Issued:
2009-09-02
Updated:
2009-09-02

RHBA-2009:1242 - Bug Fix Advisory

Synopsis

selinux-policy bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated selinux-policy packages that fix several bugs are now available.

Description

The selinux-policy packages contain the rules that govern how confined
processes run on the system.

These updated packages resolve several bugs in Security-Enhanced Linux
(SELinux) policy as shipped with Red Hat Enterprise Linux 5. The majority
of these bugs resulted in SELinux denying legitimate access.

Refer to the Red Hat Enterprise Linux 5.4 Technical Notes for detailed
documentation on the bug fixes applied by this update. A link to
the section for this selinux-policy update is in the "References" below.

All users are advised to upgrade to these updated packages, which resolve
these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 429726 - Allow samba to change unix passwords
  • BZ - 475562 - SELinux is preventing perl (logwatch_t) "write" to ./services (etc_t).
  • BZ - 477123 - Typo errors in man pages
  • BZ - 479819 - postgrey avc: denied socket connection
  • BZ - 480943 - SELinux is preventing nm-system-setti after update to 5.3
  • BZ - 481387 - selinux prevents "getattr" and "execute"
  • BZ - 481628 - AVCs for system_dbusd_t -> [ hal_t, unconfined_t
  • BZ - 481706 - SELinux is preventing automount (automount_t) "signal" to <Unknown> (mount_t).
  • BZ - 483173 - SELinux prevents nm-system-setti (system_dbusd_t) "getsched"
  • BZ - 484146 - setsebool -P samba_enable_home_dirs=1 is not completely effective.
  • BZ - 485078 - Wrong security context for sysstat package
  • BZ - 485107 - Cannot execute spamc from procmail
  • BZ - 485111 - samba not able to access users' public_html directory
  • BZ - 486187 - RHEL-5.3 selinux-policy broke spamassassin
  • BZ - 486354 - Cannot boot RHEL5.3 with strict enforcing selinux
  • BZ - 486965 - cannot open matlab on redhat EL 5.3, unless I override / change selinux settings
  • BZ - 487021 - Selinux prevents Samba from rotating log files.
  • BZ - 489899 - selinux-policy: allow dbus to domain_read_all_domains_state [rhel-5.4]
  • BZ - 490024 - nscd_t needs search permissions on sbin_t
  • BZ - 492567 - restorecon breaks selinux contexts in /var/named/chroot/proc (which is bind mounted to /proc so breaks that too)
  • BZ - 495010 - SELinux is preventing /sbin/restorecon (restorecon_t) "read" to inotify (inotifyfs_t).
  • BZ - 496867 - SELinux issue causing libvirtd launched dnsmasq to fail
  • BZ - 497168 - updated openswan package creating AVCs
  • BZ - 497273 - Comming autofs update needs Selinux policy update
  • BZ - 498596 - selinux-policy-targeted blocking amanda client operation
  • BZ - 499249 - [RHEL5.4] selinux AVC: denials when trying to start a xen guest
  • BZ - 499691 - SELinux is preventing hp (hplip_t) "read write" to socket (cupsd_t).
  • BZ - 499701 - spamassassin spamd dies because of SElinux when it is HUP(ed)
  • BZ - 499888 - selinux denials when migration tests over ssh is being done:
  • BZ - 500392 - Problems with clamav-milter 0.95.1
  • BZ - 500395 - selinux-policy: setkey executed from initrc_t from if{up,down}-ipsec fails to set policies
  • BZ - 502182 - error installing selinux-policy-minimum: could not read file 'unconfined.pp'
  • BZ - 504238 - kvm guest installations are failing with selinux-policy-targeted < 2.4.6-245.el5
  • BZ - 504738 - Packets are lost when transfer from bridge to physical nic
  • BZ - 504805 - selinux is denying cyrus-master from binding the mupdate port
  • BZ - 504872 - SELinux targetted policy blocks VMWare-hgfsmounter from mounting shared disks.
  • BZ - 506057 - iscsid generates lots of AVC messages
  • BZ - 507712 - Selinux directed me to report this bug -- pasted Selinux information below
  • BZ - 508348 - selinux policy blocks postgresql dblink_connect
  • BZ - 511143 - selinux policy allows addr 0 mappings by default
  • BZ - 511359 - avcs when running pluto with selinux in enforcing mode
  • BZ - 511927 - SELinux: should automount have access to winbind pipe?
  • BZ - 512301 - Multiple different specifications for /var/vdsm(/.*)?
  • BZ - 513208 - VDSM selinux context errors

CVEs

(none)

References

Red Hat Enterprise Linux Server 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
x86_64
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b
ia64
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b
i386
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

Red Hat Enterprise Linux Workstation 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
x86_64
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b
i386
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

Red Hat Enterprise Linux Desktop 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
x86_64
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b
i386
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
s390x
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

Red Hat Enterprise Linux for Power, big endian 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
ppc
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

Red Hat Enterprise Linux Server from RHUI 5

SRPM
selinux-policy-2.4.6-255.el5.src.rpm SHA-256: ffc89cc6926b662695527b31e75ace4e72cdd76280c17517b5ae01e939429c19
x86_64
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b
i386
selinux-policy-2.4.6-255.el5.noarch.rpm SHA-256: 5d19e1032163e30ab133797901b77f6c966c6b5bea9bc8709b65e73e0b70c072
selinux-policy-devel-2.4.6-255.el5.noarch.rpm SHA-256: 51b5287cc86174be8c52c37d99708029570514f5acd0fd92e8e1c4a0e34a1639
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm SHA-256: 5bd129b68b3791b45026927461019ede55af1ca54ef7014890f14b384c575063
selinux-policy-mls-2.4.6-255.el5.noarch.rpm SHA-256: e9be1687f5114c780dfe5aae5e5f9ea50644440937fa853576cdd615843798c9
selinux-policy-strict-2.4.6-255.el5.noarch.rpm SHA-256: 08a45cdd255222866d1937144b1c69bb8a21179abd47a15a0e8891c072196447
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm SHA-256: 149705b51643ee997b58f45ebc9bf7746683f5b78dfdc9c883e724ff969f812b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.