-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-8185 2011-06-11 03:55:21 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 15 Version : 3.9.16 Release : 30.fc15 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - Fix /var/lock labeling issue - Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet - Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 14 2011 Miroslav Grepl <[email protected]> 3.9.16-30 - Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs * Fri Jun 10 2011 Miroslav Grepl <[email protected]> 3.9.16-29 - Fix /var/lock labeling issue * Mon Jun 6 2011 Miroslav Grepl <[email protected]> 3.9.16-28 - Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet * Thu Jun 2 2011 Miroslav Grepl <[email protected]> 3.9.16-27 - Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains * Fri May 27 2011 Miroslav Grepl <[email protected]> 3.9.16-26 - Add label for dev/ati/card* - Allowe secadm to manage selinux config files * Thu May 26 2011 Miroslav Grepl <[email protected]> 3.9.16-25 - Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl * Tue May 17 2011 Miroslav Grepl <[email protected]> 3.9.16-24 - Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, ignore error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system -------------------------------------------------------------------------------- References: [ 1 ] Bug #712608 - SELinux is preventing /usr/libexec/gnome-session-check-accelerated-helper from read, write access on the chr_file card0. https://bugzilla.redhat.com/show_bug.cgi?id=712608 [ 2 ] Bug #712623 - SELinux is preventing /bin/bash from 'execute' accesses on the file /sbin/ldconfig. https://bugzilla.redhat.com/show_bug.cgi?id=712623 [ 3 ] Bug #712695 - SELinux is preventing /sbin/iptables-multi from read, write access on the file /tmp/ffiTNNqUA (deleted). https://bugzilla.redhat.com/show_bug.cgi?id=712695 [ 4 ] Bug #703044 - SELinux is preventing /usr/sbin/sshd from 'getattr' accesses on the file /bin/systemctl. https://bugzilla.redhat.com/show_bug.cgi?id=703044 [ 5 ] Bug #708474 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the filesystem /. https://bugzilla.redhat.com/show_bug.cgi?id=708474 [ 6 ] Bug #708568 - SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the fifo_file /tmp/.sandbox-CyrusHMH-ORZ8P7/icedteaplugin-CyrusHMH/15979-icedteanp-appletviewer-to-plugin. https://bugzilla.redhat.com/show_bug.cgi?id=708568 [ 7 ] Bug #708584 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the blk_file /dev/sr0. https://bugzilla.redhat.com/show_bug.cgi?id=708584 [ 8 ] Bug #708585 - SELinux is preventing /usr/libexec/colord from 'read' accesses on the directory /. https://bugzilla.redhat.com/show_bug.cgi?id=708585 [ 9 ] Bug #708672 - SELinux is preventing /bin/systemd-notify from 'search' accesses on the directory /sys. https://bugzilla.redhat.com/show_bug.cgi?id=708672 [ 10 ] Bug #709644 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the filesystem /mnt/sharepoint. https://bugzilla.redhat.com/show_bug.cgi?id=709644 [ 11 ] Bug #711346 - SELinux is preventing /usr/bin/python from using the 'dac_override' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=711346 [ 12 ] Bug #711347 - SELinux is preventing /bin/bash from 'execute' accesses on the file /sbin/ldconfig. https://bugzilla.redhat.com/show_bug.cgi?id=711347 [ 13 ] Bug #711866 - SELinux is preventing /usr/libexec/postfix/pickup from 'write' accesses on the fifo_file fifo_file. https://bugzilla.redhat.com/show_bug.cgi?id=711866 [ 14 ] Bug #712136 - SELinux is preventing /usr/sbin/pppd from 'read' accesses on the lnk_file /var/lock. https://bugzilla.redhat.com/show_bug.cgi?id=712136 [ 15 ] Bug #712182 - SELinux is preventing /usr/sbin/upsd from using the 'signal' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=712182 [ 16 ] Bug #699155 - systemd-tty-ask selinux problems https://bugzilla.redhat.com/show_bug.cgi?id=699155 [ 17 ] Bug #699269 - SELinux is preventing /usr/sbin/sshd from using the getcap access on itself https://bugzilla.redhat.com/show_bug.cgi?id=699269 [ 18 ] Bug #709921 - AVC denial for Postfix proceeses tlsmgr, smtpd & pickup https://bugzilla.redhat.com/show_bug.cgi?id=709921 [ 19 ] Bug #710875 - can not start puppetmaster service https://bugzilla.redhat.com/show_bug.cgi?id=710875 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
