-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-9382 2011-07-16 06:47:02 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 15 Version : 3.9.16 Release : 34.fc15 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - More fixes for postfix policy - Allow virsh_t setsched - Add mcelog_log_t type for mcelog log file - Add virt_ptynode attribute - Add l2tpd policy - Fixes for abrt - Backport fail2ban_client policy -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 15 2011 Miroslav Grepl <[email protected]> 3.9.16-34 - More fixes for postfix policy - Allow virsh_t setsched - Add mcelog_log_t type for mcelog log file - Add virt_ptynode attribute * Mon Jul 11 2011 Miroslav Grepl <[email protected]> 3.9.16-33 - Add l2tpd policy - Fixes for abrt - Backport fail2ban_client policy * Fri Jul 1 2011 Miroslav Grepl <[email protected]> 3.9.16-32 - Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera * Thu Jun 30 2011 Miroslav Grepl <[email protected]> 3.9.16-31 - Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid * Tue Jun 14 2011 Miroslav Grepl <[email protected]> 3.9.16-30 - Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs * Fri Jun 10 2011 Miroslav Grepl <[email protected]> 3.9.16-29 - Fix /var/lock labeling issue * Mon Jun 6 2011 Miroslav Grepl <[email protected]> 3.9.16-28 - Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet * Thu Jun 2 2011 Miroslav Grepl <[email protected]> 3.9.16-27 - Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains * Fri May 27 2011 Miroslav Grepl <[email protected]> 3.9.16-26 - Add label for dev/ati/card* - Allowe secadm to manage selinux config files * Thu May 26 2011 Miroslav Grepl <[email protected]> 3.9.16-25 - Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl * Tue May 17 2011 Miroslav Grepl <[email protected]> 3.9.16-24 - Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, ignore error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system -------------------------------------------------------------------------------- References: [ 1 ] Bug #703043 - SELinux is preventing /bin/systemd-tmpfiles from 'unlink' accesses on the file .pam-systemd-lock. https://bugzilla.redhat.com/show_bug.cgi?id=703043 [ 2 ] Bug #718098 - SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the 'dac_override' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=718098 [ 3 ] Bug #718347 - SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the 'sys_ptrace' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=718347 [ 4 ] Bug #718465 - SELinux is preventing /usr/sbin/pppd from 'write' accesses on the sock_file openl2tp-event.sock. https://bugzilla.redhat.com/show_bug.cgi?id=718465 [ 5 ] Bug #718630 - SELinux is preventing /sbin/killall5 from 'getattr' accesses on the file /usr/libexec/postfix/tlsmgr. https://bugzilla.redhat.com/show_bug.cgi?id=718630 [ 6 ] Bug #718651 - SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /usr/local/Brother/sane/Brsane3.ini. https://bugzilla.redhat.com/show_bug.cgi?id=718651 [ 7 ] Bug #719206 - fail2ban selinux problems which seem different from other reported bugs https://bugzilla.redhat.com/show_bug.cgi?id=719206 [ 8 ] Bug #720192 - SELinux is preventing /usr/libexec/colord from 'write' accesses on the file /dev/shm/libv4l-root:usb-0000:00:12.0-1:046d:092e:Camera. https://bugzilla.redhat.com/show_bug.cgi?id=720192 [ 9 ] Bug #720573 - dovecot prevented to access pam_krb5_storetmp https://bugzilla.redhat.com/show_bug.cgi?id=720573 [ 10 ] Bug #720869 - SELinux is preventing /usr/libexec/postfix/master from 'read' accesses on the fifo_file /var/spool/postfix/public/pickup. https://bugzilla.redhat.com/show_bug.cgi?id=720869 [ 11 ] Bug #721081 - SELinux is preventing /usr/bin/virsh from using the 'setsched' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=721081 [ 12 ] Bug #721111 - SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the setuid capability. https://bugzilla.redhat.com/show_bug.cgi?id=721111 [ 13 ] Bug #721193 - With unconfined disabled, can't virsh console https://bugzilla.redhat.com/show_bug.cgi?id=721193 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
