-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-0184 2010-01-05 22:29:38 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 12 Version : 3.6.32 Release : 66.fc12 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20090730 -------------------------------------------------------------------------------- Update Information: * Mon Jan 4 2010 Dan Walsh <[email protected]> 3.6.32-66 - Allow lircd to use tcp_socket and connect/bind to port 8675 * Wed Dec 30 2009 Dan Walsh <[email protected]> 3.6.32-65 - Allow traceroute to use all terms - Fix mgetty use for faxes - Dontaudit xdm listing fusefs - Allow xguest to resolve host names - Allow abrt to read noxattr filesystems (cdrom) - Allow abrt_helper to send itself signals - Allow amavis to read certs - Allow apache to bind to port 3000 (Ruby on rails) - Asterist uses mysql and snmp - Allow consolekit to write wtmp file for shutdown - Allow cups ipc_lock - Allow hal to transition to ppp - Fix mailman labels for 64 bit systems - dontaudit system_mail access to leaked terminals - Allow mysqld_safe_t to unlink mysqld pid files - nrpe_t uses getpw calls - Allow NetworkManager to delete ppp pid files - Allow pptp_t to sens userdomain signals - Allow prelude to connect to mysql - Allow swat to start winbind server - Fixes for snort - Allow telnetd to setattr user terminals - Allow qemu to read fusefs - Allow domains that have telinit to connectto upstart unix_stream_socket - Dontaudit ipsec_mgmt sys_tty_config - Fix labels for postgrestgres test suite - Other textrel_shlib_t fixes * Wed Dec 23 2009 Dan Walsh <[email protected]> 3.6.32-64 - Update to Rawhide filesystem.if file - Allow abrt to read nfs - Allow cups to search fusefs - Allow dovecot_auth to search var_log - Fix label on ksmtuned.pid - Dontaudit policykit looking at mount points - Allow xdm to manage /var/cache/fontconfig - Allow xenstored to search xenfs -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 4 2010 Dan Walsh <[email protected]> 3.6.32-66 - Allow lircd to use tcp_socket and connect/bind to port 8675 * Wed Dec 30 2009 Dan Walsh <[email protected]> 3.6.32-65 - Allow traceroute to use all terms - Fix mgetty use for faxes - Dontaudit xdm listing fusefs - Allow xguest to resolve host names - Allow abrt to read noxattr filesystems (cdrom) - Allow abrt_helper to send itself signals - Allow amavis to read certs - Allow apache to bind to port 3000 (Ruby on rails) - Asterist uses mysql and snmp - Allow consolekit to write wtmp file for shutdown - Allow cups ipc_lock - Allow hal to transition to ppp - Fix mailman labels for 64 bit systems - dontaudit system_mail access to leaked terminals - Allow mysqld_safe_t to unlink mysqld pid files - nrpe_t uses getpw calls - Allow NetworkManager to delete ppp pid files - Allow pptp_t to sens userdomain signals - Allow prelude to connect to mysql - Allow swat to start winbind server - Fixes for snort - Allow telnetd to setattr user terminals - Allow qemu to read fusefs - Allow domains that have telinit to connectto upstart unix_stream_socket - Dontaudit ipsec_mgmt sys_tty_config - Fix labels for postgrestgres test suite - Other textrel_shlib_t fixes * Wed Dec 23 2009 Dan Walsh <[email protected]> 3.6.32-64 - Update to Rawhide filesystem.if file - Allow abrt to read nfs - Allow cups to search fusefs - Allow dovecot_auth to search var_log - Fix label on ksmtuned.pid - Dontaudit policykit looking at mount points - Allow xdm to manage /var/cache/fontconfig - Allow xenstored to search xenfs * Tue Dec 22 2009 