-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-8929 2011-07-01 18:25:17 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 15 Version : 3.9.16 Release : 32.fc15 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 1 2011 Miroslav Grepl <[email protected]> 3.9.16-32 - Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera * Thu Jun 30 2011 Miroslav Grepl <[email protected]> 3.9.16-31 - Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid * Tue Jun 14 2011 Miroslav Grepl <[email protected]> 3.9.16-30 - Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs * Fri Jun 10 2011 Miroslav Grepl <[email protected]> 3.9.16-29 - Fix /var/lock labeling issue * Mon Jun 6 2011 Miroslav Grepl <[email protected]> 3.9.16-28 - Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet * Thu Jun 2 2011 Miroslav Grepl <[email protected]> 3.9.16-27 - Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains * Fri May 27 2011 Miroslav Grepl <[email protected]> 3.9.16-26 - Add label for dev/ati/card* - Allowe secadm to manage selinux config files * Thu May 26 2011 Miroslav Grepl <[email protected]> 3.9.16-25 - Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl * Tue May 17 2011 Miroslav Grepl <[email protected]> 3.9.16-24 - Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, ignore error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system -------------------------------------------------------------------------------- References: [ 1 ] Bug #717907 - SELinux is preventing /bin/bash from 'execute_no_trans' accesses on the file /usr/lib64/opera/opera. https://bugzilla.redhat.com/show_bug.cgi?id=717907 [ 2 ] Bug #718161 - syslog-ng 3.x SELinux violations https://bugzilla.redhat.com/show_bug.cgi?id=718161 [ 3 ] Bug #699465 - SELinux is preventing /bin/systemd-tty-ask-password-agent from 'read' accesses on the fifo_file 136:0. https://bugzilla.redhat.com/show_bug.cgi?id=699465 [ 4 ] Bug #709246 - SELinux is preventing /usr/sbin/httpd from 'open' accesses on the file /var/log/roundcubemail/sendmail. https://bugzilla.redhat.com/show_bug.cgi?id=709246 [ 5 ] Bug #711605 - gecko-mediaplayer is blocked by selinux with xguest and firefox https://bugzilla.redhat.com/show_bug.cgi?id=711605 [ 6 ] Bug #711804 - puppet: Could not find a default provider for user https://bugzilla.redhat.com/show_bug.cgi?id=711804 [ 7 ] Bug #714000 - SELinux is preventing /bin/mount from 'mounton' accesses on the arquivo /var/named/chroot/etc/rndc.key. https://bugzilla.redhat.com/show_bug.cgi?id=714000 [ 8 ] Bug #714006 - SELinux is preventing abrtd from using the 'fsetid' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=714006 [ 9 ] Bug #714968 - SELinux is preventing /usr/sbin/privoxy from 'read' accesses on the file unix. https://bugzilla.redhat.com/show_bug.cgi?id=714968 [ 10 ] Bug #715178 - SELinux is preventing /bin/systemd-tmpfiles from 'getattr' accesses on the fifo_file /var/run/lirc/lircm. https://bugzilla.redhat.com/show_bug.cgi?id=715178 [ 11 ] Bug #716648 - postfix.te warning during compilation - 'unrecognized character' https://bugzilla.redhat.com/show_bug.cgi?id=716648 [ 12 ] Bug #717161 - SELinux is preventing /usr/sbin/pppd from 'search' accesses on the directory /var/lock. https://bugzilla.redhat.com/show_bug.cgi?id=717161 [ 13 ] Bug #717221 - SELinux is preventing /usr/libexec/colord from 'read' accesses on the file stat. https://bugzilla.redhat.com/show_bug.cgi?id=717221 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
