Fedora 19 Update: selinux-policy-3.12.1-28.fc19
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 19 05:57:39 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-5045
2013-04-06 16:44:01
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 19
Version : 3.12.1
Release : 28.fc19
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
- Try to label on controlC devices up to 30 correctly
- Add mount_rw_pid_files() interface
- Add additional mount/umount interfaces needed by mock
- fsadm_t sends audit messages in reads kernel_ipc_info when doing livecd-iso-to-disk
- Fix tabs
- Allow initrc_domain to search rgmanager lib files
- Add more fixes which make mock working together with confined users
* Allow mock_t to manage rpm files
* Allow mock_t to read rpm log files
* Allow mock to setattr on tmpfs, devpts
* Allow mount/umount filesystems
- Add rpm_read_log() interface
- yum-cron runs rpm from within it.
- Allow tuned to transition to dmidecode
- Allow firewalld to do net_admin
- Allow mock to unmont tmpfs_t
- Fix virt_sigkill() interface
- Add additional fixes for mock. Mainly caused by mount running in mock_t
- Allow mock to write sysfs_t and mount pid files
- Add mailman_domain to mailman_template()
- Allow openvswitch to execute shell
- Allow qpidd to use kerberos
- Allow mailman to use fusefs, needs back port to RHEL6
- Allow apache and its scripts to use anon_inodefs
- Add alias for git_user_content_t and git_sys_content_t so that RHEL6 will update to RHEL7
- Realmd needs to connect to samba ports, needs back port to F18 also
- Allow colord to read /run/initial-setup-
- Allow sanlock-helper to send sigkill to virtd which is registred to sanlock
- Add virt_kill() interface
- Add rgmanager_search_lib() interface
- Allow wdmd to getattr on all filesystems. Back ported from RHEL6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #852926 - SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the directory sssd.
https://bugzilla.redhat.com/show_bug.cgi?id=852926
[ 2 ] Bug #852927 - SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the file gphoto2.monitor.
https://bugzilla.redhat.com/show_bug.cgi?id=852927
[ 3 ] Bug #855076 - SELinux is preventing /usr/bin/clamscan from 'read' accesses on the file /etc/freshclam.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=855076
[ 4 ] Bug #865517 - checkpolicy says it's only needed to build policies, but it's a runtime dep
https://bugzilla.redhat.com/show_bug.cgi?id=865517
[ 5 ] Bug #868653 - SELinux is preventing /usr/sbin/automount from 'read' accesses on the file overcommit_memory.
https://bugzilla.redhat.com/show_bug.cgi?id=868653
[ 6 ] Bug #872729 - Applications randomly need access to /proc/sys/vm/overcommit_memory
https://bugzilla.redhat.com/show_bug.cgi?id=872729
[ 7 ] Bug #875192 - SELinux is preventing /usr/bin/gnome-shell from 'read' accesses on the directory /var/lib/AccountsService/icons.
https://bugzilla.redhat.com/show_bug.cgi?id=875192
[ 8 ] Bug #879611 - FTBFS queuegraph
https://bugzilla.redhat.com/show_bug.cgi?id=879611
[ 9 ] Bug #880337 - SELinux is preventing rngd from 'write' accesses on the file write_wakeup_threshold.
https://bugzilla.redhat.com/show_bug.cgi?id=880337
[ 10 ] Bug #894439 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/httpd.
https://bugzilla.redhat.com/show_bug.cgi?id=894439
[ 11 ] Bug #918476 - “hostnamectl set-hostname <name>” does not work on rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=918476
[ 12 ] Bug #923497 - Generated live image has many incorrect SELinux contexts, possibly due to missing l2tp.pp file in host's selinux-policy-targeted
https://bugzilla.redhat.com/show_bug.cgi?id=923497
[ 13 ] Bug #923531 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'search' accesses on the directory /etc/X11/xorg.conf.d.
https://bugzilla.redhat.com/show_bug.cgi?id=923531
[ 14 ] Bug #924226 - Update SElinux policy for Shared System Certificates
https://bugzilla.redhat.com/show_bug.cgi?id=924226
[ 15 ] Bug #924776 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'unlink' accesses on the file 00-keyboard.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=924776
[ 16 ] Bug #927323 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/httpd.
https://bugzilla.redhat.com/show_bug.cgi?id=927323
[ 17 ] Bug #928153 - confusing changes to rpm changelog
https://bugzilla.redhat.com/show_bug.cgi?id=928153
[ 18 ] Bug #928331 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'remove_name' accesses on the directory .00-keyboard.confj1CWKN.
https://bugzilla.redhat.com/show_bug.cgi?id=928331
[ 19 ] Bug #928582 - SELinux is preventing /usr/bin/touch from 'write' accesses on the directory lock.
https://bugzilla.redhat.com/show_bug.cgi?id=928582
[ 20 ] Bug #928832 - scriptlet failure in selinux-policy-devel-3.12.1-24.fc19
https://bugzilla.redhat.com/show_bug.cgi?id=928832
[ 21 ] Bug #929340 - SELinux is preventing /usr/bin/kdm from 'create' accesses on the file .xsession-errors-:0.
https://bugzilla.redhat.com/show_bug.cgi?id=929340
[ 22 ] Bug #929374 - SELinux is preventing /usr/bin/systemctl from 'lock' accesses on the file /run/utmp.
https://bugzilla.redhat.com/show_bug.cgi?id=929374
[ 23 ] Bug #929409 - SELinux is preventing /usr/bin/python2.7 from 'getattr' accesses on the file /proc/sys/net/ipv4/ip_forward.
https://bugzilla.redhat.com/show_bug.cgi?id=929409
[ 24 ] Bug #946857 - SELinux is preventing firewalld from 'open' accesses on the file /proc/sys/net/ipv4/ip_forward.
https://bugzilla.redhat.com/show_bug.cgi?id=946857
[ 25 ] Bug #947001 - SELinux is preventing /usr/bin/rm from 'remove_name' accesses on the directory man-db.lock.
https://bugzilla.redhat.com/show_bug.cgi?id=947001
[ 26 ] Bug #947665 - SELinux is preventing /usr/libexec/colord from 'search' accesses on the directory gnome-initial-setup.
https://bugzilla.redhat.com/show_bug.cgi?id=947665
[ 27 ] Bug #948137 - SELinux is preventing /usr/sbin/httpd from 'name_connect' accesses on the tcp_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=948137
[ 28 ] Bug #948396 - Some dirs are labeled differently in /var/lib/mock directory
https://bugzilla.redhat.com/show_bug.cgi?id=948396
[ 29 ] Bug #948662 - SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc.
https://bugzilla.redhat.com/show_bug.cgi?id=948662
[ 30 ] Bug #948663 - SELinux is preventing /usr/lib/systemd/systemd-hostnamed from 'unlink' accesses on the file hostname.
https://bugzilla.redhat.com/show_bug.cgi?id=948663
[ 31 ] Bug #949195 - SELinux is preventing /usr/bin/systemctl from 'read' accesses on the file utmp.
https://bugzilla.redhat.com/show_bug.cgi?id=949195
[ 32 ] Bug #867767 - realmd AVC's on clean install
https://bugzilla.redhat.com/show_bug.cgi?id=867767
[ 33 ] Bug #928845 - enable firewalld to write to /proc/sys/net/ipv4/ip_forward
https://bugzilla.redhat.com/show_bug.cgi?id=928845
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list