Dan Walsh <[email protected]> 3.6.32-63 - Allow sendmail setpgid - Allow dovecot to read nfs homedirs * Mon Dec 21 2009 Dan Walsh <[email protected]> 3.6.32-62 - Add label for /var/ekpd - Allow portreserve to look at bin files - Allow gssd to ask the kernel to load modules - If you can run mount you can run fusermount * Mon Dec 21 2009 Dan Walsh <[email protected]> 3.6.32-61 - Fixes for sandbox_x_server - Fix ntop policy - Sandbox fixes * Fri Dec 18 2009 Dan Walsh <[email protected]> 3.6.32-60 - Fixs for cluster policy - mysql_safe fixes - Fixes for sssd - Cgroup access for virtd - Dontaudit fail2ban leaks * Tue Dec 15 2009 Dan Walsh <[email protected]> 3.6.32-59 - Dontaudit udp_socket leaks for xauth_t - Dontaudit rules for iceauth_t - Let locate read symlinks on noxattr file systems - Remove wine from unconfined domain if unconfined pp removed - Add labels for vhostmd - Add port 546 as a dhcpc port - Add labeled for /dev/dahdi - Add certmonger policy - Allow sysadm to communicate with racoon and zebra - Allow dbus service dbus_chat with unconfined_t - Fixes for xguest - Add dontaudits for abrt - file contexts for mythtv - Lots of fixes for asterisk - Fix file context for certmaster - Add log dir for dovecot - Policy for ksmtuned - File labeling and fixes for mysql and mysql_safe - New plugin infrstructure for nagios - Allow nut_upsd_t dac_override - File context fixes for nx - Allow oddjob_mkhomedir to create homedir - Add pcscd_pub interfaces to be used by xdm - Add stream connect from fenced to corosync - Fixes for swat - Allow fsdaemon to manage scsi devices - Policy for tgtd - Policy for vhostmd - Allow ipsec to create tmp files - Change label on fusermount * Thu Dec 10 2009 Dan Walsh <[email protected]> 3.6.32-58 - Dontaudit udp_socket leaks for xauth_t * Wed Dec 9 2009 Dan Walsh <[email protected]> 3.6.32-57 - Allow unconfined_t to send dbus messages to setroubleshoot - Allow confined screen app to setattr on user ttys - remove wine_t from unconfined domain when unconfined.pp disabled - Allow sysadm_t to communicate with racoon - Allow xauth to be run from all unconfined user types - Fix labeling on all /var/cache/mod_* apps - Allow asterisk to communicate with postgresql - Fix labeling for /var/lib/certmaster - Add policy for ksmtuned and tgtd - Fixes fro vhostmd * Mon Dec 7 2009 Dan Walsh <[email protected]> 3.6.32-56 - Dontaudit exec of fusermount from xguest - Allow licrd to use mouse_device - Allow sysadm_t to connect to zebra stream socket - Dontaudit policykit_auth trying to config terminal - Allow logrotate and asterisk to execute asterisk - Allow logrotate to read var_lib files (zope) and connect to fail2ban stream - Allow firewallgui to communicate with unconfined_t - Allow podsleuth to ask the kernel to load modules - Fix labeling on vhostmd scripts - Remove transition from unconfined_t to windbind_helper_t - Allow abrt_helper to look at inotify - Fix labels for mythtv - Allow apache to signal sendmail - allow asterisk to send mail - Allow rpcd to get and setcap - Add tor_bind_all_unreserved_ports boolean - Add policy for vhostmd - MOre textrel_shlib_t files - Add rw_herited_term_perms * Thu Dec 3 2009 Dan Walsh <[email protected]> 3.6.32-55 - Add fprintd_chat(unconfined_t) to fix su timeout problem - Make xguest follow allow_execstack boolean - Dontaudit dbus looking at nfs * Thu Dec 3 2009 Dan Walsh <[email protected]> 3.6.32-54 - Require selinux-policy from selinux-policy-TYPE - Add labeling to /usr/lib/win32 textrel_shlib_t - dontaudit