Fedora 22 Update: selinux-policy-3.13.1-128.12.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Thu Aug 27 18:31:55 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-14076
2015-08-27 17:52:04.306212
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 22
Version : 3.13.1
Release : 128.12.fc22
URL : http://github.com/TresysTechnology/refpolicy/wiki
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
selinux-policy-3.13.1-128.12.fc22 - Allow pmlogger to create
pmlogger.primary.socket link file. BZ(1254080) - Allow NetworkManager send
sigkill to dnssec-trigger. BZ(1251764) - Add interface dnssec_trigger_sigkill -
Allow smsd use usb ttys. BZ(#1250536) - Fix
postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file. -
Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create
connection to the system DBUS - Allow openhpid_t to read system state. - Add
temporary fixes for sandbox related to #1103622. It allows to run everything
under one sandbox type. - Added labels for files provided by rh-nginx18
collection - Dontaudit block_suspend capability for ipa_helper_t, this is kernel
bug. Allow ipa_helper_t capability net_admin. Allow ipa_helper_t to list /tmp.
Allow ipa_helper_t to read rpm db. - Allow rhsmcertd exec rhsmcertd_var_run_t
files and rhsmcerd_tmp_t files. This rules are in hide_broken_sympthons until we
find better solution. - Allow abrt_dump_oops_t to read proc_security_t files. -
Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all
domains state Allow abrt_dump_oops to ptrace all domains - Add interface
abrt_dump_oops_domtrans() - Allow systemd-sysctl cap. sys_ptrace BZ(1253926) -
Add label for kernel module dep files in /usr/lib/modules - Allow kernel_t
domtrans to abrt_dump_oops_t - Added to files_dontaudit_write_all_mountpoints
intefface new dontaudit rule, that domain included this interface dontaudit
capability dac_override.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1254080 - SELinux is preventing pmlogger from 'create' accesses on the lnk_file pmlogger.primary.socket.
https://bugzilla.redhat.com/show_bug.cgi?id=1254080
[ 2 ] Bug #1245477 - SELinux is preventing abrt-hook-ccpp from using the 'sigchld' accesses on a process.
https://bugzilla.redhat.com/show_bug.cgi?id=1245477
[ 3 ] Bug #1165713 - Disabling the 'unconfined' module broke setroubleshootd
https://bugzilla.redhat.com/show_bug.cgi?id=1165713
[ 4 ] Bug #1250536 - SELinux is preventing smsd from read, write access on the chr_file ttyUSB0.
https://bugzilla.redhat.com/show_bug.cgi?id=1250536
[ 5 ] Bug #1253926 - SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_ptrace' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1253926
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list