Synopsis
selinux-policy bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for selinux-policy is now available for Red Hat Enterprise Linux 7.
Description
The selinux-policy packages contain the rules that govern how confined processes run on the system.
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Users of selinux-policy are advised to upgrade to these updated packages.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
-
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
-
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
Fixes
-
BZ - 1447278
- Missing or incomplete SELinux policy for Let's Encrypt (certbot)
-
BZ - 1475271
- svnserve.te does not support GSSAPI for svnserve_t
-
BZ - 1487350
- SELinux sometimes prevents sec=krb5 mounts
-
BZ - 1491585
- Allow /usr/sbin/abrt-harvest-vmcore capabilities for /var/crash
-
BZ - 1511489
- selinux: ganesha.nfsd run in unconfined domain
-
BZ - 1535109
- gpg-agent does not work when user is confined (user_u or staff_u)
-
BZ - 1558121
- not able to install vms on rhel 7.4 with selinux mls enabled
-
BZ - 1558836
- Permission denied error with Posix Ceph backend
-
BZ - 1584335
- rpm has an inconsistent mode for /etc/selinux/targeted/active/policy.linked
-
BZ - 1589086
- SELinux policy (daemons) changes required for package: bolt
-
BZ - 1601525
- Unlabelled device cause scap rule failure
-
BZ - 1607798
- watchdog.d and fence_mpath python script
-
BZ - 1608514
- Re-declaration of type entropyd_t error during update of selinux-policy-targeted
-
BZ - 1618757
- chronyc cannot write to pipe (socket when executed from ksh)
-
BZ - 1619306
- IO error and AVC denial when creating snapshot using snapper tool
-
BZ - 1623942
- fcontext missing for mysqld_safe_helper
-
BZ - 1628247
- ganesha.nfsd running as nfsd_t triggers SELinux denials
-
BZ - 1630318
- neutron-openvswitch-agent crashes on RHEL 7.6 Beta with SELinux enabled
-
BZ - 1630347
- SELinux is preventing /usr/bin/qemu-ga from read access on the file dev.
-
BZ - 1631814
- rpm macro %selinux_set_booleans requires selinux-policy-targeted installed
-
BZ - 1637416
- RHVH 4.2.7: AVC denied errors (getattr) in audit.log after register to engine
-
BZ - 1640528
- On RHEL 7.6 Undercloud installation fails on nova-api: sudo in nova-rootwrap blocked by SELinux
-
BZ - 1646521
- firefox cannot run in SELinux sandbox
-
BZ - 1650909
- tangd.socket cannot bind to port 5910
-
BZ - 1653309
- Nagios nrpe checks using sudo stopped working after update to RHEL 7.6
-
BZ - 1655493
- On an AWS t3.micro instance SELinux gives errors for NVM devices
-
BZ - 1656814
- [VMware][RHEL 7.6][open-vm-tools]vmtools is not able to execute the sudo command rapidly
-
BZ - 1663092
- qemu-ga command guest-get-fsinfo isn't allowed read access
-
BZ - 1667962
- ipa-client blocked by SELinux in user context
-
BZ - 1671132
- sbd daemon is not allowed to write/append to the /proc/sysrq-trigger
-
BZ - 1676810
- Selinux prevents ModemManager when writing /sys
-
BZ - 1683013
- SELinux is preventing gnome-session-c from 'map' accesses on the chr_file /dev/nvidiactl
-
BZ - 1683754
- bind cannot access /proc/sys/net/ipv4/ip_local_port_range
-
BZ - 1687452
- sudo'ing from confined staff_u user takes 25 seconds (d-bus timeout) then succeeds
-
BZ - 1695342
- SELinux is preventing rhsmcertd-worke from open access on the file /var/log/yum.log
-
BZ - 1703573
- selinux denial against "rhsmcertd-worke"r for "/var/log/yum.log" and "syspurpose.json"
-
BZ - 1715088
- Observing "nsm_connect :NLM :CRIT :connect to statd failed: RPC: Unknown protocol" related failure message in ganesha.log everytime on new setup and ganesha service restart
-
BZ - 1716400
- [samba-selinux] CTDB unable to start due to SELinux AVC denial messages
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| x86_64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| x86_64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Workstation 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| x86_64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Desktop 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| x86_64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux for IBM z Systems 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| s390x |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux for Power, big endian 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| ppc64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux for Scientific Computing 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| x86_64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux for Power, little endian 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| ppc64le |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| s390x |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| ppc64 |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7
| SRPM |
|
selinux-policy-3.13.1-252.el7.src.rpm
|
SHA-256: 52a6db538c2d698eac6b8d3253598bb3f69de786c93dd8f20f54ee06dbe0c5c3 |
| ppc64le |
|
selinux-policy-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2578235f522bddc930e1b2535ff908c0f7953637ef5c97d5207524546778f683 |
|
selinux-policy-devel-3.13.1-252.el7.noarch.rpm
|
SHA-256: 2bce884f2d30ddf92cff0263e193c9b4a21a7c0e1d0dc9d41a0476fa6baeabee |
|
selinux-policy-doc-3.13.1-252.el7.noarch.rpm
|
SHA-256: f1d7f36d4f4c0a9cbb088b1fdd0468daf2865157d9bffdb70ef3dbb323a99a37 |
|
selinux-policy-minimum-3.13.1-252.el7.noarch.rpm
|
SHA-256: f9583336a2a533af546665317ee5aea176306eddfa13a7e8dc9eaa960bcdddf1 |
|
selinux-policy-mls-3.13.1-252.el7.noarch.rpm
|
SHA-256: 348f5c9d6841fdcd4d7061bb6ccb1b0c829920c09ee126a810d20478428662b6 |
|
selinux-policy-sandbox-3.13.1-252.el7.noarch.rpm
|
SHA-256: 213ce7e22a7d6fc4a22d3dcb03d0b95b6cc8fba57097e2a056bfd923ae8e7ba9 |
|
selinux-policy-targeted-3.13.1-252.el7.noarch.rpm
|
SHA-256: 4c8f9be1273ceda984df1d79e7bc925ce866438dbe5be391c783d0852308ad8d |
