4.142. libselinux

Updated libselinux packages that fix three bugs are now available for Red Hat Enterprise Linux 6.
The libselinux packages contain the core library of an SELinux system. The libselinux library provides an API for SELinux applications to get and set process and file security contexts, and to obtain security policy decisions. It is required for any applications that use the SELinux API, and used by all applications that are SELinux-aware.

Bug Fixes

BZ#698583
Prior to this update, Python bindings for the restorecon command required a user to specify the entire path. Consequent to this, an attempt to use the selinux.restorecon() function with a relative path failed with the following error message:
OSError: [Errno 2] No such file or directory
This update corrects the Python bindings to allow the use of the selinux.restorecon() function with a relative path or just a file name.
BZ#706049
Previously, the is_selinux_enabled() function may have incorrectly returned a positive value even when the machine was disabled. This happened when the same process that made the calls to disable SELinux attempted to determine if SELinux is enabled, because the selinux_mnt variable was not properly freed and still contained old data. With this update, a patch has been applied to make sure the selinux_mnt variable is now properly freed, and the is_selinux_enabled() function works as expected.
BZ#748471
When a semanage login record was set up using a group name and the number of elements in the group was too large, login programs failed to log in the user with the correct context. This update corrects the libselinux library to return all users within a group so that the correct SELinux user record is used. As a result, users with the correct context can now log in as expected in this scenario.
All users of libselinux are advised to upgrade to these updated packages, which fix these bugs.
Enhanced libselinux packages are now available for Red Hat Enterprise Linux 6.
[Updated 6 Apr 2011] The text of this advisory has been updated to reflect the fact that these packages are not new in Red Hat Enterprise Linux 6.
Security-enhanced Linux (SELinux) is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement, Role-based Access Control, and Multi-level Security. The libselinux library provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions, and is required for any applications that use the SELinux API.
This enhancement update moves the selinux-ruby package from the Red Hat Enterprise Linux 6 Optional channels to the Red Hat Enterprise Linux 6 base channels. This update does not make any other changes to these packages. (BZ#810119)
All users who require SELinux should install these enhanced packages.
Updated libselinux packages that add one enhancement are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The libselinux packages contain the core library of an SELinux system. The libselinux library provides an API for SELinux applications to get and set process and file security contexts, and to obtain security policy decisions. It is required for any applications that use the SELinux API, and used by all applications that are SELinux-aware.

Enhancement

BZ#956981
Previously, a substitution of the "/" directory was not directly possible. With this update, support for a substitution of the root directory has been added to allow proper labeling of all directories and files under an alternative root directory.
Users of libselinux are advised to upgrade to these updated packages, which adds this enhancement.