all leaks for abrt_helper - Fix labeling for mythtv - Dontaudit setroubleshoot_fix leaks - Allow xauth_t to read usr_t - Allow iptables to use fifo files - Fix labeling on /var/lib/wifiroamd * Tue Dec 1 2009 Dan Walsh <[email protected]> 3.6.32-53 - Remove transition from dhcpc_t to consoletype_t, just allow exec - Fixes for prelink cron job - Fix label on yumex backend - Allow unconfined_java_t to communicate with iptables - Allow abrt to read /tmp files - Fix nut/ups policy * Tue Dec 1 2009 Dan Walsh <[email protected]> 3.6.32-52 - Major fixup of ntop policy - Fix label on /usr/lib/xorg/modules/extensions/libglx.so.195.22 - Allow xdm to signal session bus - Allow modemmanager to use generic ptys, and sys_tty_config capability - Allow abrt_helper chown access, dontaudit leaks - Allow logwatch to list cifs and nfs file systems - Allow kismet to read network state - Allow cupsd_config_t to connecto unconfined unix_stream - Fix avahi labeling and allow avahi to manage /etc/resolv.conf - Allow sshd to read usr_t files - Allow login programs to manage pcscd_var_run_t files - Allow tor to read usr_t files * Wed Nov 25 2009 Dan Walsh <[email protected]> 3.6.32-51 - Mark google shared libraries as requiring textrel_shlib - Allow svirt to bind/connect to network ports - Add label for .libvirt directory. * Tue Nov 24 2009 Dan Walsh <[email protected]> 3.6.32-50 - Allow modemmanager sys_admin * Mon Nov 23 2009 Dan Walsh <[email protected]> 3.6.32-49 - Allow sssd to read all processes domain * Mon Nov 23 2009 Dan Walsh <[email protected]> 3.6.32-48 - Abrt connect to any port - Dontaudit chrome-sandbox trying to getattr on all processes - Allow passwd to execute gnome-keyring - Allow chrome_sandbox_t to read home content inherited from the parent - Fix eclipse labeling - Allow mozilla to connect to flash port - Allow pulseaudio to connect to unix_streams - Allow sambagui to read secrets file - Allow mount to mount unlabeled files - ALlow abrt to use ypbind, send kill signals - Allow arpwatch to create socket class - Allow asterisk to read urand - Allow corosync to communicate with user tmpfs - Allow devicedisk to read virt images block devices - Allow gpsd to sys_tty_config - Fix nagios interfaces - Policy for nagios plugins - Fixes for nx - Allow rtkit_daemon to read locale file - Allow snort to create socket - Additional perms for xauth - lots of textrel_lib_t file context * Tue Nov 17 2009 Dan Walsh <[email protected]> 3.6.32-47 - Make mozilla call in execmem.if optional to fix build of minimum install - Allow uucpd to execute shells and send mail - Fix label on libtfmessbsp.so * Mon Nov 16 2009 Dan Walsh <[email protected]> 3.6.32-46 - abrt needs more access to rpm pid files - Abrt wants to execute its own tmp files - abrt needs to write sysfs - abrt needs to search all file system dirs - logrotate and tmpreaper need to be able to manage abrt cache - rtkit_daemon needs to be able to setsched on lots of user apps - networkmanager creates dirs in /var/lib - plymouth executes lvm tools * Fri Nov 13 2009 Dan Walsh <[email protected]> 3.6.32-45 - Allow mount on dos file systems - fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses * Thu Nov 12 2009 Dan Walsh <[email protected]> 3.6.32-44 - Add lighttpd file context to apache.fc - Allow tmpreaper to read /var/cache/yum - Allow kdump_t sys_rawio - Add execmem_exec_t context for /usr/bin/aticonfig - Allow dovecot-deliver to signull dovecot - Add textrel_shlib_t to /usr/lib/libADM5avcodec.so * Tue Nov 10 2009 Dan