Fedora 17 Update: selinux-policy-3.10.0-114.fc17

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 18 22:51:22 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5870
2012-04-14 01:39:39
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 17
Version     : 3.10.0
Release     : 114.fc17
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

- Add support for clamd+systemd 
- Allow fresclam to execute systemctl to handle clamd 
- Change labeling for /usr/sbin/rpc.ypasswd.env 
- Allow yppaswd_t to execute yppaswd_exec_t 
- Allow yppaswd_t to read /etc/passwd 
- Gnomekeyring socket has been moved to /run/user/USER/ 
- Allow samba-net to connect to ldap port 
- Allow signal for vhostmd - allow mozilla_plugin_t to read user_home_t socket 
- New access required for secure Linux Containers 
- zfs now supports xattrs 
- Allow quantum to execute sudo and list sysfs 
- Allow init to dbus chat with the firewalld 
- Allow zebra to read /etc/passwd
- Turn off deny_ptrace by default
- upowered needs to setsched on the kernel
- Allow mpd_t to manage log files
- Allow xdm_t to create /var/run/systemd/multi-session-x
- Add rules for missedfont.log to be used by thumb.fc
- Additional access required for virt_qmf_t
- Allow dhclient to dbus chat with the firewalld
- Add label for lvmetad
- Allow systemd_logind_t to remove userdomain sock_files
- Allow cups to execute usr_t files
- Fix labeling on nvidia shared libraries
- wdmd_t needs access to sssd and /etc/passwd
- Add boolean to allow ftp servers to run in passive mode
- Allow namepspace_init_t to relabelto/from a different user system_u from the user the namespace_init running with
- Fix using httpd_use_fusefs
- Allow chrome_sandbox_nacl to write inherited user tmp files as we allow it for chrome_sandbox
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #802551 - gnome-boxes 3.3.90-1 "Box creation failed"
        https://bugzilla.redhat.com/show_bug.cgi?id=802551
  [ 2 ] Bug #809323 - SELinux is preventing /usr/sbin/sshd from using the 'signal' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=809323
  [ 3 ] Bug #809327 - SELinux is preventing /opt/google/chrome/nacl_helper_bootstrap from 'write' accesses on the file /tmp/evo.log.
        https://bugzilla.redhat.com/show_bug.cgi?id=809327
  [ 4 ] Bug #809328 - SELinux is preventing /usr/sbin/ldconfig from 'read' accesses on the directory /usr/bin.
        https://bugzilla.redhat.com/show_bug.cgi?id=809328
  [ 5 ] Bug #809438 - SELinux is preventing /usr/bin/qemu-kvm from 'add_name' accesses on the directory Windows8-ConsumerPreview-64bit-English.iso.monitor.
        https://bugzilla.redhat.com/show_bug.cgi?id=809438
  [ 6 ] Bug #810508 - network service can't talk to firewalld
        https://bugzilla.redhat.com/show_bug.cgi?id=810508
  [ 7 ] Bug #810585 - SELinux is preventing systemd-logind from 'unlink' accesses on the sock_file gnome-system-monitor.neil.724887958.
        https://bugzilla.redhat.com/show_bug.cgi?id=810585
  [ 8 ] Bug #810648 - RPM Scriptlet: /usr/share/selinux/devel/include/apps/jockey.if: Syntax error on line 70626 jockey_cache_t [type=IDENTIFIER]
        https://bugzilla.redhat.com/show_bug.cgi?id=810648
  [ 9 ] Bug #811103 - SELinux is preventing /usr/sbin/smbd from 'name_connect' accesses on the tcp_socket . Installed 'samba' package from redhat packages, and started via: # systemctl enable smb.service # systemctl start smb.service
        https://bugzilla.redhat.com/show_bug.cgi?id=811103
  [ 10 ] Bug #811351 - quagga does not start up if selinux is enforcing
        https://bugzilla.redhat.com/show_bug.cgi?id=811351
  [ 11 ] Bug #811757 - SELinux is preventing spice-vdagentd from using the 'signal' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=811757
  [ 12 ] Bug #811842 - selinux prevents yppasswdd from starting
        https://bugzilla.redhat.com/show_bug.cgi?id=811842
  [ 13 ] Bug #812023 - SELinux is preventing sh from 'getattr' accesses on the file /usr/bin/systemctl.
        https://bugzilla.redhat.com/show_bug.cgi?id=812023
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list