Fedora 19 Update: selinux-policy-3.12.1-57.fc19
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 4 00:56:31 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-11846
2013-06-27 15:29:15
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 19
Version : 3.12.1
Release : 57.fc19
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 26 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-57
- Make DSPAM to act as a LDA working
- Allow ntop to create netlink socket
- Allow policykit to send a signal to policykit-auth
- Allow stapserver to dbus chat with avahi/systemd-logind
- Fix labeling on haproxy unit file
- Clean up haproxy policy
- A new policy for haproxy and placed it to rhcs.te
- Add support for ldirectord and treat it with cluster_t
- Make sure anaconda log dir is created with var_log_t
* Mon Jun 24 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-56
- Allow lvm_t to create default targets for filesystem handling
- Fix labeling for razor-lightdm binaries
- Allow insmod_t to read any file labeled var_lib_t
- Add policy for pesign
- Activate policy for cmpiLMI_Account-cimprovagt
- Allow isnsd syscall=listen
- /usr/libexec/pegasus/cimprovagt needs setsched caused by sched_setscheduler
- Allow ctdbd to use udp/4379
- gatherd wants sys_nice and setsched
- Add support for texlive2012
- Allow NM to read file_t (usb stick with no labels used to transfer keys for example)
- Allow cobbler to execute apache with domain transition
* Fri Jun 21 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-55
- condor_collector uses tcp/9000
- Label /usr/sbin/virtlockd as virtd_exec_t for now
- Allow cobbler to execute ldconfig
- Allow NM to execute ssh
- Allow mdadm to read /dev/crash
- Allow antivirus domains to connect to snmp port
- Make amavisd-snmp working correctly
- Allow nfsd_t to mounton nfsd_fs_t
- Add initial snapper policy
- We still need to have consolekit policy
- Dontaudit firefox attempting to connect to the xserver_port_t if run within sandbox_web_t
- Dontaudit sandbox apps attempting to open user_devpts_t
- Allow dirsrv to read network state
- Fix pki_read_tomcat_lib_files
- Add labeling for /usr/libexec/nm-ssh-service
- Add label cert_t for /var/lib/ipa/pki-ca/publish
- Lets label /sys/fs/cgroup as cgroup_t for now, to keep labels consistant
- Allow nfsd_t to mounton nfsd_fs_t
- Dontaudit sandbox apps attempting to open user_devpts_t
- Allow passwd_t to change role to system_r from unconfined_r
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896624 - Invalid selinux policy for openlmi-account package
https://bugzilla.redhat.com/show_bug.cgi?id=896624
[ 2 ] Bug #964943 - SELinux is preventing /usr/bin/mount from 'mounton' accesses on the directory /proc/fs/nfsd.
https://bugzilla.redhat.com/show_bug.cgi?id=964943
[ 3 ] Bug #969090 - SELinux is preventing /usr/bin/razor-lightdm-greeter from read, open access on the file /usr/bin/razor-lightdm-greeter.
https://bugzilla.redhat.com/show_bug.cgi?id=969090
[ 4 ] Bug #969941 - SELinux is preventing /usr/bin/chmod from 'setattr' accesses on the directory helvetic.
https://bugzilla.redhat.com/show_bug.cgi?id=969941
[ 5 ] Bug #975817 - SELinux is preventing /usr/sbin/ntop from 'read' accesses on the chr_file usbmon11.
https://bugzilla.redhat.com/show_bug.cgi?id=975817
[ 6 ] Bug #975876 - SELinux is preventing /usr/bin/bash from 'open' accesses on the chr_file /dev/pts/0.
https://bugzilla.redhat.com/show_bug.cgi?id=975876
[ 7 ] Bug #975897 - ConsoleKit (via lightdm/pam_ck_connector.so) registration fails
https://bugzilla.redhat.com/show_bug.cgi?id=975897
[ 8 ] Bug #975999 - SELinux is preventing /usr/libexec/nm-ssh-service from 'execute' accesses on the file /usr/bin/ssh.
https://bugzilla.redhat.com/show_bug.cgi?id=975999
[ 9 ] Bug #976159 - SELinux is preventing /usr/sbin/ns-slapd from 'read' accesses on the file unix.
https://bugzilla.redhat.com/show_bug.cgi?id=976159
[ 10 ] Bug #976207 - SELinux is preventing /usr/libexec/at-spi-bus-launcher from 'name_connect' accesses on the tcp_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=976207
[ 11 ] Bug #976548 - SELinux is preventing /usr/bin/perl from 'write' accesses on the directory clamd.amavisd.
https://bugzilla.redhat.com/show_bug.cgi?id=976548
[ 12 ] Bug #977991 - SELinux is preventing /usr/lib/polkit-1/polkitd from using the 'signal' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=977991
[ 13 ] Bug #978004 - disable dontaudit rules for lightdm
https://bugzilla.redhat.com/show_bug.cgi?id=978004
[ 14 ] Bug #976308 - FreeIPA's httpd cannot read CRL generated by PKI
https://bugzilla.redhat.com/show_bug.cgi?id=976308
[ 15 ] Bug #976640 - Initial console login as root with ConsoleKit enabled is slow
https://bugzilla.redhat.com/show_bug.cgi?id=976640
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list