-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-16347 2012-10-18 00:01:28 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 17 Version : 3.10.0 Release : 156.fc17 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 17 2012 Miroslav Grepl <[email protected]> 3.10.0-156 - Allow nfsd to write to mount_var_run_t - Allow smokeping to execute bin_t - Allow sshd_t to execute login program - Allow prelink to read power_supply - Allow alsa to r/w alsa config files - Allow tuned to setsched kernel - Add labeling for /usr/sbin/mkhomedir_helper - Allow initrc_t to readl all systemd unit files - Allow mozilla_plugin_t to create .mplayer in users homedir - Allow sshd to send syslog msgs - Allow varnish execmem - Allow mongodb_t to getattr on all file systems - Allow pyzor running as spamc to manage amavis spool - Allow rhnsd to read /usr/lib/locale * Tue Oct 16 2012 Miroslav Grepl <[email protected]> 3.10.0-155 - Allow all openshift domains to read sysfs info - Allow openshift domains to getattr on all domains - Update httpd_run_stickshift boolean - Allow hplip to execute bin_t * Tue Oct 9 2012 Miroslav Grepl <[email protected]> 3.10.0-154 - fix opeshift labeling - Allow groupadd to read SELinux file context * Sun Oct 7 2012 Miroslav Grepl <[email protected]> 3.10.0-153 - Add openshift policy - Add changes needed by openshift policy - Allow vmnet-natd to request the kernel to load a module - Allown winbind to read /usr/share/samba/codepages/lowcase.dat - Access needed to allow hplip to send faxes - abrt_dump_oops needs to read debugfs - Add support for HTTPProxy* in /etc/freshclam.conf * Fri Oct 5 2012 Miroslav Grepl <[email protected]> 3.10.0-152 - Add file transition for mongodb lib dirs - Add labeling for /var/lib/mongo, /var/run/mongo - Allow gpg to write to /etc/mail/spamassassiin directories - Add support for hplip logs stored in /var/log/hp/tmp - Allow winbind to read usr_t - Add rhnsd policy - Add labeling for /etc/owncloud/config.php * Thu Sep 27 2012 Miroslav Grepl <[email protected]> 3.10.0-151 - Allow winbind to connect do ldap without a boolean - Allow mozilla-plugin to connect to commplex port - Fix tomcat template interface - Allow thumb to use user fonts * Mon Sep 24 2012 Miroslav Grepl <[email protected]> 3.10.0-150 - Backport tomcat fixes from F18 - Add filename transition for mongod.log - Dontaudit jockey to search /root/.local - Fix passenger labeling - fix corenetwork interfaces which needs to require ephemeral_port_t - Allow user domains to use tmpfs_t when it is created by the kernel and inherited by the app, IE No Open * Mon Sep 17 2012 Miroslav Grepl <[email protected]> 3.10.0-149 - Add sanlock_use_fusefs boolean - Add stapserver policy from F18 - Allow rhnsd to send syslog msgs - ABRT wants to read Xorg.0.log if if it detects problem with Xorg - ALlow chrome_sandbox to leak unix_dram_socket into chrome_sandbox_nacl_t - Allow postalias to read postfix config files - Allow tmpreaper to cleanup all files in /tmp - Allow chown capability for zarafa domains - Allow xauth to read /dev/urandom - Allow tmpreaper to list admin_home dir - Allow clamd to write/delete own pid file with clamd_var_run_t label - Add support for gitolite3 - Allow virsh_t to getattr on virtd_exec_t - Allow virsh can_exec on virsh_exec_t - Look up group name by spamass-milter-postfix - Add mozilla_plugin_can_network_connect boolean - Fix /var/lib/sqlgrey labeling - Add support for a new path for passenger * Tue Aug 28 2012 Miroslav Grepl <[email protected]> 3.10.0-148 - Allow virsh to stream connect to virtd - Add support for $HOME/.cache/libvirt - Allow groupadd_t to search default_context - Allow xdm_t to search dirs with xdm_unconfined_exec_t label - Allow ksysguardproces to read/write config_usr_t - Backport passenger policy from F18 - Allow wdmd to create wdmd_tmpfs_t * Thu Aug 23 2012 Miroslav Grepl <[email protected]> 3.10.0-147 - Fix passenger labeling - Add thumb_tmpfs_t files type - Add file name transitions for ttyACM0 - Allow virtd to send dbus messages to firewalld * Mon Aug 20 2012 Miroslav Grepl <[email protected]> 3.10.0-146 - Allow tmpreaper to delete unlabeled files - Backport