-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-20813 2012-12-21 19:53:54 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 18 Version : 3.11.1 Release : 67.fc18 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 21 2012 Miroslav Grepl <[email protected]> 3.11.1-67 - systemd_logind_t is looking at all files under /run/user/apache - Allow systemd to manage all user tmp files - Add labeling for /var/named/chroot/etc/localtime - Allow netlabel_peer_t type to flow over netif_t and node_t, and only be hindered by MLS, need back port to RHEL6 - Keystone is now using a differnt port - Allow xdm_t to use usbmuxd daemon to control sound - Allow passwd daemon to execute gnome_exec_keyringd - Fix chrome_sandbox policy - Add labeling for /var/run/checkquorum-timer - More fixes for the dspam domain, needs back port to RHEL6 - More fixes for the dspam domain, needs back port to RHEL6 - sssd needs to connect to kerberos password port if a user changes his password - Lots of fixes from RHEL testing of dspam web - Allow chrome and mozilla_plugin to create msgq and semaphores - Fixes for dspam cgi scripts - Fixes for dspam cgi scripts - Allow confine users to ptrace screen - Backport virt_qemu_ga_t changes from RHEL - Fix labeling for dspam.cgi needed for RHEL6 - We need to back port this policy to RHEL6, for lxc domains - Dontaudit attempts to set sys_resource of logrotate - Allow corosync to read/write wdmd's tmpfs files - I see a ptrace of mozilla_plugin_t by staff_t, will allow without deny_ptrace being set - Allow cron jobs to read bind config for unbound - libvirt needs to inhibit systemd - kdumpctl needs to delete boot_t files - Fix duplicate gnome_config_filetrans - virtd_lxc_t is using /dev/fuse - Passenger needs to create a directory in /var/log, needs a backport to RHEL6 for openshift - apcupsd can be setup to listen to snmp trafic - Allow transition from kdumpgui to kdumpctl - Add fixes for munin CGI scripts - Allow deltacloud to connect to openstack at the keystone port - Allow domains that transition to svirt domains to be able to signal them - Fix file context of gstreamer in .cache directory - libvirt is communicating with logind - NetworkManager writes to the systemd inhibit pipe -------------------------------------------------------------------------------- References: [ 1 ] Bug #873946 - SELinux is preventing /usr/bin/totem-video-thumbnailer from 'unlink' accesses on the file /home/mikhail/.cache/gstreamer-1.0/registry.i686.bin. https://bugzilla.redhat.com/show_bug.cgi?id=873946 [ 2 ] Bug #887410 - SELinux is preventing /usr/sbin/libvirtd from using the 'signull' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=887410 [ 3 ] Bug #887880 - SELinux is preventing /usr/sbin/logrotate from using the 'sys_admin' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=887880 [ 4 ] Bug #887932 - SELinux is preventing /usr/bin/passwd from 'execute' accesses on the file /usr/bin/gnome-keyring-daemon. https://bugzilla.redhat.com/show_bug.cgi?id=887932 [ 5 ] Bug #887980 - qemu-kvm getting avc errors "netlink_route_socket" https://bugzilla.redhat.com/show_bug.cgi?id=887980 [ 6 ] Bug #888359 - SELinux is preventing /usr/libexec/gvfs-afc-volume-monitor from 'getattr' accesses on the sock_file /run/usbmuxd. https://bugzilla.redhat.com/show_bug.cgi?id=888359 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
