- Issued:
- 2013-01-07
- Updated:
- 2013-01-08
RHBA-2013:0060 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix a number of bugs and add various
enhancements are now available for Red Hat Enterprise Linux 5.
Description
The selinux-policy packages contain the rules that govern how confined processes
run on the system.
These updated selinux-policy packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 5.9 Technical Notes for
information on the most significant of these changes:
All users of SELinux are advised to upgrade to these updated packages, which fix
a number of bugs and add various enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 480129 - Error at calling service amavisd restart when SELinux is in enforce mode
- BZ - 682856 - When using postsuper to requeue a message, wrong selinux context is applied to /var/spool/postfix/maildrop/$ID
- BZ - 714184 - boolean allow_postfix_local_write_mail_spool has no effect on postfix local mail delivery
- BZ - 738995 - cyrus-imapd downgrade selinux test fail
- BZ - 750588 - Need virt_selinux man page
- BZ - 751385 - SELinux error (setattr) for VM/KVM universe jobs (RHEL5 only)
- BZ - 772205 - RFE: support for proftpd mod_ban
- BZ - 784197 - targeted: cannot stop tog-pegasus service
- BZ - 785076 - SELinux is preventing krb5_child (sssd_t) "write" to ./coolkey (auth_cache_t)
- BZ - 807686 - [RFE] ssh_to_job for VM/Java/Sched/Local universe
- BZ - 810239 - selinux-policy does not always have a correct label for files in /var/log/ which were processed by logrotate before
- BZ - 828122 - SELinux problem telnetd + /sbin/unix_chkpwd
- BZ - 833843 - freeadius2 cannot connect to postgresql due to AVC denial
- BZ - 838511 - service clamd.amavisd cannot access /var/run/amavisd directory
- BZ - 839608 - Extra policy rule required for hplip3 fax support
- BZ - 841178 - SELinux postfix_qmgr_t disabled access to postfix_spool_maildrop_t
- BZ - 842053 - SELinux is preventing semanage (semanage_t) "getattr" to / (fs_t).
- BZ - 843443 - SELinux prevents snmpd (snmpd_t) from writing to /var/run/clumond.sock (ricci_modcluster_var_run_t)
- BZ - 843841 - backport policy for rsyslog v5
- BZ - 848693 - /usr/libexec/sesh is not labelled correctly
- BZ - 848727 - service netplugd restart produces AVCs
- BZ - 849071 - hp3-sendfax caused denial, dbus + hplip
- BZ - 851064 - ptrace AVC denial for freeradius2
- BZ - 851187 - rgmanager's clusvcadm triggers SElinux AVCs avc: denied { read / write } for pid=4598 comm="restorecon" path="pipe:[13296]" dev=pipefs ino=13296 scontext=root:system_r:restorecon_t:s0 tcontext=root:system_r:rgmanager_t:s0 tclass=fifo_file
- BZ - 851658 - SSO: ocsp request from KDC fails in selinux enforce mode, access needs to be allowed by the selinux policy.
- BZ - 852988 - Unexpected AVC because of SELinux denied access by procmail
- BZ - 854194 - SELinux prevents /usr/sbin/snmptrapd (snmpd_t) from connectto operation on /var/agentx/master socket
- BZ - 855324 - AVC denials for openswan when it is started and stopped quickly on freshly booted system
- BZ - 859338 - pulse fails to start IPVS sync daemon
- BZ - 863155 - SELinux prevents swat/net/winbindd from writing to /var/nmbd/unexpected socket
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| x86_64 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
| ia64 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
| i386 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| x86_64 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
| i386 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| x86_64 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
| i386 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| s390x | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| ppc | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| selinux-policy-2.4.6-338.el5.src.rpm | SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21 |
| x86_64 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
| i386 | |
| selinux-policy-2.4.6-338.el5.noarch.rpm | SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f |
| selinux-policy-devel-2.4.6-338.el5.noarch.rpm | SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe |
| selinux-policy-minimum-2.4.6-338.el5.noarch.rpm | SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900 |
| selinux-policy-mls-2.4.6-338.el5.noarch.rpm | SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98 |
| selinux-policy-strict-2.4.6-338.el5.noarch.rpm | SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df |
| selinux-policy-targeted-2.4.6-338.el5.noarch.rpm | SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.