Fedora 28 Update: selinux-policy-3.14.1-24.fc28

updates Wed, 02 May 2018 03:58:20 -0700

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-9f58fabee4
2018-05-02 10:51:09.725310
--------------------------------------------------------------------------------


Name        : selinux-policy
Product     : Fedora 28
Version     : 3.14.1
Release     : 24.fc28
URL         : %{git0-base}
Summary     : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20091117

--------------------------------------------------------------------------------
Update Information:

More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1077456
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2018 Lukas Vrabec <[email protected]> - 3.14.1-24
- Allow unconfined_domain_type to create libs filetrans named content 
BZ(1513806)
* Fri Apr 27 2018 Lukas Vrabec <[email protected]> - 3.14.1-23
- Allow dnssec_trigger_t domain to read system network state BZ(1570205)
- Add dac_override capability to mailman_mail_t domain
- Add dac_override capability to radvd_t domain
- Update openvswitch policy
- Add dac_override capability to oddjob_homedir_t domain
- Allow slapd_t domain to mmap slapd_var_run_t files
- Rename tang policy to tangd
- Allow virtd_t domain to relabel virt_var_lib_t files
- Allow logrotate_t domain to stop services via systemd
- Add tang policy
- Allow mozilla_plugin_t to create mozilla.pdf file in user homedir with label 
mozilla_home_t
- Allow snapperd_t daemon to create unlabeled dirs.
- Make httpd_var_run_t mountpoint
- Allow hsqldb_t domain to mmap own temp files
- We have inconsistency in cgi templates with upstream, we use _content_t, but 
refpolicy use httpd__content_t. Created aliasses to make it consistence
- Allow Openvswitch adding netdev bridge ovs 2.7.2.10 FDP
- Add new Boolean tomcat_use_execmem
- Allow nfsd_t domain to read/write sysctl fs files
- Allow conman to read system state
- Allow brltty_t domain to be dbusd system client
- Allow zebra_t domain to bind on babel udp port
- Allow freeipmi domain to read sysfs_t files
- Allow targetd_t domain mmap lvm config files
- Allow abrt_t domain to manage kdump crash files
- gnome_data_filetrans macro should be in optional block
- Allow netutils_t domain to create bluetooth sockets
- Allow traceroute to bind on generic sctp node
- Allow traceroute to search network sysctls
- Allow systemd to use virtio console
- Label /dev/op_panel and /dev/opal-prd as opal_device_t
- Label /run/ebtables.lock as iptables_var_run_t
- Allow udev_t domain to manage udev_rules_t char files.
- Assign babel_port_t label to udp port 6696
- Add new interface lvm_map_config
- Merge pull request #212 from stlaz/patch-1
- Allow local_login_t reads of udev_var_run_t context
* Wed Apr 18 2018 Lukas Vrabec <[email protected]> - 3.14.1-22
- Allow networkmanager domain to write to ecryptfs_t files BZ(1566706)
- Allow l2tpd domain to stream connect to sssd BZ(1568160)
- Dontaudit abrt_t to write to lib_t dirs BZ(1566784)
- Allow NetworkManager_ssh_t domain transition to insmod_t BZ(1567630)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1572954 - Cannot start radvd
        https://bugzilla.redhat.com/show_bug.cgi?id=1572954
  [ 2 ] Bug #1567631 - SELinux is preventing sh from 'getattr' accesses on the 
file /usr/bin/kmod.
        https://bugzilla.redhat.com/show_bug.cgi?id=1567631
  [ 3 ] Bug #1568509 - SELinux is preventing amavisd from using the 
dac_override capability
        https://bugzilla.redhat.com/show_bug.cgi?id=1568509
  [ 4 ] Bug #1570205 - SELinux is preventing dnssec-trigger- from 'read' 
accesses on the file unix.
        https://bugzilla.redhat.com/show_bug.cgi?id=1570205
  [ 5 ] Bug #1569313 - SELinux is preventing sosreport from associate access on 
the filesystem fips_enabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=1569313
  [ 6 ] Bug #1567630 - SELinux is preventing sh from 'execute' accesses on the 
file /usr/bin/kmod.
        https://bugzilla.redhat.com/show_bug.cgi?id=1567630
  [ 7 ] Bug #1572945 - SELinux is preventing gssproxy from 'getattr' accesses 
on the directory /proc/<pid>.
        https://bugzilla.redhat.com/show_bug.cgi?id=1572945
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-9f58fabee4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Fedora 28 Update: selinux-policy-3.14.1-24.fc28

Reply via email to