selinux_login_config fixes from F18 for sssd - Allow thumb drives to create shared memory and semaphores - Make "snmpwalk -mREDHAT-CLUSTER-MIB ...." working - Allow dlm_controld to execute dlm_stonith labeled as bin_t - Allow GFS2 working on F17 - Allow thumb to gettatr on all fs - Allow condor domains to read kernel sysctls - Allow condor_master to connect to amqp - Allow abrt to read mozilla_plugin config files - Backport squid policy with support for lightsquid - Allow useradd to modify /etc/default/useradd - dovecot_auth_t uses ldap for user auth - Dontaudit mozilla_plugin attempts to ipc_lock - Allow tmpreaper to search unlabeled /tmp/kdecache-root - Allow jockey to list the contents of modeprobe.d - Allow web plugins to connect to the asterisk ports * Wed Aug 8 2012 Miroslav Grepl <[email protected]> 3.10.0-145 - Allow Chrome_ChildIO to read dosfs_t - Fix svirt to be allowed to use fusefs file system - Sanlock needs to send Kill Signals to non root process - Allow sendmail to read/write postfix_delivery_t * Mon Aug 6 2012 Miroslav Grepl <[email protected]> 3.10.0-144 - Allow sendmail to read/write postfix_delivery_t - Update sanlock policy to solve all AVC's - Change virt interface so confined users can optionally manage virt content - setroubleshoot was trying to getattr on sysctl and proc stuff - Need to allow svirt_t ability to getattr on nfs_t file system - Allow staff users to run svirt_t processes - Add new booleans to allow staff user and unprivuser to use boxes * Thu Aug 2 2012 Miroslav Grepl <[email protected]> 3.10.0-143 - Alias firstboot_tmp_t to tmp_t - Add support for sqlgre - Allow postfix to connect to spampd - Add support for spampd and treat it as spamd_t policy - Allow munin mail plugin to read exim.log - Fix mta_mailserver_delivery() interface - Allow logrotate to getattr on systemd unit files - Allow tor to read kernel sysctls - Add new man pages - Fix labeling for pingus * Fri Jul 27 2012 Miroslav Grepl <[email protected]> 3.10.0-142 - Regenerate man pages - Dontaudit mysqld_safe sending signull to random domains - Add interface for mysqld to dontaudit signull to all processes - Allow editparams.cgi running as httpd_bugzilla_script_t to read /etc/group - Allow smbd to read cluster config - Add additional labelinf for passenger - Add labeling for /var/motion - Add amavis_use_jit boolean - Allow mongod to connet to postgresql port * Tue Jul 24 2012 Miroslav Grepl <[email protected]> 3.10.0-141 - Allow samba_net to read /proc/net - Allow hplip_t to send notification dbus messages to users - Allow mailserver_deliver to read/write own pip - Allow munin-plugin domains to read /etc/passwd - Allow postfix_cleanup to use sockets create for smtpd - Dovecot seems to be searching directories of every mountpoint, lets just dontaudit this - Allow mozilla-plugin to read all kernel sysctls - Allow jockey to read random/urandom - Dontaudit dovecot to search all dirs - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - Add labelling and allow rules based on avc's from RHEL6 for amavis * Wed Jul 18 2012 Miroslav Grepl <[email protected]> 3.10.0-140 - Add support for rhnsd daemon - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Fix rhsmcertd pid filetrans - Allow NM to execute wpa_cli - Allow procmail to manage /home/user/Maildir content - Allow amavis to read clamd system state - Allow postdrop to use unix_stream_sockets leaked into it - Allow uucpd_t to uucpd port * Sun Jul 15 2012 Miroslav Grepl <[email protected]> 3.10.0-139 - Add support for ecryptfs * ecryptfs does not support xattr - Allow lpstat.cups to read fips_enabled file - Allow pyzor running as spamc_t to create /root/.pyzor directory - Add labeling for amavisd-snmp init script - Add support for amavisd-snmp - Allow fprintd sigkill self - Allow xend (w/o libvirt) to start virtual machines - Allow aiccu to read /etc/passwd - accountsd needs to fchown some files/directories - Add ICACLient and zibrauserdata as mozilla_filetrans_home_content - Allow xend_t to read the /etc/passwd file - Allow freshclam to update databases thru HTTP proxy - Add init_access_check() interface - Allow s-m-config to access check on systemd - Allow abrt to read public files by default - Fix amavis_create_pid_files() interface - Allow tuned sys_nice, sys_admin caps - Allow amavisd to execute fsav - Allow system_dbusd_t to stream connect to bluetooth, and use its socket * Tue Jul 10 2012 Miroslav Grepl <[email protected]> 3.10.0-138 - Add labeling for aeolus-configserver-thinwrapper - Allow thin domains to execute shell - Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files - Allow OpenMPI job to use kerberos - Make deltacloudd_t as nsswitch_domain - Allow xend_t to run lsscsi - Allow qemu-dm running as xend_t to create tun_socket - Allow jockey-backend to read pyconfig-64.h labeled as usr_t - Fix alsa_manage_home_files interface - Fix clamscan_can_scan_system boolean - Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11 * Tue Jul 3 2012 Miroslav Grepl <[email protected]> 3.10.0-137 - Fixes for passenger running within openshift - Add labeling for all tomcat6 dirs - Allow cobblerd to read /etc/passwd - Allow jockey to read sysfs and and execute binaries with bin_t - Allow thum to use user terminals - Allow systemd_logind_t to read/write /dev/input0 * Fri Jun 29 2012 Miroslav Grepl <[email protected]> 3.10.0-136 - Fixes to make minimal policy to be installed * Wed Jun 27 2012 Miroslav Grepl <[email protected]> 3.10.0-135 - abrt_watch_log should be abrt_domain - add ptrace_child access to process - Allow mozilla_plugin to connect to gatekeeper port - Allow dbomatic to execute ruby - Allow boinc domains to manage boinc_lib_t lnk_files - Add support for boinc-client.service unit file - add support for boinc.log - Allow httpd_smokeping_cgi_script_t to read /etc/passwd * Tue Jun 26 2012 Miroslav Grepl <[email protected]> 3.10.0-134 - Allow mozilla_plugin execmod on mozilla home files if allow_execmod - Allow dovecot_deliver_t to read dovecot_var_run_t - Add tomcat policy from F18 - Allow ldconfig and insmod to manage kdumpctl tmp files - Add kdumpctl policy - Move thin policy out from cloudform.pp and add a new thin policy files - pacemaker needs to communicate with corosync streams - abrt is now started on demand by dbus - Allow certmonger to talk directly to Dogtag servers - Change labeling for /var/lib/cobbler/webui_sessions to httpd_cobbler_rw_content_t - Allow mozila_plugin to execute gstreamer home files - Allow useradd to delete all file types stored in the users homedir - rhsmcertd reads the rpm database - Add support for lightdm * Fri Jun 22 2012 Miroslav Grepl <[email protected]> 3.10.0-133 - Dontaudit thumb to setattr on xdm_tmp dirs - Allow wicd to execute ldconfig - Add /var/run/cherokee\.pid labeling - Allow snort to create netlink_socket - Allow setpcap for rpcd_t - Firstboot should be just creating tmp_t dirs - Transition xauth files within firstboot_tmp_t - Fix labeling of /run/media to match /media - Allow firstboot to create tmp_t files/directories - Label tuned scripts located in /etc as bin_t - Add port definition for mxi port - Fix labeling for /var/log/lxdm.log.old - Allow ddclient to read /etc/passwd - change dovecot_deliver to manage mail_home_rw_t - Remove razor/pyzor policy - Allow local_login_t to execute tmux - Allow mozilla_plugin_t to execute the dynamic link/loader * Mon Jun 18 2012 Miroslav Grepl <[email protected]> 3.10.0-132 - apcupsd needs to read /etc/passwd - Sanlock allso sends sigkill - Allow glance_registry to connect to the mysqld port - Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl - Allow firefox plugins/flash to connect to port 1234 - Allow mozilla plugins to delete user_tmp_t files - Add transition name rule for printers.conf.O - Allow virt_lxc_t to read urand - Allow systemd_loigind to list gstreamer_home_dirs - Fix labeling for /usr/bin - Fixes for cloudform services * support FIPS - Allow polipo to work as web caching - Allow chfn to execute tmux * Fri Jun 15 2012 Miroslav Grepl <[email protected]> 3.10.0-131 - Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage - Allow dovecot to manage Maildir content, fix transitions to Maildir - Allow postfix_local to transition to dovecot_deliver - Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code - Cleanup interface definitions - Allow apmd to change with the logind daemon - Changes required for sanlock in rhel6 - Label /run/user/apache as httpd_tmp_t - Allow thumb to use lib_t as execmod if boolean turned on - Allow squid to create the squid directory in /var with the correct - When staff_t runs libvirt it reads dnsmasq_var_run_t - Mount command now lists user_tmp looking for gvfs - /etc/blkid is moving to /run/blkid - Allow rw_cgroup_files to also read a symlink - Make sure gdm directory in ~/.cache/gdm gets created with the correct label - Add labeling for .cache/gdm in the homedir - Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs - xdm now needs to execute xsession_exec_t - Need labels for /var/lib/gdm * Mon Jun 11 2012 Miroslav Grepl <[email protected]> 3.10.0-130 - Dontaudit logwatch to gettr on /dev/dm-2 - Allow policykit-auth to manage kerberos files - Allow systemd_logind_t to signal, signull, sigkill all processes - Add filetrans rules for etc_runtime files - Allow systemd_login to send signals to devicekit power - Allow systemd_logind to signal initrc scripts to handle third party packages running as initrc_t - Allow virsh to read /etc/passwd - Allow policykit to manage kerberos rcache files - Allow systemd-logind to send a signal to init_t - /usr/sbin/xl2tpd wants to read /etc/group - Allow ncftool to list of content /etc/modprobe.d - Allow dkim-milter to listen own tcp_socke * Fri Jun 8 2012 Miroslav Grepl <[email protected]> 3.10.0-129 - Allow collectd to read virt config - Allow collectd setsched - Add support for /usr/sbin/mdm* - Fix java binaries labels when installed under /usr/lib/jvm/java - Add labeling for /var/run/mdm - Allow apps that can read net_conf_t files read symlinks - Allow all domains that can search or read tmp_t, able to read a tmp_t link - Dontaudit mozilla_plugin looking at xdm_tmp_t - Looks like collectd needs to change it scheduling priority - Allow uux_t to access nsswitch data - New labeling for samba, pid dirs moved to subdirs of samba - Allow nova_api to use nsswitch - Allow mozilla_plugin to execute files labeled as lib_t - Label content under HOME_DIR/zimbrauserdata as mozilla_home date - abrt is fooled into reading mozilla_plugin content, we want to dontaudit - Allow mozilla_plugin to connect to ircd ports since a plugin might be a irc chat window - Allow winbind to create content in smbd_var_run_t directories - Allow setroubleshoot_fixit to read the selinux policy store. No reason to deny it - Support libvirt plugin for collectd * Wed May 30 2012 Miroslav Grepl <[email protected]> 3.10.0-128 - Fix description of authlogin_nsswitch_use_ldap - Fix transition rule for rhsmcertd_t needed for RHEL7 - Allow useradd to list nfs state data - Allow openvpn to manage its log file and directory - We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly - Allow thumb to use nvidia devices - Allow local_login to create user_tmp_t files for kerberos - Pulseaudio needs to read systemd_login /var/run content - virt should only transition named system_conf_t config files - Allow munin to execute its plugins - Allow nagios system plugin to read /etc/passwd - Allow plugin to connect to soundd port - Fix httpd_passwd to be able to ask passwords - Radius servers can use ldap for backing store - Seems to need to mount on /var/lib for xguest polyinstatiation to work. - Allow systemd_logind to list the contents of gnome keyring - VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL - Add policy for isns-utils * Mon May 28 2012 Miroslav Grepl <[email protected]> 3.10.0-127 - Add policy for subversion daemon - Allow boinc to read passwd - Allow pads to read kernel network state - Fix man2html interface for sepolgen-ifgen - Remove extra /usr/lib/systemd/system/smb - Remove all /lib/systemd and replace with /usr/lib/systemd - Add policy for man2html - Fix the label of kerberos_home_t to krb5_home_t - Allow mozilla plugins to use Citrix - Allow tuned to read /proc/sys/kernel/nmi_watchdog - Allow tune /sys options via systemd's tmpfiles.d "w" type * Wed May 23 2012 Miroslav Grepl <[email protected]> 3.10.0-126 - Dontaudit lpr_t to read/write leaked mozilla tmp files - Add file name