-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-5870 2012-04-14 01:39:39 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 17 Version : 3.10.0 Release : 114.fc17 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - Add support for clamd+systemd - Allow fresclam to execute systemctl to handle clamd - Change labeling for /usr/sbin/rpc.ypasswd.env - Allow yppaswd_t to execute yppaswd_exec_t - Allow yppaswd_t to read /etc/passwd - Gnomekeyring socket has been moved to /run/user/USER/ - Allow samba-net to connect to ldap port - Allow signal for vhostmd - allow mozilla_plugin_t to read user_home_t socket - New access required for secure Linux Containers - zfs now supports xattrs - Allow quantum to execute sudo and list sysfs - Allow init to dbus chat with the firewalld - Allow zebra to read /etc/passwd - Turn off deny_ptrace by default - upowered needs to setsched on the kernel - Allow mpd_t to manage log files - Allow xdm_t to create /var/run/systemd/multi-session-x - Add rules for missedfont.log to be used by thumb.fc - Additional access required for virt_qmf_t - Allow dhclient to dbus chat with the firewalld - Add label for lvmetad - Allow systemd_logind_t to remove userdomain sock_files - Allow cups to execute usr_t files - Fix labeling on nvidia shared libraries - wdmd_t needs access to sssd and /etc/passwd - Add boolean to allow ftp servers to run in passive mode - Allow namepspace_init_t to relabelto/from a different user system_u from the user the namespace_init running with - Fix using httpd_use_fusefs - Allow chrome_sandbox_nacl to write inherited user tmp files as we allow it for chrome_sandbox -------------------------------------------------------------------------------- References: [ 1 ] Bug #802551 - gnome-boxes 3.3.90-1 "Box creation failed" https://bugzilla.redhat.com/show_bug.cgi?id=802551 [ 2 ] Bug #809323 - SELinux is preventing /usr/sbin/sshd from using the 'signal' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=809323 [ 3 ] Bug #809327 - SELinux is preventing /opt/google/chrome/nacl_helper_bootstrap from 'write' accesses on the file /tmp/evo.log. https://bugzilla.redhat.com/show_bug.cgi?id=809327 [ 4 ] Bug #809328 - SELinux is preventing /usr/sbin/ldconfig from 'read' accesses on the directory /usr/bin. https://bugzilla.redhat.com/show_bug.cgi?id=809328 [ 5 ] Bug #809438 - SELinux is preventing /usr/bin/qemu-kvm from 'add_name' accesses on the directory Windows8-ConsumerPreview-64bit-English.iso.monitor. https://bugzilla.redhat.com/show_bug.cgi?id=809438 [ 6 ] Bug #810508 - network service can't talk to firewalld https://bugzilla.redhat.com/show_bug.cgi?id=810508 [ 7 ] Bug #810585 - SELinux is preventing systemd-logind from 'unlink' accesses on the sock_file gnome-system-monitor.neil.724887958. https://bugzilla.redhat.com/show_bug.cgi?id=810585 [ 8 ] Bug #810648 - RPM Scriptlet: /usr/share/selinux/devel/include/apps/jockey.if: Syntax error on line 70626 jockey_cache_t [type=IDENTIFIER] https://bugzilla.redhat.com/show_bug.cgi?id=810648 [ 9 ] Bug #811103 - SELinux is preventing /usr/sbin/smbd from 'name_connect' accesses on the tcp_socket . Installed 'samba' package from redhat packages, and started via: # systemctl enable smb.service # systemctl start smb.service https://bugzilla.redhat.com/show_bug.cgi?id=811103 [ 10 ] Bug #811351 - quagga does not start up if selinux is enforcing https://bugzilla.redhat.com/show_bug.cgi?id=811351 [ 11 ] Bug #811757 - SELinux is preventing spice-vdagentd from using the 'signal' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=811757 [ 12 ] Bug #811842 - selinux prevents yppasswdd from starting https://bugzilla.redhat.com/show_bug.cgi?id=811842 [ 13 ] Bug #812023 - SELinux is preventing sh from 'getattr' accesses on the file /usr/bin/systemctl. https://bugzilla.redhat.com/show_bug.cgi?id=812023 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-announce