Fedora 16 Update: selinux-policy-3.10.0-40.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Wed Oct 19 04:32:57 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-14363
2011-10-15 14:26:21
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 16
Version : 3.10.0
Release : 40.fc16
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) - Make corosync to be able to relabelto cluster lib fies - Allow samba domains to search /var/run/nmbd - Allow dirsrv to use pam - Allow thumb to call getuid - chrome less likely to get mmap_zero bug so removing dontaudit - gimp help-browser has built in javascript - Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t - Re-write glance policy- Fixes for bootloader policy - $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore - Allow nsplugin to read /usr/share/config - Allow sa-update to update rules - Add use_fusefs_home_dirs for chroot ssh option - Fixes for grub2 - Update systemd_exec_systemctl() interface - Allow gpg to read the mail spool - More fixes for sa-update running out of cron job - Allow ipsec_mgmt_t to read hardware state information - Allow pptp_t to connect to unreserved_port_t - Dontaudit getattr on initctl in /dev from chfn - Dontaudit getattr on kernel_core from chfn - Add systemd_list_unit_dirs to systemd_exec_systemctl call - Fixes for collectd policy - CHange sysadm_t to create content as user_tmp_t under /tmp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743553 - SELinux is preventing /usr/lib64/nspluginwrapper/npviewer.bin from 'name_connect' accesses on the tcp_socket port 36232.
https://bugzilla.redhat.com/show_bug.cgi?id=743553
[ 2 ] Bug #743606 - SELinux policy preventing nspluginwrapper from wrapping Flash 11.0.1.152
https://bugzilla.redhat.com/show_bug.cgi?id=743606
[ 3 ] Bug #743641 - SELinux is preventing /usr/lib/xulrunner-2/plugin-container from 'execmod' accesses on the file /usr/lib/flash-plugin/libflashplayer.so.
https://bugzilla.redhat.com/show_bug.cgi?id=743641
[ 4 ] Bug #743832 - SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /dev/ttyUSB0.
https://bugzilla.redhat.com/show_bug.cgi?id=743832
[ 5 ] Bug #743994 - SELinux is preventing /bin/systemctl from 'read' accesses on the directory /lib/systemd/system.
https://bugzilla.redhat.com/show_bug.cgi?id=743994
[ 6 ] Bug #744044 - SELinux is preventing /bin/ps from 'read' accesses on the file online.
https://bugzilla.redhat.com/show_bug.cgi?id=744044
[ 7 ] Bug #744254 - SELinux is preventing /usr/bin/chsh from 'getattr' accesses on the file /proc/kcore.
https://bugzilla.redhat.com/show_bug.cgi?id=744254
[ 8 ] Bug #744255 - SELinux is preventing /usr/bin/chsh from 'getattr' accesses on the fifo_file /dev/initctl.
https://bugzilla.redhat.com/show_bug.cgi?id=744255
[ 9 ] Bug #744266 - SELinux is preventing /usr/lib/nspluginwrapper/npviewer.bin from 'execmod' accesses on the file /usr/lib/flash-plugin/libflashplayer.so.
https://bugzilla.redhat.com/show_bug.cgi?id=744266
[ 10 ] Bug #744303 - SELinux is preventing /usr/sbin/pptp from 'name_connect' accesses on the tcp_socket port 1723.
https://bugzilla.redhat.com/show_bug.cgi?id=744303
[ 11 ] Bug #744438 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'execmod' accesses on the archivo /usr/lib/flash-plugin/libflashplayer.so.
https://bugzilla.redhat.com/show_bug.cgi?id=744438
[ 12 ] Bug #744475 - SELinux is preventing nacl_helper_boo from 'mmap_zero' accesses on the memprotect Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=744475
[ 13 ] Bug #744565 - SELinux is preventing /usr/bin/smbpasswd from 'read' accesses on the file /etc/shadow.
https://bugzilla.redhat.com/show_bug.cgi?id=744565
[ 14 ] Bug #744566 - SELinux is preventing /sbin/chkconfig from 'search' accesses on the directory /lib/systemd/system.
https://bugzilla.redhat.com/show_bug.cgi?id=744566
[ 15 ] Bug #744592 - SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=744592
[ 16 ] Bug #744835 - SELinux is preventing /usr/bin/kde4-config from 'read' accesses on the directory /usr/share/config.
https://bugzilla.redhat.com/show_bug.cgi?id=744835
[ 17 ] Bug #745188 - SELinux is preventing /usr/bin/abrt-dump-oops from 'getattr' accesses on the file /etc/abrt/abrt.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=745188
[ 18 ] Bug #745485 - SELinux is preventing abrt-dump-oops from 'read' accesses on the file abrt.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=745485
[ 19 ] Bug #746019 - SELinux is preventing /usr/bin/gnome-shell from 'execute' accesses on the file /usr/bin/vlc.
https://bugzilla.redhat.com/show_bug.cgi?id=746019
[ 20 ] Bug #746091 - SELinux is preventing /usr/sbin/swat from 'search' accesses on the directory nmbd.
https://bugzilla.redhat.com/show_bug.cgi?id=746091
[ 21 ] Bug #744107 - Login failure with nfs home directories
https://bugzilla.redhat.com/show_bug.cgi?id=744107
[ 22 ] Bug #744311 - Is it intentional gpg_t is not allowed to read mail_spool_t
https://bugzilla.redhat.com/show_bug.cgi?id=744311
[ 23 ] Bug #744396 - SELinux is preventing /usr/lib/cups/backend/serial from write access on the chr_file ttyUSB0.
https://bugzilla.redhat.com/show_bug.cgi?id=744396
[ 24 ] Bug #744453 - SELinux is preventing systemd-logind from 'write' accesses on the chr_file kmsg.
https://bugzilla.redhat.com/show_bug.cgi?id=744453
[ 25 ] Bug #746212 - SELinux is preventing /usr/bin/gnome-shell from 'execute' accesses on the file /usr/bin/groovyConsole.
https://bugzilla.redhat.com/show_bug.cgi?id=746212
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list