-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-8407 2010-05-12 11:53:28 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 13 Version : 3.7.19 Release : 15.fc13 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- ChangeLog: * Mon May 10 2010 Dan Walsh <[email protected]> 3.7.19-15 - Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log * Thu May 6 2010 Dan Walsh <[email protected]> 3.7.19-14 - Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663 * Thu May 6 2010 Dan Walsh <[email protected]> 3.7.19-13 - Allow boinc to send mail * Wed May 5 2010 Dan Walsh <[email protected]> 3.7.19-12 - Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136 * Mon May 3 2010 Dan Walsh <[email protected]> 3.7.19-11 - Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760 -------------------------------------------------------------------------------- References: [ 1 ] Bug #589809 - SELinux está negando a /usr/libexec/accounts-daemon el acceso "remove_name" on custom.conf.3MWECV https://bugzilla.redhat.com/show_bug.cgi?id=589809 [ 2 ] Bug #590253 - Wrong file context specification for ksm tune daemon log files. https://bugzilla.redhat.com/show_bug.cgi?id=590253 [ 3 ] Bug #590294 - SELinux is preventing /sbin/sysctl "write" access . https://bugzilla.redhat.com/show_bug.cgi?id=590294 [ 4 ] Bug #590295 - SELinux is preventing /bin/cat "read" access on /var/run/dhclient-eth0.pid. https://bugzilla.redhat.com/show_bug.cgi?id=590295 [ 5 ] Bug #590296 - SELinux is preventing /bin/bash access to a leaked /var/log/pm-suspend.log file descriptor. https://bugzilla.redhat.com/show_bug.cgi?id=590296 [ 6 ] Bug #590297 - SELinux is preventing /bin/rm "unlink" access on /var/run/dhclient-eth0.pid. https://bugzilla.redhat.com/show_bug.cgi?id=590297 [ 7 ] Bug #590298 - SELinux is preventing /sbin/dhclient "read" access on /var/run/pm-utils/network/dhclient.suspend. https://bugzilla.redhat.com/show_bug.cgi?id=590298 [ 8 ] Bug #590328 - avc for cups on create https://bugzilla.redhat.com/show_bug.cgi?id=590328 [ 9 ] Bug #590844 - SELinux is preventing /usr/bin/pulseaudio "getattr" access on /dev/.udev/db/sound:card29. https://bugzilla.redhat.com/show_bug.cgi?id=590844 [ 10 ] Bug #590845 - SELinux is preventing /usr/bin/pulseaudio "write" access on file. https://bugzilla.redhat.com/show_bug.cgi?id=590845 [ 11 ] Bug #590846 - SELinux is preventing /usr/bin/pulseaudio "signull" access . https://bugzilla.redhat.com/show_bug.cgi?id=590846 [ 12 ] Bug #590848 - SELinux is preventing /usr/bin/pulseaudio "unlink" access on pulse-shm-1391216186. https://bugzilla.redhat.com/show_bug.cgi?id=590848 [ 13 ] Bug #590849 - SELinux is preventing /usr/lib64/firefox-3.6/firefox "getattr" access on /boot. https://bugzilla.redhat.com/show_bug.cgi?id=590849 [ 14 ] Bug #591094 - SELinux is preventing /sbin/shutdown "ioctl" access on /var/log/kdm.log. https://bugzilla.redhat.com/show_bug.cgi?id=591094 [ 15 ] Bug #579309 - SELinux is preventing /usr/libexec/nm-openconnect-service "relabelto" access . https://bugzilla.redhat.com/show_bug.cgi?id=579309 [ 16 ] Bug #592123 - SELinux is preventing /usr/libexec/accounts-daemon "create" access on custom.conf.R47BCV. https://bugzilla.redhat.com/show_bug.cgi?id=592123 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
