Fedora 17 Update: selinux-policy-3.10.0-118.fc17

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 25 05:00:38 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6452
2012-04-24 03:08:48
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 17
Version     : 3.10.0
Release     : 118.fc17
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

Fixed the file name transition rules on i686.

- Add unconfined_execmem_exec_t as an alias to bin_t
- Allow fenced to read snmp var lib files, also allow it to read usr_t
- ontaudit access checks on all executables from mozilla_plugin
- Allow all user domains to setexec, so that sshd will work properly if it call setexec(NULL) while running withing a user mode
- Allow systemd_tmpfiles_t to getattr all pipes and sockets
- Allow glance-registry to send system log messages
- semanage needs to manage mock lib files/dirs
- Add policy for abrt-watch-log - Add definitions for jboss_messaging ports - Allow systemd_tmpfiles to manage printer devices - Allow oddjob to use nsswitch - Fix labeling of log files for postgresql - Allow mozilla_plugin_t to execmem and execstack by default - Allow firewalld to execute shell - Fix /etc/wicd content files to get created with the correct label - Allow mcelog to exec shell - Add ~/.orc as a gstreamer_home_t - /var/spool/postfix/lib64 should be labeled lib_t - mpreaper should be able to list all file system labeled directories - Add support for apache to use openstack - Add labeling for /etc/zipl.conf and zipl binary - Turn on allow_execstack and turn off telepathy transition for final release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #703010 - SELinux is preventing /usr/bin/perl from using the 'signal' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=703010
  [ 2 ] Bug #712842 - SELinux is preventing /usr/bin/gnome-keyring-daemon from using the 'setcap' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=712842
  [ 3 ] Bug #726882 - More avcs when booting in single mode
        https://bugzilla.redhat.com/show_bug.cgi?id=726882
  [ 4 ] Bug #729916 - Cannot prelink libraries
        https://bugzilla.redhat.com/show_bug.cgi?id=729916
  [ 5 ] Bug #732770 - new gpsd functionality causes selinux errors
        https://bugzilla.redhat.com/show_bug.cgi?id=732770
  [ 6 ] Bug #765916 - cobbler 2.2 requires new access permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=765916
  [ 7 ] Bug #789294 - SELinux is preventing /usr/sbin/setfiles from 'getattr' accesses on the None /run.
        https://bugzilla.redhat.com/show_bug.cgi?id=789294
  [ 8 ] Bug #801746 - SELinux AVC denial executing from /tmp
        https://bugzilla.redhat.com/show_bug.cgi?id=801746
  [ 9 ] Bug #809910 - SELinux is preventing qemu-kvm from 'write' accesses on the file ~/.libvirt/qemu/log/...
        https://bugzilla.redhat.com/show_bug.cgi?id=809910
  [ 10 ] Bug #810959 - File contexts for nvidia libraries are overridden by the default rule
        https://bugzilla.redhat.com/show_bug.cgi?id=810959
  [ 11 ] Bug #812040 - firewall-cmd --set-default-zone causes SELinux alert about preventing from execute access on bash
        https://bugzilla.redhat.com/show_bug.cgi?id=812040
  [ 12 ] Bug #812100 - SELinux is preventing dmesg from 'read' accesses on the file /etc/ld.so.cache.
        https://bugzilla.redhat.com/show_bug.cgi?id=812100
  [ 13 ] Bug #812588 - command /usr/bin/sync hangs up
        https://bugzilla.redhat.com/show_bug.cgi?id=812588
  [ 14 ] Bug #812658 - SELinux is preventing keystone from write access on the sock_file /var/lib/mysql/mysql.sock.
        https://bugzilla.redhat.com/show_bug.cgi?id=812658
  [ 15 ] Bug #813790 - oddjob-mkhomedir fails to create home directory when SELinux enforcing
        https://bugzilla.redhat.com/show_bug.cgi?id=813790
  [ 16 ] Bug #814368 - SELinux is preventing /usr/bin/gdb from using the 'sys_ptrace' capabilities.
        https://bugzilla.redhat.com/show_bug.cgi?id=814368
  [ 17 ] Bug #814730 - SELinux is preventing plugin-config from using the 'execstack' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=814730
  [ 18 ] Bug #814954 - SELinux is preventing totem-plugin-vi from 'execute' accesses on the file /usr/bin/ntlm_auth.
        https://bugzilla.redhat.com/show_bug.cgi?id=814954
  [ 19 ] Bug #815143 - SELinux is preventing /usr/bin/python2.7 from 'create' accesses on the unix_dgram_socket .
        https://bugzilla.redhat.com/show_bug.cgi?id=815143
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list