Walsh <[email protected]> 3.6.32-43 - Fix transition so unconfined_exemem_t creates user_tmp_t - Allow chrome_sandbox_t to write to user_tmp_t when printing - Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files - Allow execmem_t to execmod files in mozilla_home_t - Allow firewallgui to communicate with nscd * Mon Nov 9 2009 Dan Walsh <[email protected]> 3.6.32-42 - Allow kdump to read the kernel core interface - Dontaudit abrt read all files in home dir - Allow kismet client to write to .kismet dir in homedir - Turn on asterisk policy and allow logrotate to communicate with it - Allow abrt to manage rpm cache files - Rules to allow sysadm_t to install a kernel - Allow local_login to read console_device_t to Z series logins - Allow automount and devicekit_disk to search all filesystem dirs - Allow corosync to setrlimit - Allow hal to read modules.dep - Fix xdm using pcscd - Dontaudit gssd trying to write user_tmp_t, kerberos libary problem. - Eliminate transition from unconifned_t to loadkeys_t - Dontaudit several leaks to xauth_t - Allow xdm_t to search for man pages - Allow xdm_dbus to append to xdm log -------------------------------------------------------------------------------- References: [ 1 ] Bug #539462 - SELinux is preventing /usr/sbin/cupsd "search" access on Setup. https://bugzilla.redhat.com/show_bug.cgi?id=539462 [ 2 ] Bug #540850 - SELinux is preventing /usr/libexec/polkit-1/polkitd "search" access on /usr/share. https://bugzilla.redhat.com/show_bug.cgi?id=540850 [ 3 ] Bug #541624 - SELinux is preventing /usr/sbin/xenstored "search" access on /proc/xen. https://bugzilla.redhat.com/show_bug.cgi?id=541624 [ 4 ] Bug #542583 - SELinux is preventing /bin/mount access to a leaked file file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=542583 [ 5 ] Bug #544695 - SELinux is preventing /usr/libexec/kde4/kdm_greet "rename" access on 3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2.NEW. https://bugzilla.redhat.com/show_bug.cgi?id=544695 [ 6 ] Bug #545180 - SELinux is preventing /usr/bin/python "dac_override" access. https://bugzilla.redhat.com/show_bug.cgi?id=545180 [ 7 ] Bug #545463 - SELinux is preventing /usr/sbin/snort-plain "module_request" access. https://bugzilla.redhat.com/show_bug.cgi?id=545463 [ 8 ] Bug #546027 - SELinux is preventing /usr/local/games/darwinia/lib/darwinia.bin.x86 from loading /usr/local/games/darwinia/lib/libSDL-1.2.so.0 which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=546027 [ 9 ] Bug #546691 - SELinux is preventing /usr/sbin/avahi-autoipd "net_raw" access. https://bugzilla.redhat.com/show_bug.cgi?id=546691 [ 10 ] Bug #547826 - SELinux is preventing /usr/libexec/dovecot/deliver "search" access on /var/log. https://bugzilla.redhat.com/show_bug.cgi?id=547826 [ 11 ] Bug #547965 - SELinux is preventing /usr/bin/ruby "name_bind" access. https://bugzilla.redhat.com/show_bug.cgi?id=547965 [ 12 ] Bug #547979 - SELinux is preventing /bin/bash "read" access on meminfo. https://bugzilla.redhat.com/show_bug.cgi?id=547979 [ 13 ] Bug #548051 - SELinux is preventing /bin/bash access to a leaked unix_stream_socket file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=548051 [ 14 ] Bug #548052 - SELinux is preventing /usr/bin/Xephyr "execmem" access. https://bugzilla.redhat.com/show_bug.cgi?id=548052 [ 15 ] Bug #548053 - SELinux is preventing /usr/bin/Xephyr "execute" access on /dev/zero. https://bugzilla.redhat.com/show_bug.cgi?id=548053 [ 16 ] Bug #548054 - SELinux is preventing /bin/ps "search" access. https://bugzilla.redhat.com/show_bug.cgi?id=548054 [ 17 ] Bug #548102 - SELinux is preventing /bin/kill "kill" access. https://bugzilla.redhat.com/show_bug.cgi?id=548102 [ 18 ] Bug #548107 - SELinux is preventing /bin/sed "create" access on sed0qskIr. https://bugzilla.redhat.com/show_bug.cgi?id=548107 [ 19 ] Bug #548206 - SELinux is preventing /usr/sbin/bluetoothd "search" access on hid. https://bugzilla.redhat.com/show_bug.cgi?id=548206 [ 20 ] Bug #548361 - SELinux is preventing /usr/bin/python "search" access on 1187. https://bugzilla.redhat.com/show_bug.cgi?id=548361 [ 21 ] Bug #548394 - SELinux is preventing /usr/bin/mplayer from loading /usr/lib/nmm/liba52.so.0.0.0 which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=548394 [ 22 ] Bug #548567 - SELinux is preventing /usr/libexec/hal-storage-mount "create" access on .hal-mtab-lock. https://bugzilla.redhat.com/show_bug.cgi?id=548567 [ 23 ] Bug #548618 - SELinux is preventing the ftp daemon from writing files outside the home directory (untitled folder). https://bugzilla.redhat.com/show_bug.cgi?id=548618 [ 24 ] Bug #548644 - SELinux is preventing /usr/lib/cyrus-imapd/cyrus-master from binding to port 4190. https://bugzilla.redhat.com/show_bug.cgi?id=548644 [ 25 ] Bug #548647 - SELinux is preventing /usr/lib/cyrus-imapd/cyrus-master "write" access on mibs. https://bugzilla.redhat.com/show_bug.cgi?id=548647 [ 26 ] Bug #548677 - SELinux is preventing /usr/bin/abrt-pyhook-helper "read" access on /proc/<pid>/mountinfo. https://bugzilla.redhat.com/show_bug.cgi?id=548677 [ 27 ] Bug #548717 - SELinux is preventing /usr/local/mpeg123/bin/mpg123 from loading /usr/local/mpeg123/lib/libmpg123.so.0.22.1 which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=548717 [ 28 ] Bug #548755 - SELinux is preventing /usr/lib/chromium-browser/chromium-browser "write" access on /home/*/.config/chromium/Default/databases/chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0/1. https://bugzilla.redhat.com/show_bug.cgi?id=548755 [ 29 ] Bug #548794 - SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid. https://bugzilla.redhat.com/show_bug.cgi?id=548794 [ 30 ] Bug #548901 - SELinux is preventing /bin/bash "sys_tty_config" access. https://bugzilla.redhat.com/show_bug.cgi?id=548901 [ 31 ] Bug #548972 - SELinux is preventing /bin/sed "execute" access on /bin/sed. https://bugzilla.redhat.com/show_bug.cgi?id=548972 [ 32 ] Bug #549063 - SELinux is preventing /usr/bin/freshclam "connectto" access on /var/run/clamav/clamd.socket. https://bugzilla.redhat.com/show_bug.cgi?id=549063 [ 33 ] Bug #549278 - SELinux is preventing /usr/bin/perl "create" access on munin-master-processmanager-3116.sock. https://bugzilla.redhat.com/show_bug.cgi?id=549278 [ 34 ] Bug #549505 - SELinux is preventing /usr/kerberos/sbin/kpropd "unlink" access on host_0. https://bugzilla.redhat.com/show_bug.cgi?id=549505 [ 35 ] Bug #549507 - SELinux is preventing /usr/sbin/rpc.gssd "read" access on krb5cc_501_AjUh0E. https://bugzilla.redhat.com/show_bug.cgi?id=549507 [ 36 ] Bug #549529 - SELinux is preventing /usr/libexec/kde4/kdm_greet "rename" access on 3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2.NEW. https://bugzilla.redhat.com/show_bug.cgi?id=549529 [ 37 ] Bug #549561 - SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid. https://bugzilla.redhat.com/show_bug.cgi?id=549561 [ 38 ] Bug #549568 - SELinux is preventing /sbin/portreserve "getattr" access on /opt/eset/esets/sbin/esets_daemon. https://bugzilla.redhat.com/show_bug.cgi?id=549568 [ 39 ] Bug #549612 - SELinux is preventing /usr/bin/gok "getattr" access on /var/squidGuard. https://bugzilla.redhat.com/show_bug.cgi?id=549612 [ 40 ] Bug #549618 - SELinux is preventing /usr/bin/iceauth access to a leaked unix_stream_socket file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=549618 [ 41 ] Bug #549625 - SELinux is preventing /usr/bin/python "read" access on /var/lib/mock/local/repodata/filelists.sqlite.bz2. https://bugzilla.redhat.com/show_bug.cgi?id=549625 [ 42 ] Bug #549675 - SELinux is preventing /usr/lib/chromium-browser/chromium-browser from loading /usr/lib/chromium-browser/libmedia.so which requires text relocation https://bugzilla.redhat.com/show_bug.cgi?id=549675 [ 43 ] Bug #549708 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "execstack" access. https://bugzilla.redhat.com/show_bug.cgi?id=549708 [ 44 ] Bug #549731 - SELinux is preventing /usr/lib/cups/backend/ekplp "write" access on /var/ekpd/ekplp0. https://bugzilla.redhat.com/show_bug.cgi?id=549731 [ 45 ] Bug #549770 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "execstack" access. https://bugzilla.redhat.com/show_bug.cgi?id=549770 [ 46 ] Bug #549819 - SELinux is preventing /usr/libexec/nmh/slocal "setpgid" access. https://bugzilla.redhat.com/show_bug.cgi?id=549819 [ 47 ] Bug #549937 - SELinux prevented yum from reading files stored on a NFS filesytem. https://bugzilla.redhat.com/show_bug.cgi?id=549937 [ 48 ] Bug #549973 - SELinux is preventing /usr/sbin/httpd from loading /usr/local/zend/lib/apache2/libphp5.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=549973 [ 49 ] Bug #549999 - SELinux is preventing /usr/bin/python from loading /usr/lib/python2.6/site-packages/pymedia/muxer.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=549999 [ 50 ] Bug #550204 - SELinux is preventing /usr/sbin/pppd "read write" access on ppp. https://bugzilla.redhat.com/show_bug.cgi?id=550204 [ 51 ] Bug #550252 - SELinux is preventing /usr/bin/ocp-0.1.15 from loading /usr/lib/ocp-0.1.15/mixclip.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=550252 [ 52 ] Bug #550261 - SELinux is preventing /usr/sbin/ssmtp "write" access on /dev/pts/0. https://bugzilla.redhat.com/show_bug.cgi?id=550261 [ 53 ] Bug #550304 - SELinux is preventing /usr/lib64/firefox-3.5.6/firefox "read" access on /etc/hosts. https://bugzilla.redhat.com/show_bug.cgi?id=550304 [ 54 ] Bug #550436 - SELinux is preventing /usr/sbin/smbd "connectto" access on /var/run/winbindd/pipe. https://bugzilla.redhat.com/show_bug.cgi?id=550436 [ 55 ] Bug #550474 - SELinux is preventing /usr/bin/nmap access to a leaked /dev/console file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=550474 [ 56 ] Bug #550508 - SELinux is preventing /bin/rm "unlink" access on /var/run/mysqld/mysqld.pid. https://bugzilla.redhat.com/show_bug.cgi?id=550508 [ 57 ] Bug #550562 - SELinux is preventing /usr/lib/octagaplayer/octagaplayer-bin from loading /usr/lib/octagaplayer/libapplication.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=550562 [ 58 ] Bug #550589 - SELinux is preventing /usr/local/google-earth/googleearth-bin from loading /usr/local/google-earth/libminizip.