- Issued:
- 2010-03-30
- Updated:
- 2010-03-30
RHBA-2010:0182 - Bug Fix Advisory
Synopsis
selinux-policy bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix numerous bugs are now available.
Description
The selinux-policy packages contain the rules that govern how confined
processes run on the system.
These updated selinux-policy packages contain 46 SELinux policy rule
changes and space precludes documenting these changes in this advisory.
For details concerning every one of these rule changes, see the
selinux-policy chapter in the Red Hat Enterprise Linux 5.5 Technical Notes:
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technica l_Notes/selinux-policy.html
All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which make these rule changes.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 483395 - SELinux is preventing hpijs (hplip_t) "read write" to socket (cupsd_t).
- BZ - 492519 - SELinux denies ssh-keygen from system_u:object_r:initrc_exec_t
- BZ - 503141 - cluster won't start with SELinux enforcing - aisexec sem/shm denials
- BZ - 510748 - rsync does not work in client mode when launched from an init script
- BZ - 512375 - SELinux policy missing for Oracle sqlplus 11.1
- BZ - 515687 - MLS selinux-policy: setkey executed from initrc_t from if{up,down}-ipsec fails to set policies
- BZ - 519017 - sudo unable to authenticate
- BZ - 519363 - Selinux by default does not permit setkey_t to read and write files created by initrc_t (initrc_tmp_t)
- BZ - 519369 - merge policy needed for fastcgi with standard httpd policy
- BZ - 521284 - Fix instances of #!/usr/bin/env python in selinux-policy-devel
- BZ - 522158 - Create SELinux policy to support running Cluster Suite
- BZ - 523548 - SELinux is preventing cyrus-master (cyrus_t) "write" to master (snmpd_var_lib_t).
- BZ - 523773 - SELinux prevents snmpd from listening on agentx_port_t sockets
- BZ - 525420 - rpc.rquotad stops working after RHEL 5.4 upgrade due to avc denied errors
- BZ - 526640 - update of udev causes udevd to change the context
- BZ - 530750 - (selinux) spamassassin can't read from /var/lib/spamassassin/
- BZ - 530809 - remove of temporary hack in kernel_sendrecv_unlabeled_association
- BZ - 531230 - Real Time Kernel supports SELinux options not available in policy
- BZ - 532565 - matchpathcon_filespec_add: conflicting specifications for /sbin/e4fsck and /sbin/fsck.ext4dev
- BZ - 537106 - Openswan can't write to /var/log/pluto.log file
- BZ - 537133 - Openswan FIPS-140 work blocked by AVCs
- BZ - 543941 - The new vhostmd daemon is running under 'initrc_t' context & triggering AVC logs
- BZ - 545369 - strict policy blocks 'racoonctl show-sa ipsec' in enforcing mode
- BZ - 546604 - MLS policy: iptables service does not start
- BZ - 547387 - SELinux denies smartd access to /dev/sg*
- BZ - 548599 - Login to iSCSI target with bnx2i interface fails due to selinux denial
- BZ - 549492 - Multiple different specifications for /var/vdsm(/.*)?
- BZ - 550015 - CUPS policy update for System V style interface scripts
- BZ - 551063 - selinux prevents postgresql-test regression tests from succeeding
- BZ - 551664 - The detailed description requests that I report this bug. I have no idea what the bug is.
- BZ - 552763 - SELinux default policy does not allow qemu-kvm (TLS) read access to /dev/random
- BZ - 553492 - New selinux packages broke Postfix
- BZ - 554777 - Missing selinux rules/labels for /etc/xen (and possibly other places).
- BZ - 559355 - allow dhcpc_t net_conf_t relabelfrom for dhclient
- BZ - 562303 - (beiscsi_module_init():3941):In beiscsi_module_init, tt=ffffffff88591100
- BZ - 562833 - No selinux log file context for chrooted named
- BZ - 564376 - service iptables save does not work in MLS
- BZ - 566557 - cgi scripts on nfs will not run
- BZ - 566975 - SELinux boolean value ftp_home_dir overrides allow_ftpd_anon_write and correct selinux context
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
x86_64 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
ia64 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
i386 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
x86_64 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
i386 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
x86_64 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
i386 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
s390x | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
ppc | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
selinux-policy-2.4.6-279.el5.src.rpm | SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd |
x86_64 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
i386 | |
selinux-policy-2.4.6-279.el5.noarch.rpm | SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a |
selinux-policy-devel-2.4.6-279.el5.noarch.rpm | SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad |
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm | SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884 |
selinux-policy-mls-2.4.6-279.el5.noarch.rpm | SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0 |
selinux-policy-strict-2.4.6-279.el5.noarch.rpm | SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846 |
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm | SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.