transition for .grl-podcasts directory - Allow corosync to read user tmp files - Allow fenced to create snmp lib dirs/files - More fixes for sge policy - Allow mozilla_plugin_t to execute any application - Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain - Allow mongod to read system state information - Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t - Allow polipo to manage polipo_cache dirs - Add jabbar_client port to mozilla_plugin_t - Cleanup procmail policy - system bus will pass around open file descriptors on files that do not have labels on them - Allow l2tpd_t to read system state - Allow tuned to run ls /dev - Allow sudo domains to read usr_t files - Add label to machine-id - Fix corecmd_read_bin_symlinks cut and paste error * Wed May 16 2012 Miroslav Grepl <[email protected]> 3.10.0-125 - Fix pulseaudio port definition - Add labeling for condor_starter - Allow chfn_t to creat user_tmp_files - Allow chfn_t to execute bin_t - Allow prelink_cron_system_t to getpw calls - Allow sudo domains to manage kerberos rcache files - Allow user_mail_domains to work with courie - Port definitions necessary for running jboss apps within openshift - Add support for openstack-nova-metadata-api - Add support for nova-console* - Add support for openstack-nova-xvpvncproxy - Fixes to make privsep+SELinux working if we try to use chage to change passwd - Fix auth_role() interface - Allow numad to read sysfs - Allow matahari-rpcd to execute shell - Add label for ~/.spicec - xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it - Devicekit_disk wants to read the logind sessions file when writing a cd - Add fixes for condor to make condor jobs working correctly - Change label of /var/log/rpmpkgs to cron_log_t - Access requires to allow systemd-tmpfiles --create to work. - Fix obex to be a user application started by the session bus. - Add additional filename trans rules for kerberos - Fix /var/run/heartbeat labeling - Allow apps that are managing rcache to file trans correctly - Allow openvpn to authenticate against ldap server - Containers need to listen to network starting and stopping events * Wed May 9 2012 Miroslav Grepl <[email protected]> 3.10.0-124 - Make systemd unit files less specific * Mon May 7 2012 Miroslav Grepl <[email protected]> 3.10.0-123 - Fix zarafa labeling - Allow guest_t to fix labeling - corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean - add lxc_contexts - Allow accountsd to read /proc - Allow restorecond to getattr on all file sytems - tmpwatch now calls getpw - Allow apache daemon to transition to pwauth domain - Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t - The obex socket seems to be a stream socket - dd label for /var/run/nologin * Mon May 7 2012 Miroslav Grepl <[email protected]> 3.10.0-122 - Allow jetty running as httpd_t to read hugetlbfs files - Allow sys_nice and setsched for rhsmcertd - Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports - Allow setfiles to append to xdm_tmp_t - Add labeling for /export as a usr_t directory - Add labels for .grl files created by gstreamer -------------------------------------------------------------------------------- References: [ 1 ] Bug #827732 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from 'getattr' accesses on the fifo_file /dev/initctl. https://bugzilla.redhat.com/show_bug.cgi?id=827732 [ 2 ] Bug #828868 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from 'write' accesses on the file /home/andrig/zimbrauserdata/profile/.parentlock. https://bugzilla.redhat.com/show_bug.cgi?id=828868 [ 3 ] Bug #834089 - SELinux is preventing /usr/bin/perl from 'accept' accesses on the unix_stream_socket /run/mod_fcgid/2457.2. https://bugzilla.redhat.com/show_bug.cgi?id=834089 [ 4 ] Bug #840241 - SELinux is preventing /usr/sbin/sshd from read, open access on the file /usr/bin/login. https://bugzilla.redhat.com/show_bug.cgi?id=840241 [ 5 ] Bug #842889 - SELinux is preventing /usr/bin/bash from 'read' accesses on the directory power_supply. https://bugzilla.redhat.com/show_bug.cgi?id=842889 [ 6 ] Bug #844167 - Error in PREIN scriptlet in rpm package libvirt-daemon-0.9.11.4-3.fc17.