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=550589 [ 59 ] Bug #550608 - SELinux is preventing /usr/bin/qemu-system-x86_64 "read" access on Fedora-12-x86_64-DVD.iso. https://bugzilla.redhat.com/show_bug.cgi?id=550608 [ 60 ] Bug #550766 - SELinux is preventing /usr/bin/python "read" access on repomd.xml. https://bugzilla.redhat.com/show_bug.cgi?id=550766 [ 61 ] Bug #550837 - SELinux is preventing /usr/libexec/gnome-settings-daemon "read" access on 36 Fire Letters. https://bugzilla.redhat.com/show_bug.cgi?id=550837 [ 62 ] Bug #550874 - SELinux is preventing /opt/AutoScan/bin/autoscan-network from loading /opt/AutoScan/usr/lib/libvte.so.9.2.4 which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=550874 [ 63 ] Bug #550918 - SELinux is preventing winbindd "read" access on /var/run/winbindd.pid. https://bugzilla.redhat.com/show_bug.cgi?id=550918 [ 64 ] Bug #551069 - SELinux is preventing /usr/sbin/in.telnetd "setattr" access on 0. https://bugzilla.redhat.com/show_bug.cgi?id=551069 [ 65 ] Bug #551092 - SELinux is preventing /bin/bash "sys_tty_config" access. https://bugzilla.redhat.com/show_bug.cgi?id=551092 [ 66 ] Bug #551181 - SELinux is preventing /usr/sbin/asterisk "search" access on /var/lib/mysql. https://bugzilla.redhat.com/show_bug.cgi?id=551181 [ 67 ] Bug #551196 - SELinux is preventing /usr/sbin/pptp "signal" access. https://bugzilla.redhat.com/show_bug.cgi?id=551196 [ 68 ] Bug #551280 - SELinux is preventing /usr/sbin/NetworkManager "unlink" access on resolv.conf. https://bugzilla.redhat.com/show_bug.cgi?id=551280 [ 69 ] Bug #551286 - SELinux policy for mgetty is missing, getty_t is not the right class... https://bugzilla.redhat.com/show_bug.cgi?id=551286 [ 70 ] Bug #551313 - SELinux is preventing /usr/bin/abrt-pyhook-helper "signal" access. https://bugzilla.redhat.com/show_bug.cgi?id=551313 [ 71 ] Bug #551514 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from loading /usr/lib/firefox/plugins/libractrl.so which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=551514 [ 72 ] Bug #551676 - SELinux is preventing /sbin/ip access to a leaked fifo_file file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=551676 [ 73 ] Bug #551682 - SELinux is preventing /usr/sbin/lircd "bind" access. https://bugzilla.redhat.com/show_bug.cgi?id=551682 [ 74 ] Bug #551889 - SELinux is preventing ps "sys_ptrace" access. https://bugzilla.redhat.com/show_bug.cgi?id=551889 [ 75 ] Bug #552006 - SELinux is preventing /usr/sbin/swat "dac_override" access. https://bugzilla.redhat.com/show_bug.cgi?id=552006 [ 76 ] Bug #552012 - SELinux is preventing /bin/cat "read" access on /var/run/syslogd.pid. https://bugzilla.redhat.com/show_bug.cgi?id=552012 [ 77 ] Bug #552017 - SELinux is preventing /usr/sbin/snort-plain "module_request" access. https://bugzilla.redhat.com/show_bug.cgi?id=552017 [ 78 ] Bug #552028 - SELinux is preventing /usr/lib/cups/backend/pipslitelp "write" access on /var/run/pipslitelp0. https://bugzilla.redhat.com/show_bug.cgi?id=552028 [ 79 ] Bug #552227 - selinux breaks pam_mounts fsck ability https://bugzilla.redhat.com/show_bug.cgi?id=552227 [ 80 ] Bug #552272 - SELinux is preventing /usr/bin/nautilus-sendto from loading /usr/lib/libGLcore.so.190.42 which requires text relocation. https://bugzilla.redhat.com/show_bug.cgi?id=552272 [ 81 ] Bug #552336 - SELinux is preventing /bin/mailx "getattr" access on /var/run/packagekit-cron.t8cDjo. https://bugzilla.redhat.com/show_bug.cgi?id=552336 [ 82 ] Bug #552358 - SELinux is preventing /usr/sbin/asterisk "read" access on 002. https://bugzilla.redhat.com/show_bug.cgi?id=552358 [ 83 ] Bug #552373 - SELinux is preventing /bin/mailx "ioctl" access on /var/run/packagekit-cron.gaSknB. https://bugzilla.redhat.com/show_bug.cgi?id=552373 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list [email protected] http://www.redhat.com/mailman/listinfo/fedora-package-announce
