Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.156. policycoreutils

Updated policycoreutils packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.

Bug Fixes

BZ#860506
Previously, several semanage command-line options did not work as expected. With this update, these options have been corrected and now work proprerly.
BZ#868218
With this update, the semanage man page has been updated to be consistent with information contained in the semanage help page.
BZ#886059
Due to a bug in the policycoreutils package, installation of the ipa-server-selinux package failed. This bug has been fixed and ipa-server-selinux can now be installed without complications.
BZ#913175
Prior to this update, the sandbox utility did not accept symbolic links specified in the /etc/sysconfig/sandbox file. Consequently, executing the "sandbox -M" command failed with a "No such file or directory" message. The underlying source code has been modified and symlinks can now be configured in /etc/sysconfig/sandbox without complications.
BZ#916727
Previously, the fixfiles script did not recognize a change in the regular expression describing the /sbin/ip6?tables-multi* files. Consequently, these files were labeled incorrectly after updating the system with the yum update command. With this update, fixfiles has been corrected to accept the change of regular expression.
BZ#918460
Prior to this update, after executing the "semanage boolean -m" command, a traceback was returned. This bug has been fixed and tracebacks are no longer displayed in the aforementioned scenario.
BZ#928320, BZ#947504
Previously, the semanage utility did not allow to set the "none" context on directories and files. Consequently, the following message was displayed when attempting to do so:
/usr/sbin/semanage: Type none is invalid, must be a file or device type
This bug has been fixed, and it is now possible to set the "none" context without complications.
BZ#967728
Prior to this update, the "-o" option of the audit2allow command overwrote the contents of the output file instead of just appending the new content. This bug has been fixed, and "audit2allow -o" now works as expected.
BZ#984484
After attempting to enable a SELinux boolean that did not exist, a brief error message was generated. This update modifies this message to be more informative.
BZ#998974
After attempting to permanently change a boolean that did not exist, an incorrect error message was generated. This message has been modified to provide correct information about the cause of the problem.

Enhancement

BZ#916734
This update adds a possibility to exclude selected files when running the restorecon utility, which can significantly reduce execution times.
Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.