Red Hat Product Errata RHBA-2010:0182 - Bug Fix Advisory
Issued:
2010-03-30
Updated:
2010-03-30

RHBA-2010:0182 - Bug Fix Advisory

Synopsis

selinux-policy bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated selinux-policy packages that fix numerous bugs are now available.

Description

The selinux-policy packages contain the rules that govern how confined
processes run on the system.

These updated selinux-policy packages contain 46 SELinux policy rule
changes and space precludes documenting these changes in this advisory.

For details concerning every one of these rule changes, see the
selinux-policy chapter in the Red Hat Enterprise Linux 5.5 Technical Notes:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technica l_Notes/selinux-policy.html

All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which make these rule changes.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 483395 - SELinux is preventing hpijs (hplip_t) "read write" to socket (cupsd_t).
  • BZ - 492519 - SELinux denies ssh-keygen from system_u:object_r:initrc_exec_t
  • BZ - 503141 - cluster won't start with SELinux enforcing - aisexec sem/shm denials
  • BZ - 510748 - rsync does not work in client mode when launched from an init script
  • BZ - 512375 - SELinux policy missing for Oracle sqlplus 11.1
  • BZ - 515687 - MLS selinux-policy: setkey executed from initrc_t from if{up,down}-ipsec fails to set policies
  • BZ - 519017 - sudo unable to authenticate
  • BZ - 519363 - Selinux by default does not permit setkey_t to read and write files created by initrc_t (initrc_tmp_t)
  • BZ - 519369 - merge policy needed for fastcgi with standard httpd policy
  • BZ - 521284 - Fix instances of #!/usr/bin/env python in selinux-policy-devel
  • BZ - 522158 - Create SELinux policy to support running Cluster Suite
  • BZ - 523548 - SELinux is preventing cyrus-master (cyrus_t) "write" to master (snmpd_var_lib_t).
  • BZ - 523773 - SELinux prevents snmpd from listening on agentx_port_t sockets
  • BZ - 525420 - rpc.rquotad stops working after RHEL 5.4 upgrade due to avc denied errors
  • BZ - 526640 - update of udev causes udevd to change the context
  • BZ - 530750 - (selinux) spamassassin can't read from /var/lib/spamassassin/
  • BZ - 530809 - remove of temporary hack in kernel_sendrecv_unlabeled_association
  • BZ - 531230 - Real Time Kernel supports SELinux options not available in policy
  • BZ - 532565 - matchpathcon_filespec_add: conflicting specifications for /sbin/e4fsck and /sbin/fsck.ext4dev
  • BZ - 537106 - Openswan can't write to /var/log/pluto.log file
  • BZ - 537133 - Openswan FIPS-140 work blocked by AVCs
  • BZ - 543941 - The new vhostmd daemon is running under 'initrc_t' context & triggering AVC logs
  • BZ - 545369 - strict policy blocks 'racoonctl show-sa ipsec' in enforcing mode
  • BZ - 546604 - MLS policy: iptables service does not start
  • BZ - 547387 - SELinux denies smartd access to /dev/sg*
  • BZ - 548599 - Login to iSCSI target with bnx2i interface fails due to selinux denial
  • BZ - 549492 - Multiple different specifications for /var/vdsm(/.*)?
  • BZ - 550015 - CUPS policy update for System V style interface scripts
  • BZ - 551063 - selinux prevents postgresql-test regression tests from succeeding
  • BZ - 551664 - The detailed description requests that I report this bug. I have no idea what the bug is.
  • BZ - 552763 - SELinux default policy does not allow qemu-kvm (TLS) read access to /dev/random
  • BZ - 553492 - New selinux packages broke Postfix
  • BZ - 554777 - Missing selinux rules/labels for /etc/xen (and possibly other places).
  • BZ - 559355 - allow dhcpc_t net_conf_t relabelfrom for dhclient
  • BZ - 562303 - (beiscsi_module_init():3941):In beiscsi_module_init, tt=ffffffff88591100
  • BZ - 562833 - No selinux log file context for chrooted named
  • BZ - 564376 - service iptables save does not work in MLS
  • BZ - 566557 - cgi scripts on nfs will not run
  • BZ - 566975 - SELinux boolean value ftp_home_dir overrides allow_ftpd_anon_write and correct selinux context

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
x86_64
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f
ia64
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f
i386
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

Red Hat Enterprise Linux Workstation 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
x86_64
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f
i386
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

Red Hat Enterprise Linux Desktop 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
x86_64
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f
i386
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
s390x
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

Red Hat Enterprise Linux for Power, big endian 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
ppc
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

Red Hat Enterprise Linux Server from RHUI 5

SRPM
selinux-policy-2.4.6-279.el5.src.rpm SHA-256: e046ee45f9d233dd3eb1e6f3e445cc3b8b0fda8c1aace1121aada39e871bcfcd
x86_64
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f
i386
selinux-policy-2.4.6-279.el5.noarch.rpm SHA-256: db6528cd485eadefe1d617937b2034ad6f4ed3c42f5515b97a533788602ec32a
selinux-policy-devel-2.4.6-279.el5.noarch.rpm SHA-256: 5aa649d0ef7c74f2d4ad453616eff65cdcca85efc8e50730312779cb3f56a3ad
selinux-policy-minimum-2.4.6-279.el5.noarch.rpm SHA-256: 00c1236743855b1b6654b4f8627b45ea37e6e65708b33733138cf221ce975884
selinux-policy-mls-2.4.6-279.el5.noarch.rpm SHA-256: 40514f6e19e9ce1ae39e66786a50f22fc162bddf27f298d0a3462e8dcac4e8e0
selinux-policy-strict-2.4.6-279.el5.noarch.rpm SHA-256: d87faccfc42d641a0aaebf1d388bd6f2f9f86882d781a8c9ec26b0669ec2d846
selinux-policy-targeted-2.4.6-279.el5.noarch.rpm SHA-256: e95670efdff6eb8769ddc0de1f09b33b388692abaa513066517ca24a52a03d7f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.