Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

7.193. selinux-policy

Updated selinux-policy packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The selinux-policy packages contain the rules that govern how confined processes run on the system.

Bug Fixes

BZ#1198047, BZ#1198057, BZ#1198060, BZ#1198064, BZ#1198071, BZ#1198077, BZ#1198165, BZ#1202935, BZ#1203756, BZ#1207140, BZ#1212729
When the /etc/nsswitch.conf file was modified so that the SSSD service was used for various lookups, certain services were not able to communicate with SSSD due to insufficient SELinux policy rules. With this update, the SELinux policy has been modified to allow the services to work as expected in this situation.
BZ#1198436, BZ#1215632, BZ#1228197, BZ#1228197, BZ#1219317, BZ#1221929
With this update, SELinux policy rules for the glusterd, ctdbd, samba, and nagios services have been fixed to allow the Gluster layer product to work with SELinux properly.

Enhancement

BZ#1153712
When writing SELinux policy rules that allow random services to read or execute general files located, for example, in the /etc/ or /usr/ directories, policy writers had to add additional rules for each service. These updated selinux-policy packages introduce the new "base_ro_file_type" and "base_file_type" SELinux attributes, which policy writers can use to declare global rules against a rule per service.
Users of selinux-policy are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.