nspluginwrapper/npviewer.bin from 'name_connect' accesses on the tcp_socket port 36232.
        https://bugzilla.redhat.com/show_bug.cgi?id=743553
  [ 2 ] Bug #743606 - SELinux policy preventing nspluginwrapper from wrapping Flash 11.0.1.152
        https://bugzilla.redhat.com/show_bug.cgi?id=743606
  [ 3 ] Bug #743641 - SELinux is preventing /usr/lib/xulrunner-2/plugin-container from 'execmod' accesses on the file /usr/lib/flash-plugin/libflashplayer.so.
        https://bugzilla.redhat.com/show_bug.cgi?id=743641
  [ 4 ] Bug #743832 - SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /dev/ttyUSB0.
        https://bugzilla.redhat.com/show_bug.cgi?id=743832
  [ 5 ] Bug #743994 - SELinux is preventing /bin/systemctl from 'read' accesses on the directory /lib/systemd/system.
        https://bugzilla.redhat.com/show_bug.cgi?id=743994
  [ 6 ] Bug #744044 - SELinux is preventing /bin/ps from 'read' accesses on the file online.
        https://bugzilla.redhat.com/show_bug.cgi?id=744044
  [ 7 ] Bug #744254 - SELinux is preventing /usr/bin/chsh from 'getattr' accesses on the file /proc/kcore.
        https://bugzilla.redhat.com/show_bug.cgi?id=744254
  [ 8 ] Bug #744255 - SELinux is preventing /usr/bin/chsh from 'getattr' accesses on the fifo_file /dev/initctl.
        https://bugzilla.redhat.com/show_bug.cgi?id=744255
  [ 9 ] Bug #744266 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'execmod' accesses on the file /usr/lib/flash-plugin/libflashplayer.so.
        https://bugzilla.redhat.com/show_bug.cgi?id=744266
  [ 10 ] Bug #744303 - SELinux is preventing /usr/sbin/pptp from 'name_connect' accesses on the tcp_socket port 1723.
        https://bugzilla.redhat.com/show_bug.cgi?id=744303
  [ 11 ] Bug #744438 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'execmod' accesses on the archivo /usr/lib/flash-plugin/libflashplayer.so.
        https://bugzilla.redhat.com/show_bug.cgi?id=744438
  [ 12 ] Bug #744475 - SELinux is preventing nacl_helper_boo from 'mmap_zero' accesses on the memprotect Unknown.
        https://bugzilla.redhat.com/show_bug.cgi?id=744475
  [ 13 ] Bug #744565 - SELinux is preventing /usr/bin/smbpasswd from 'read' accesses on the file /etc/shadow.
        https://bugzilla.redhat.com/show_bug.cgi?id=744565
  [ 14 ] Bug #744566 - SELinux is preventing /sbin/chkconfig from 'search' accesses on the directory /lib/systemd/system.
        https://bugzilla.redhat.com/show_bug.cgi?id=744566
  [ 15 ] Bug #744592 - SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown.
        https://bugzilla.redhat.com/show_bug.cgi?id=744592
  [ 16 ] Bug #744835 - SELinux is preventing /usr/bin/kde4-config from 'read' accesses on the directory /usr/share/config.
        https://bugzilla.redhat.com/show_bug.cgi?id=744835
  [ 17 ] Bug #745188 - SELinux is preventing /usr/bin/abrt-dump-oops from 'getattr' accesses on the file /etc/abrt/abrt.conf.
        https://bugzilla.redhat.com/show_bug.cgi?id=745188
  [ 18 ] Bug #745485 - SELinux is preventing abrt-dump-oops from 'read' accesses on the file abrt.conf.
        https://bugzilla.redhat.com/show_bug.cgi?id=745485
  [ 19 ] Bug #746019 - SELinux is preventing /usr/bin/gnome-shell from 'execute' accesses on the file /usr/bin/vlc.
        https://bugzilla.redhat.com/show_bug.cgi?id=746019
  [ 20 ] Bug #746091 - SELinux is preventing /usr/sbin/swat from 'search' accesses on the directory nmbd.
        https://bugzilla.redhat.com/show_bug.cgi?id=746091
  [ 21 ] Bug #744107 - Login failure with nfs home directories
        https://bugzilla.redhat.com/show_bug.cgi?id=744107
  [ 22 ] Bug #744311 - Is it intentional gpg_t is not allowed to read mail_spool_t
        https://bugzilla.redhat.com/show_bug.cgi?id=744311
  [ 23 ] Bug #744396 - SELinux is preventing /usr/lib/cups/backend/serial from write access on the chr_file ttyUSB0.
        https://bugzilla.redhat.com/show_bug.cgi?id=744396
  [ 24 ] Bug #744453 - SELinux is preventing systemd-logind from 'write' accesses on the chr_file kmsg.
        https://bugzilla.redhat.com/show_bug.cgi?id=744453
  [ 25 ] Bug #746212 - SELinux is preventing /usr/bin/gnome-shell from 'execute' accesses on the file /usr/bin/groovyConsole.
        https://bugzilla.redhat.com/show_bug.cgi?id=746212
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list