-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-13775 2011-10-04 20:40:57 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 16 Version : 3.10.0 Release : 38.fc16 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - Allow logrotate setuid and setgid since logrotate is supposed to do it - Fixes for thumb policy by grift - Add new nfsd ports - Added fix to allow confined apps to execmod on chrome - Add labeling for additional vdsm directories - Allow Exim and Dovecot SASL - Add label for /var/run/nmbd - Add fixes to make virsh and xen working together - Colord executes ls - /var/spool/cron is now labeled as user_cron_spool_t - Add support for Clustered Samba commands - Allow ricci_modrpm_t to send log msgs - move permissive virt_qmf_t from virt.te to permissivedomains.te - Allow ssh_t to use kernel keyrings - Add policy for libvirt-qmf and more fixes for linux containers - Initial Polipo - Sanlock needs to run ranged in order to kill svirt processes - Allow smbcontrol to stream connect to ctdbd -------------------------------------------------------------------------------- References: [ 1 ] Bug #733127 - SELinux prevents the NFS server from coming up. https://bugzilla.redhat.com/show_bug.cgi?id=733127 [ 2 ] Bug #742095 - SELinux is preventing /bin/bash from 'sendto' accesses on the unix_stream_socket Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=742095 [ 3 ] Bug #743336 - SELinux is preventing /lib/systemd/systemd-logind from 'search' accesses on the directory dconf. https://bugzilla.redhat.com/show_bug.cgi?id=743336 [ 4 ] Bug #743337 - SELinux is preventing /lib/systemd/systemd-logind from 'getattr' accesses on the directory /run/user/gdm/dconf. https://bugzilla.redhat.com/show_bug.cgi?id=743337 [ 5 ] Bug #743339 - SELinux is preventing /sbin/ldconfig from 'write' accesses on the file /home/james.cape/.config/autostart/dropbox.desktop. https://bugzilla.redhat.com/show_bug.cgi?id=743339 [ 6 ] Bug #743340 - SELinux is preventing /bin/systemctl from 'getattr' accesses on the file /proc/<pid>/comm. https://bugzilla.redhat.com/show_bug.cgi?id=743340 [ 7 ] Bug #743539 - nmb.service fails to start https://bugzilla.redhat.com/show_bug.cgi?id=743539 [ 8 ] Bug #743701 - SELinux is preventing /bin/systemctl from 'read' accesses on the directory system. https://bugzilla.redhat.com/show_bug.cgi?id=743701 [ 9 ] Bug #739896 - Snmpd isn't allowed to tell systemd it is up and running https://bugzilla.redhat.com/show_bug.cgi?id=739896 [ 10 ] Bug #739946 - NFS server fails to start https://bugzilla.redhat.com/show_bug.cgi?id=739946 [ 11 ] Bug #741143 - Selinux avc during login systemd_logind_t https://bugzilla.redhat.com/show_bug.cgi?id=741143 [ 12 ] Bug #741328 - The acroread plugin is denied access to a curl-ca-bundle.crt link over NFS https://bugzilla.redhat.com/show_bug.cgi?id=741328 [ 13 ] Bug #742642 - logrotate can now switch user https://bugzilla.redhat.com/show_bug.cgi?id=742642 [ 14 ] Bug #742704 - selinux problems accessing xen from libvirt https://bugzilla.redhat.com/show_bug.cgi?id=742704 [ 15 ] Bug #732937 - SELinux is preventing /sbin/ldconfig from 'append' accesses on the chr_file /dev/tty3. https://bugzilla.redhat.com/show_bug.cgi?id=732937 [ 16 ] Bug #739301 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/autofs. https://bugzilla.redhat.com/show_bug.cgi?id=739301 [ 17 ] Bug #739307 - inconsistent permissions on /dev/pts/ptmx after boot https://bugzilla.redhat.com/show_bug.cgi?id=739307 [ 18 ] Bug #739326 - SELinux is preventing /usr/libexec/colord from 'getattr' accesses on the file /home/zeenix/.local/share/icc/edid-9273c8341557b23c5b028113288023e8.icc. https://bugzilla.redhat.com/show_bug.cgi?id=739326 [ 19 ] Bug #741018 - SELinux is preventing /bin/systemctl from 'getattr' accesses on the directory /lib/systemd/system. https://bugzilla.redhat.com/show_bug.cgi?id=741018 [ 20 ] Bug #741079 - SELinux is preventing /lib/systemd/systemd-logind from 'rmdir' accesses on the directory dconf. https://bugzilla.redhat.com/show_bug.cgi?id=741079 [ 21 ] Bug #741223 - SELinux is preventing /lib/systemd/systemd-logind from 'getattr' accesses on the tcp_socket port None. https://bugzilla.redhat.com/show_bug.cgi?id=741223 [ 22 ] Bug #741261 - SELinux is preventing /bin/bash from 'search' accesses on the directory /lib/systemd/system. https://bugzilla.redhat.com/show_bug.cgi?id=741261 [ 23 ] Bug #741285 - SELinux is preventing /usr/sbin/acpid from 'ioctl' accesses on the chr_file /dev/input/event10. https://bugzilla.redhat.com/show_bug.cgi?id=741285 [ 24 ] Bug #741368 - SELinux is preventing /bin/systemctl from 'search' accesses on the directory 1. https://bugzilla.redhat.com/show_bug.cgi?id=741368 [ 25 ] Bug #742107 - SELinux is preventing /usr/sbin/vpnc from 'getattr' accesses on the unix_stream_socket unix_stream_socket. https://bugzilla.redhat.com/show_bug.cgi?id=742107 [ 26 ] Bug #742630 - /usr/bin/passwd produces lots of selinux errors https://bugzilla.redhat.com/show_bug.cgi?id=742630 [ 27 ] Bug #742900 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/vga_arbiter. https://bugzilla.redhat.com/show_bug.cgi?id=742900 [ 28 ] Bug #743128 - SELinux is preventing /bin/bash from 'search' accesses on the directorio /lib/systemd/system. https://bugzilla.redhat.com/show_bug.cgi?id=743128 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
