-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-11846 2013-06-27 15:29:15 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 19 Version : 3.12.1 Release : 57.fc19 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 26 2013 Miroslav Grepl <[email protected]> 3.12.1-57 - Make DSPAM to act as a LDA working - Allow ntop to create netlink socket - Allow policykit to send a signal to policykit-auth - Allow stapserver to dbus chat with avahi/systemd-logind - Fix labeling on haproxy unit file - Clean up haproxy policy - A new policy for haproxy and placed it to rhcs.te - Add support for ldirectord and treat it with cluster_t - Make sure anaconda log dir is created with var_log_t * Mon Jun 24 2013 Miroslav Grepl <[email protected]> 3.12.1-56 - Allow lvm_t to create default targets for filesystem handling - Fix labeling for razor-lightdm binaries - Allow insmod_t to read any file labeled var_lib_t - Add policy for pesign - Activate policy for cmpiLMI_Account-cimprovagt - Allow isnsd syscall=listen - /usr/libexec/pegasus/cimprovagt needs setsched caused by sched_setscheduler - Allow ctdbd to use udp/4379 - gatherd wants sys_nice and setsched - Add support for texlive2012 - Allow NM to read file_t (usb stick with no labels used to transfer keys for example) - Allow cobbler to execute apache with domain transition * Fri Jun 21 2013 Miroslav Grepl <[email protected]> 3.12.1-55 - condor_collector uses tcp/9000 - Label /usr/sbin/virtlockd as virtd_exec_t for now - Allow cobbler to execute ldconfig - Allow NM to execute ssh - Allow mdadm to read /dev/crash - Allow antivirus domains to connect to snmp port - Make amavisd-snmp working correctly - Allow nfsd_t to mounton nfsd_fs_t - Add initial snapper policy - We still need to have consolekit policy - Dontaudit firefox attempting to connect to the xserver_port_t if run within sandbox_web_t - Dontaudit sandbox apps attempting to open user_devpts_t - Allow dirsrv to read network state - Fix pki_read_tomcat_lib_files - Add labeling for /usr/libexec/nm-ssh-service - Add label cert_t for /var/lib/ipa/pki-ca/publish - Lets label /sys/fs/cgroup as cgroup_t for now, to keep labels consistant - Allow nfsd_t to mounton nfsd_fs_t - Dontaudit sandbox apps attempting to open user_devpts_t - Allow passwd_t to change role to system_r from unconfined_r -------------------------------------------------------------------------------- References: [ 1 ] Bug #896624 - Invalid selinux policy for openlmi-account package https://bugzilla.redhat.com/show_bug.cgi?id=896624 [ 2 ] Bug #964943 - SELinux is preventing /usr/bin/mount from 'mounton' accesses on the directory /proc/fs/nfsd. https://bugzilla.redhat.com/show_bug.cgi?id=964943 [ 3 ] Bug #969090 - SELinux is preventing /usr/bin/razor-lightdm-greeter from read, open access on the file /usr/bin/razor-lightdm-greeter. https://bugzilla.redhat.com/show_bug.cgi?id=969090 [ 4 ] Bug #969941 - SELinux is preventing /usr/bin/chmod from 'setattr' accesses on the directory helvetic. https://bugzilla.redhat.com/show_bug.cgi?id=969941 [ 5 ] Bug #975817 - SELinux is preventing /usr/sbin/ntop from 'read' accesses on the chr_file usbmon11. https://bugzilla.redhat.com/show_bug.cgi?id=975817 [ 6 ] Bug #975876 - SELinux is preventing /usr/bin/bash from 'open' accesses on the chr_file /dev/pts/0. https://bugzilla.redhat.com/show_bug.cgi?id=975876 [ 7 ] Bug #975897 - ConsoleKit (via lightdm/pam_ck_connector.so) registration fails https://bugzilla.redhat.com/show_bug.cgi?id=975897 [ 8 ] Bug #975999 - SELinux is preventing /usr/libexec/nm-ssh-service from 'execute' accesses on the file /usr/bin/ssh. https://bugzilla.redhat.com/show_bug.cgi?id=975999 [ 9 ] Bug #976159 - SELinux is preventing /usr/sbin/ns-slapd from 'read' accesses on the file unix. https://bugzilla.redhat.com/show_bug.cgi?id=976159 [ 10 ] Bug #976207 - SELinux is preventing /usr/libexec/at-spi-bus-launcher from 'name_connect' accesses on the tcp_socket . https://bugzilla.redhat.com/show_bug.cgi?id=976207 [ 11 ] Bug #976548 - SELinux is preventing /usr/bin/perl from 'write' accesses on the directory clamd.amavisd. https://bugzilla.redhat.com/show_bug.cgi?id=976548 [ 12 ] Bug #977991 - SELinux is preventing /usr/lib/polkit-1/polkitd from using the 'signal' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=977991 [ 13 ] Bug #978004 - disable dontaudit rules for lightdm https://bugzilla.redhat.com/show_bug.cgi?id=978004 [ 14 ] Bug #976308 - FreeIPA's httpd cannot read CRL generated by PKI https://bugzilla.redhat.com/show_bug.cgi?id=976308 [ 15 ] Bug #976640 - Initial console login as root with ConsoleKit enabled is slow https://bugzilla.redhat.com/show_bug.cgi?id=976640 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
