Updated selinux-policy packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The selinux-policy packages contain the rules that govern how confined processes run on the system.
- BZ#1198047, BZ#1198057, BZ#1198060, BZ#1198064, BZ#1198071, BZ#1198077, BZ#1198165, BZ#1202935, BZ#1203756, BZ#1207140, BZ#1212729
- When the /etc/nsswitch.conf file was modified so that the SSSD service was used for various lookups, certain services were not able to communicate with SSSD due to insufficient SELinux policy rules. With this update, the SELinux policy has been modified to allow the services to work as expected in this situation.
- BZ#1198436, BZ#1215632, BZ#1228197, BZ#1228197, BZ#1219317, BZ#1221929
- With this update, SELinux policy rules for the glusterd, ctdbd, samba, and nagios services have been fixed to allow the Gluster layer product to work with SELinux properly.
- When writing SELinux policy rules that allow random services to read or execute general files located, for example, in the /etc/ or /usr/ directories, policy writers had to add additional rules for each service. These updated selinux-policy packages introduce the new "base_ro_file_type" and "base_file_type" SELinux attributes, which policy writers can use to declare global rules against a rule per service.
Users of selinux-policy are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.