- Issued:
- 2011-01-12
- Updated:
- 2011-01-12
RHBA-2011:0026 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix several bugs and add an enhancement are
now available for Red Hat Enterprise Linux 5.
Description
The selinux-policy packages contain the rules that govern how confined processes
run on the system.
This update fixes several bugs and adds an enhancement. Documentation for these
bug fixes and this enhancement will be available shortly from
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/index.html
All users of selinux-policy are advised to upgrade to these updated packages,
which resolve these issues, and add this enhancement.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 477103 - Addition to online release notes: re rhel4ws -> rhel5AS oo.o upgrade
- BZ - 514506 - SELinux is preventing httpd from loading /usr/lib64/libnnz11.so which requires text relocation.
- BZ - 525859 - samba trying to access /var/lib/mysql on a separate file system and blocked by SELinux
- BZ - 551380 - Need additional support for prelude
- BZ - 570481 - SELinux policy should include a Boolean for MSSQL
- BZ - 571319 - Spamassassin is denied operations
- BZ - 575203 - selinux denies ssh-keygen -f /root/.ssh/id_rsa when run from /etc/init.d directory
- BZ - 576059 - SELinux is preventing sh (pptp_t) "read" to ./meminfo (proc_t). So, VPN connection fails
- BZ - 578187 - BIND 9.7 request - SELinux policy needs to be updated
- BZ - 579105 - SELinux denies access for mod_auth_pam
- BZ - 579497 - Regression: After upgrade from RHEL 5.4 to RHEL 5.5, xendomains doesn't autostart domUs due to selinux trouble
- BZ - 579547 - dontaudit snmpd_t write to removable_device_t
- BZ - 584447 - ipvsadm/piranha does not work with SELinux enabled
- BZ - 588902 - SELinux is preventing sh (fenced_t) "execute" to ./bash (shell_exec_t).
- BZ - 591975 - SELinux denies write and read to socket during openswan connection
- BZ - 592752 - Postfix can't chroot
- BZ - 592805 - SELinux is preventing vsftpd from writing files/dirs inside ~/public_html/
- BZ - 593139 - Rsyslog-gnutls with selinux enabled fails
- BZ - 598646 - Targeted policy - Kerberos ticket cache access by winbind, gss is broken.
- BZ - 612823 - SELinux denial when trying to create SNMPv3 user
- BZ - 613551 - Aisexec cannot mmap and unlink file in /dev/shm and /var/run
- BZ - 614796 - openais selinux settings for qpidd
- BZ - 617763 - xm_t is not able to search dirs with autofs_t
- BZ - 621885 - All Oracle libraries requires textrel_shlib_t
- BZ - 625498 - ftpd_selinux man page anonymous upload does not work
- BZ - 626858 - Policy updates needed for newer HPLIP package
- BZ - 633705 - "postfix set-permissions" fails with SELinux denials
- BZ - 633901 - cmirror triggers AVC denials in RHEL5.5
- BZ - 637182 - RFE : Please would you backport the httpd_setrlimit boolean to RHEL 5
- BZ - 637843 - spamc denials
- BZ - 639259 - Multiple same specifications for /etc/NetworkManager/dispatcher\.d(/.*)
- BZ - 641872 - The selinux-policy-base Provides is not versioned
- BZ - 643824 - Policy prevents postmap if IPV6 is enabled
- BZ - 644276 - The kvm VM can't be started when Passthrough pci device with svirt
- BZ - 644333 - SELinux is preventing /bin/bash "read" access on /home/mark.
- BZ - 646731 - SELinux is preventing admin.cgi (cupsd_t) "create" to 4cc5f04ab180b (print_spool_t).
- BZ - 646801 - SELinux is preventing audisp-remote to halt system for network_failure_action
- BZ - 649492 - smbcontrol cannot ping samba services like smbd, nmbd, winbindd
- BZ - 649691 - iscsiadm actions lead to AVCs
- BZ - 652074 - SELinux policy causes module loading to fail on read-only root filesystems
- BZ - 652199 - selinux prevents winbindd from connecting to port 135
- BZ - 652644 - SELinux is preventing qemu-kvm (svirt_t) "read, write, unlink" to ./kvm.MhzoQ3 (hugetlbfs_t)
- BZ - 652660 - selinux-policy and sa1 command
- BZ - 656290 - udevmonitor cannot create socket if MLS policy is in enforcing mode
- BZ - 656809 - MLS policy -- avc: denied { write } for ... comm="vgchange" name="ram0" dev=tmpfs ...
- BZ - 657262 - udevinfo does not work when MLS policy is in enforcing mode
- BZ - 657268 - udevcontrol does not work when MLS policy is in enforcing mode
- BZ - 657271 - MLS policy: semodule -i / -r ... produces AVCs
- BZ - 657365 - MLS policy: "run_init service cpuspeed start" produces AVC
- BZ - 658145 - AVC denial for write to pipe in prep/post script in rpm
- BZ - 659372 - vbetool causes AVCs when executed in console
- BZ - 661368 - MLS policy prevents modprobe from reading a shm object
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| x86_64 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
| ia64 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
| i386 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| x86_64 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
| i386 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| x86_64 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
| i386 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| s390x | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| ppc | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-300.el5.src.rpm | SHA-256: c482717357cb9d3fc5c8058207a79339a42f6f5afbd75726e65980dc0bdfadd1 |
| x86_64 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
| i386 | |
| selinux-policy-2.4.6-300.el5.noarch.rpm | SHA-256: 2a22908bca6bf4499840ee8b062a1e60c0c09ebef5dd70f8717bfd8a24638479 |
| selinux-policy-devel-2.4.6-300.el5.noarch.rpm | SHA-256: 1beaa431e60e7b1b2bd07d5600a84f5bb0da9ace05293709405c02c809d73051 |
| selinux-policy-minimum-2.4.6-300.el5.noarch.rpm | SHA-256: 58172ad29b7a58a48515bd9dbc45e1f92ceb9e577f545f147a219a66538fd568 |
| selinux-policy-mls-2.4.6-300.el5.noarch.rpm | SHA-256: b779f4d60898c3c362ad05ce26ee3c42c01bb62a3ea03d89b75948d01b4155d3 |
| selinux-policy-strict-2.4.6-300.el5.noarch.rpm | SHA-256: 02161fc1ebf1b8810040d0f66e8bdbcee021f921f6b2308ad3dc430dfb852bbb |
| selinux-policy-targeted-2.4.6-300.el5.noarch.rpm | SHA-256: df85a7a40b22a0f51bc5ee5a665260db0d2c460d5aa689b13279839af1e6116b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.