-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-586ab05666 2025-10-10 00:48:50.885609+00:00 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 42 Version : 42.12 Release : 1.fc42 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora. -------------------------------------------------------------------------------- Update Information: New F42 selinux-policy build New F42 selinux-policy build, the only change is confinement of new sshd executables -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 4 2025 Zdenek Pytela <[email protected]> - 42.12-1 - Adjust guest and xguest users policy for sshd-session - Allow valkey-server create and use netlink_rdma_socket - Allow blueman get attributes of filesystems with extended attributes - Update files_search_base_file_types() - Allow geoclue get attributes of the /dev/shm filesystem - Allow apcupsd get attributes of the /dev/shm filesystem - Allow sshd-session read cockpit pid files * Wed Sep 24 2025 Zdenek Pytela <[email protected]> - 42.11-1 - Allow nfs generator create and use netlink sockets - Conditionally allow virt guests to read certificates in user home directories - xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) - Allow nfs-generator create and use udp sockets - Allow kdump search kdumpctl_tmp_t directories - Allow init open and read user tmp files - Fix the systemd_logind_stream_connect() interface - Allow staff and sysadm execute iotop using sudo - Allow sudodomains connect to systemd-logind over a unix socket * Tue Sep 16 2025 Zdenek Pytela <[email protected]> - 42.10-1 - Add default contexts for sshd-seesion - Define types for new openssh executables -------------------------------------------------------------------------------- References: [ 1 ] Bug #2388133 - SELinux avc: denied { getattr } for pid=1769889 comm="mail" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0 https://bugzilla.redhat.com/show_bug.cgi?id=2388133 [ 2 ] Bug #2390668 - SELinux is preventing pool-2 from 'getattr' accesses on the filesystem /dev/shm. https://bugzilla.redhat.com/show_bug.cgi?id=2390668 [ 3 ] Bug #2391344 - SELinux is preventing sshd-session from 'read' accesses on the lnk_file /var/lock. https://bugzilla.redhat.com/show_bug.cgi?id=2391344 [ 4 ] Bug #2394936 - Selinux reports permissive nfs related blockings https://bugzilla.redhat.com/show_bug.cgi?id=2394936 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-586ab05666' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
