Fedora 23 Update: selinux-policy-3.13.1-140.fc23

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 6 06:02:17 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-12825
2015-08-06 05:51:44.727209
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 23
Version     : 3.13.1
Release     : 140.fc23
URL         : http://github.com/TresysTechnology/refpolicy/wiki
Summary     : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

* Wed Aug 05 2015 Miroslav Grepl <mgrepl at redhat.com> 3.13.1-140
- firewalld needs to relabel own config files. BZ(#1250537)
- Allow rhsmcertd to send signull to unconfined_service
- Allow lsm_plugin_t to rw raw_fixed_disk.
- Allow lsm_plugin_t to read sysfs, read hwdata, rw to scsi_generic_device
- Allow openhpid to use libsnmp_bc plugin (allow read snmp lib files).

* Tue Aug 04 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-139
- Add header for sslh.if file
- Fix sslh_admin() interface
- Clean up sslh.if
- Fix typo in pdns.if
- Allow qpid to create lnk_files in qpid_var_lib_t.
- Allow httpd_suexec_t to read and write Apache stream sockets
- Merge pull request #21 from hogarthj/rawhide-contrib
- Allow virt_qemu_ga_t domtrans to passwd_t.
- use read and manage files_patterns and the description for the admin interface
- Merge pull request #17 from rubenk/pdns-policy
- Allow redis to read kernel parameters.
- Label /etc/rt dir as httpd_sys_rw_content_t BZ(#1185500)
- Allow hostapd to manage sock file in /va/run/hostapd Add fsetid cap. for hostapd Add net_raw cap. for hostpad BZ(#1237343)
- Allow bumblebee to seng kill signal to xserver
- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
- Allow drbd to get attributes from filesystems.
- Allow drbd to read configuration options used when loading modules.
- fix the description for the write config files, add systemd administration support and fix a missing gen_require in the admin interface
- Added Booleans: pcp_read_generic_logs.
- Allow pcp_pmcd daemon to read postfix config files. Allow pcp_pmcd daemon to search postfix spool dirs.
- Allow glusterd to communicate with cluster domains over stream socket.
- fix copy paste error with writing the admin interface
- fix up the regex in sslh.fc, add sslh_admin() interface
- adding selinux policy files for sslh
- Remove diplicate sftpd_write_ssh_home boolean rule.
- Add kdbus.pp policy to allow access /sys/fs/kdbus. It needs to go with own module because this is workaround for now to avoid SELinux in enforcing mode.
- kdbusfs should not be accessible for now by default for shipped policies. It should be moved to kdbus.pp
- kdbusfs should not be accessible for now.
- Add support for /sys/fs/kdbus and allow login_pgm domain to access it.
- Allow sysadm to administrate ldap environment and allow to bind ldap port to allow to setup an LDAP server (389ds).
- Label /usr/sbin/chpasswd as passwd_exec_t.
- Allow audisp_remote_t to read/write user domain pty.
- Allow audisp_remote_t to start power unit files domain to allow halt system.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1250537 - Deploy of roles fails with: Backup of '/etc/firewalld/zones/FedoraServer.xml' failed
        https://bugzilla.redhat.com/show_bug.cgi?id=1250537
  [ 2 ] Bug #1185500 - Newer versions of RT need some policy changes
        https://bugzilla.redhat.com/show_bug.cgi?id=1185500
  [ 3 ] Bug #1237343 - SELinux is preventing hostapd from using the 'net_raw' capabilities.
        https://bugzilla.redhat.com/show_bug.cgi?id=1237343
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list