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=844167 [ 7 ] Bug #849793 - SELinux is preventing /usr/bin/qemu-kvm from 'getattr' accesses on the file /usr/share/alsa/alsa.conf. https://bugzilla.redhat.com/show_bug.cgi?id=849793 [ 8 ] Bug #852681 - Error in PREIN scriplet in rpm package ecryptfs-utils-100-1.fc17.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=852681 [ 9 ] Bug #857951 - SELinux is preventing /usr/sbin/sysctl from using the 'setsched' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=857951 [ 10 ] Bug #859143 - SELinux is preventing /usr/sbin/mount.ecryptfs_private from 'write' accesses on the key . https://bugzilla.redhat.com/show_bug.cgi?id=859143 [ 11 ] Bug #859730 - SELinux is preventing /usr/bin/ln from 'read' accesses on the lnk_file /usr/lib/systemd/system/anaconda.target.wants/[email protected]. https://bugzilla.redhat.com/show_bug.cgi?id=859730 [ 12 ] Bug #860134 - SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'setattr' accesses on the file ParseLock009. https://bugzilla.redhat.com/show_bug.cgi?id=860134 [ 13 ] Bug #862097 - SELinux is preventing /usr/libexec/totem-plugin-viewer from setattr access on the file ParseLock002 https://bugzilla.redhat.com/show_bug.cgi?id=862097 [ 14 ] Bug #862917 - Varnish 3.0.3 hangs on startup https://bugzilla.redhat.com/show_bug.cgi?id=862917 [ 15 ] Bug #863132 - pam_mkhomedir creates home directory with wrong SELinux label https://bugzilla.redhat.com/show_bug.cgi?id=863132 [ 16 ] Bug #864581 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from 'write' accesses on the file /tmp/ffiVmjGXy (deleted). https://bugzilla.redhat.com/show_bug.cgi?id=864581 [ 17 ] Bug #864624 - SELinux is preventing /usr/bin/gtk-gnash from 'read' accesses on the file pulse-shm-954421147. https://bugzilla.redhat.com/show_bug.cgi?id=864624 [ 18 ] Bug #865063 - SELinux is preventing /usr/sbin/sshd from 'create' accesses on the unix_dgram_socket . https://bugzilla.redhat.com/show_bug.cgi?id=865063 [ 19 ] Bug #865320 - SELinux is preventing /usr/bin/mplayer from 'create' accesses on the directory .mplayer. https://bugzilla.redhat.com/show_bug.cgi?id=865320 [ 20 ] Bug #865328 - SELinux is preventing /usr/lib64/nspluginwrapper/npconfig from 'getattr' accesses on the filesystem /. https://bugzilla.redhat.com/show_bug.cgi?id=865328 [ 21 ] Bug #865652 - SELinux is preventing /usr/libexec/telepathy-idle from 'read' accesses on the file /usr/share/glib-2.0/schemas/gschemas.compiled. https://bugzilla.redhat.com/show_bug.cgi?id=865652 [ 22 ] Bug #865677 - SELinux is preventing /usr/bin/mongod from 'getattr' accesses on the filesystem /. https://bugzilla.redhat.com/show_bug.cgi?id=865677 [ 23 ] Bug #866007 - SELinux is preventing /usr/bin/mount from 'write' accesses on the file utab. https://bugzilla.redhat.com/show_bug.cgi?id=866007 [ 24 ] Bug #866090 - SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'write' accesses on the sock_file native. https://bugzilla.redhat.com/show_bug.cgi?id=866090 [ 25 ] Bug #866091 - SELinux is preventing /usr/bin/pulseaudio from 'write' accesses on the directory pulse-PzMs5qhuZ1EO. https://bugzilla.redhat.com/show_bug.cgi?id=866091 [ 26 ] Bug #866131 - SELinux is preventing /usr/lib64/chromium-browser/nacl_helper_bootstrap from using the 'sigkill' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=866131 [ 27 ] Bug #866218 - SELinux is preventing /usr/bin/gtk-gnash from 'open' accesses on the file /dev/shm/pulse-shm-2764735808. https://bugzilla.redhat.com/show_bug.cgi?id=866218 [ 28 ] Bug #866443 - SELinux is preventing /usr/bin/python2.7 from 'getattr' accesses on the file /etc/passwd. https://bugzilla.redhat.com/show_bug.cgi?id=866443 [ 29 ] Bug #866604 - SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the file /usr/bin/python2.7. https://bugzilla.redhat.com/show_bug.cgi?id=866604 [ 30 ] Bug #866912 - SELinux is preventing /usr/sbin/rpcbind from 'getattr' accesses on the file /etc/passwd. https://bugzilla.redhat.com/show_bug.cgi?id=866912 [ 31 ] Bug #867165 - Numerous AVC's preventing pyzor integration with amavisd https://bugzilla.redhat.com/show_bug.cgi?id=867165 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
