Fedora 21 Update: selinux-policy-3.13.1-103.fc21
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 18 06:05:03 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-17044
2014-12-16 21:10:08
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 21
Version : 3.13.1
Release : 103.fc21
URL : http://github.com/TresysTechnology/refpolicy/wiki
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=599292
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-103
- Docker has a new config/key file it writes to /etc/docker
- Add support for /usr/share/vdsm/daemonAdapter
- Add additionnal MLS attribute for oddjob_mkhomedir to create homedirs.
- Add missing files_dontaudit_list_security_dirs() for smbd_t in samba_export_all_ro boolean.
- Allow virt_qemu_ga_t to execute kmod
- Allow logrotate to read hawkey.log in /var/cache/dnf/ BZ(1163438)
* Thu Dec 11 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-102
- Allow pegasus_openlmi_storage_t use nsswitch. BZ(1172258)
- Allow docker daemon to start transitiant units
- Add support for /var/run/gluster.
- Allow openvpn manage systemd_passwd_var_run_t files. BZ(1170085)
- Fix /usr/libexec/sssd/selinux_child labeling.
- Label /usr/libexec/tomcat/server as tomcat_exec_t.
* Tue Dec 2 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-101
- Add files_dontaudit_list_security_dirs() interface
- Allow rlogind to use also rlogin ports
- Dontaudit couchdb to list /var
- couchdb: allow disksup to monitor the local disks
- dontaudit list security dirs for samba domain.
- Label /var/lib/rpmrebuilddb/ as rpm_var_lib_t. BZ (1167946)
* Tue Nov 25 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-100
- Add seutil_dontaudit_access_check_semanage_module_store() interface
- Update to have all _systemctl() interface also init_reload_services()
- Allow named_filetrans_domain to create ibus directory with correct labeling
- Add labeling for /sbin/iw.
- Label tcp port 5280 as ejabberd port. BZ(1059930)
- Make /usr/bin/vncserver running as unconfined_service_t.
- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain
- Label /etc/docker/certs.d as cert_t
- Allow all systemd domains to search file systems
- I guess there can be content under /var/lib/lockdown #1167502
- Dontaudit access check on SELinux module store for sssd
- Update to have all _systemctl() interface also init_reload_services()
- Allow rhev-agentd to read /dev/.udev/db to make deploying hosted engine via iSCSI working
- Allow keystone to send a generic signal to own process.
- Dontaudit list user_tmp files for system_mail_t
- label virt-who as virtd_exec_t
- Allow rhsmcertd to send a null signal to virt-who running as virtd_t
- Add virt_signull() interface
- Allow .snapshots to be created in other directories, on all mountpoints
- Add missing alias for _content_rw_t
- Allow spamd to access razor-agent.log
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1121317 - SELinux is preventing /usr/lib/systemd/systemd-logind from 'destroy' accesses on the semaphore Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1121317
[ 2 ] Bug #1155874 - SELinux is preventing /usr/lib/systemd/systemd-logind from 'destroy' accesses on the semaphore Unknown.
https://bugzilla.redhat.com/show_bug.cgi?id=1155874
[ 3 ] Bug #1163438 - SELinux is preventing logrotate from 'read' accesses on the directory /var/cache/dnf.
https://bugzilla.redhat.com/show_bug.cgi?id=1163438
[ 4 ] Bug #1167502 - SELinux is preventing /usr/sbin/usbmuxd from 'read' accesses on the file /var/lib/lockdown/SystemConfiguration.plist.
https://bugzilla.redhat.com/show_bug.cgi?id=1167502
[ 5 ] Bug #1167946 - rpm --rebuilddb causes loss of context labeling in /var/lib/rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1167946
[ 6 ] Bug #1170085 - SELinux is preventing /usr/bin/systemd-ask-password from 'write' accesses on the directory ask-password.
https://bugzilla.redhat.com/show_bug.cgi?id=1170085
[ 7 ] Bug #1172258 - SELinux is preventing cimprovagt from 'search' accesses on the directory /var/lib/sss.
https://bugzilla.redhat.com/show_bug.cgi?id=1172258
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list