Issued:: 2011-07-21
Updated:: 2011-07-21

RHBA-2011:1069 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

selinux-policy bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated selinux-policy packages that fix several bugs and add two enhancements
are now available for Red Hat Enterprise Linux 5.

Description

The selinux-policy packages contain the rules that govern how confined processes
run on the system.

These updated selinux-policy packages include a number of bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/selinux-policy.html#RHBA-2011-1069

All users of SELinux are advised to upgrade to these updated packages, which
provide numerous bug fixes and enhancements.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 610812 - SELinux Policy does not allow freeradius2 to disable core dumps
BZ - 632573 - AVC on yum install, change policy to dontaudit
BZ - 651609 - clustat denied bind to hi_reserved_port_t
BZ - 657571 - MLS policy prevents modprobe from calling signull ...
BZ - 662677 - programs resolving a NetBIOS name can't access /var/cache/samba/unexpected.tdb
BZ - 663016 - syntax error in /usr/share/selinux/devel/include/apps/thunderbird.if
BZ - 664684 - init_write_script_pipes(load_policy_t)
BZ - 666513 - /var/spool/rsyslog is missing and no selinux policy for this dir
BZ - 667692 - selinux doesn't allow samba utmp = yes
BZ - 672289 - selinux blocks samba from creating /etc/krb5.keytab
BZ - 672540 - SELinux avc's for /var/lib/sss/pipes/nss
BZ - 674452 - selinux blocks rsyslogd from opening more file descriptors
BZ - 674689 - pyzor with nfs home directories
BZ - 678496 - ipvsadm pulse and selinux don't play well
BZ - 689736 - MLS in single-user mode: /var/lock/lvm: setfscreatecon failed: Permission denied
BZ - 689960 - openswan debugging facility which allows coredumps in case of problems is broken by selinux policy dontaudit
BZ - 692811 - SELinux prevents pxe installation to work
BZ - 693723 - /dev/random inaccessible by ssh-keygen (copy from 693420)
BZ - 694865 - pyzor denied reading system config dir
BZ - 697804 - SELinux denies any SCTP communication
BZ - 698043 - SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
BZ - 698257 - named cannot update logs in chroot
BZ - 703072 - file labelling inconsistencies
BZ - 703458 - enforcing MLS: lsusb leads to AVCs
BZ - 703482 - enforcing MLS -- AVCs appear when running "kpartx -v /dev/sda"
BZ - 703714 - openais service causes AVCs
BZ - 704121 - SELinux is preventing ntpd (ntpd_t) "write" to nss (sssd_var_lib_t)
BZ - 704690 - syslog-ng 3.x SELinux violations
BZ - 706005 - SELinux is preventing restorecond (restorecond_t) "write" to nss (sssd_var_lib_t).
BZ - 707101 - selinux prevents clamav-milter from running
BZ - 707139 - SELinux killing Apache Worker MPM
BZ - 707969 - avc: denied { signal } for ... comm="ccsd" scontext=root:system_r:ccs_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
BZ - 708986 - enforcing MLS: root (sysadm_r or secadm_r) cannot run ssh-keygen
BZ - 709045 - single-user mode, enforcing MLS: sh: /usr/bin/crontab: Permission denied
BZ - 709080 - enforcing MLS: lvmdump causes AVCs
BZ - 711020 - samba, sys_admin capability AVC denial
BZ - 711725 - Are iprinit, iprdump and iprupdate services supported in MLS policy ?
BZ - 711794 - enforcing MLS: user_u and staff_u cannot run ssh-keygen
BZ - 712363 - pulse: cannot create heartbeat socket
BZ - 713078 - SELinux is preventing krb5_child (sssd_t) "search" to ./home (home_root_t)
BZ - 713797 - avc: denied { name_connect } for ... comm="clustat" dest=50006 scontext=...:ricci_modclusterd_t:s0 tcontext=...:cluster_port_t:s0 tclass=tcp_socket
BZ - 714960 - SELinux is preventing the krb5_child from using potentially mislabeled files (./.k5login).

CVEs

(none)

References

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/selinux-policy.html#RHBA-2011-1069

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
x86_64
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
ia64
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
i386
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

Red Hat Enterprise Linux Workstation 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
x86_64
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
i386
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

Red Hat Enterprise Linux Desktop 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
x86_64
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
i386
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
s390x
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

Red Hat Enterprise Linux for Power, big endian 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
ppc
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

Red Hat Enterprise Linux Server from RHUI 5

SRPM
selinux-policy-2.4.6-316.el5.src.rpm	SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
x86_64
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
i386
selinux-policy-2.4.6-316.el5.noarch.rpm	SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm	SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm	SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm	SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm	SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm	SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation