- Issued:
- 2021-11-09
- Updated:
- 2021-11-09
RHBA-2021:4420 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for selinux-policy is now available for Red Hat Enterprise Linux
8.
Description
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1797899 - virt-admin failed to connect virtlogd daemon
- BZ - 1801249 - some policy interfaces cannot be compiled
- BZ - 1816718 - Remove Glusterd SELinux module from Distribution policy
- BZ - 1823669 - rsyslog "imfile" module cannot read parent directories of the file to process
- BZ - 1843238 - Need a label created for RHDS tmpfs directory (cont)
- BZ - 1846081 - both rhsm and rhsm-facts services run as unconfined_service_t
- BZ - 1855215 - selinux prevents adcli from executing /usr/bin/net command through sssd
- BZ - 1860924 - SELinux prevents dbus-daemon from reading symlinks in /run/systemd/dynamic-uid directory
- BZ - 1878020 - SELinux is preventing /usr/libexec/platform-python3.6 from search access on the /proc/pid of dnf
- BZ - 1887572 - SELinux prevents rhsmcertd-worker from executing the gpgsm file
- BZ - 1887739 - Any "boot.log" file created on the system gets label plymouthd_var_log_t
- BZ - 1894132 - SELinux prevents 2 programs from accessing /run/lock/opencryptoki/LCK..APIlock
- BZ - 1899703 - [selinux-policy]: Support virtiofs filesystem
- BZ - 1913414 - SELinux is preventing systemd-journal-upload from 'name_connect' accesses on the tcp_socket port 19532
- BZ - 1919253 - Invalid context in database for /var/tmp-inst, should be /var/tmp/tmp-inst
- BZ - 1919399 - SELinux is preventing /usr/lib/cups/daemon/cups-lpd from read access on the sock_file cups.sock
- BZ - 1927551 - SELinux block systemd from running scripts in /usr/lib/systemd/system-sleep
- BZ - 1931460 - SELinux prevents hibernation (preventing systemd-sleep from getattr access to swap partition)
- BZ - 1931848 - selinux-policy prevents ipsec/pluto to work over TCP
- BZ - 1937111 - Add cluster_exec_t default context for /usr/lib/pcs/pcs_snmp_agent
- BZ - 1941464 - SELinux is preventing /usr/sbin/virtlockd from create access on the directory lockd
- BZ - 1947841 - Secure_mode boolean allows staff SELinux user switch to unconfined
- BZ - 1951093 - RFE: Grant rpc.gssd access to $HOME/.k5identity in selinux-policy
- BZ - 1955547 - Allow nnp_transition for init_t -> install_t
- BZ - 1956302 - Confined sysadm users cannot read the content of /etc/shadow, even when using getent
- BZ - 1963162 - SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.818Oxc/systemd-cat.
- BZ - 1965985 - SELinux is preventing kexec from read access on the file /var/lib/kdump/initramfs-*kdump.img
- BZ - 1966842 - SELinux is preventing virtlogd from 'read, append' accesses on the file system.token
- BZ - 1967125 - SELinux is preventing libcap-ng from 'getattr' accesses on the filesystem /proc.
- BZ - 1973325 - Add SELinux support for the checkpoint_restore cap2 class capability
- BZ - 1977676 - SELinux prevents the hostapd from binding to DHCP port
- BZ - 1978562 - [RHEL8.2] avc: denied { add_name } for pid=1416 comm="fcoemon" name="enabled"
- BZ - 1979121 - [RHEL8.5] SELinux is preventing /usr/sbin/lldpad
- BZ - 1979182 - avc: denied { getattr } for comm="systemctl" name="/" on systemctl start cockpit.socket
- BZ - 1994096 - RFE: add patch to set grub boot_success flag on shutdown/reboot
- BZ - 1994718 - Need policy update for rhsmcertd to use new cloud-what implementation
- BZ - 2002666 - SELinux policy for the DBus daemon prevents the Anaconda installer from calling the subscription manager DBus service
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-80.el8.src.rpm | SHA-256: f8bb13fd5063edfa45c8bde646743fbb3b1881e398a3a6b13941936fa8020901 |
| x86_64 | |
| selinux-policy-3.14.3-80.el8.noarch.rpm | SHA-256: 6bde078378d758ca574298032ecbcbb98f80bc68df25273f98705bda74793ebf |
| selinux-policy-devel-3.14.3-80.el8.noarch.rpm | SHA-256: ffa349d259b37692bb7bff6b82aa3ddaf0b54cf91ce6e78acacd20c474f7d936 |
| selinux-policy-doc-3.14.3-80.el8.noarch.rpm | SHA-256: 63cfed969cdfcc579c2a7b35983eeb06579461cac1233ba4296a7d5931d6d59d |
| selinux-policy-minimum-3.14.3-80.el8.noarch.rpm | SHA-256: 0f910302205c57a4de5c256af3703029d2f52032503063972fbc6810e3d8264c |
| selinux-policy-mls-3.14.3-80.el8.noarch.rpm | SHA-256: 407f6ede5ba6b80b625c5f5345ce3f337ba9e3310b939852dbcb435080e83431 |
| selinux-policy-sandbox-3.14.3-80.el8.noarch.rpm | SHA-256: 0f33f562c0a72593b4ffc34b9e66483dcb08bf7ee342dfafbebd39935a2eae50 |
| selinux-policy-targeted-3.14.3-80.el8.noarch.rpm | SHA-256: f5361f959d87ceb9c6fa101c443a20b28c769d5adcd0a0b6fd2bce871204183e |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-80.el8.src.rpm | SHA-256: f8bb13fd5063edfa45c8bde646743fbb3b1881e398a3a6b13941936fa8020901 |
| s390x | |
| selinux-policy-3.14.3-80.el8.noarch.rpm | SHA-256: 6bde078378d758ca574298032ecbcbb98f80bc68df25273f98705bda74793ebf |
| selinux-policy-devel-3.14.3-80.el8.noarch.rpm | SHA-256: ffa349d259b37692bb7bff6b82aa3ddaf0b54cf91ce6e78acacd20c474f7d936 |
| selinux-policy-doc-3.14.3-80.el8.noarch.rpm | SHA-256: 63cfed969cdfcc579c2a7b35983eeb06579461cac1233ba4296a7d5931d6d59d |
| selinux-policy-minimum-3.14.3-80.el8.noarch.rpm | SHA-256: 0f910302205c57a4de5c256af3703029d2f52032503063972fbc6810e3d8264c |
| selinux-policy-mls-3.14.3-80.el8.noarch.rpm | SHA-256: 407f6ede5ba6b80b625c5f5345ce3f337ba9e3310b939852dbcb435080e83431 |
| selinux-policy-sandbox-3.14.3-80.el8.noarch.rpm | SHA-256: 0f33f562c0a72593b4ffc34b9e66483dcb08bf7ee342dfafbebd39935a2eae50 |
| selinux-policy-targeted-3.14.3-80.el8.noarch.rpm | SHA-256: f5361f959d87ceb9c6fa101c443a20b28c769d5adcd0a0b6fd2bce871204183e |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-80.el8.src.rpm | SHA-256: f8bb13fd5063edfa45c8bde646743fbb3b1881e398a3a6b13941936fa8020901 |
| ppc64le | |
| selinux-policy-3.14.3-80.el8.noarch.rpm | SHA-256: 6bde078378d758ca574298032ecbcbb98f80bc68df25273f98705bda74793ebf |
| selinux-policy-devel-3.14.3-80.el8.noarch.rpm | SHA-256: ffa349d259b37692bb7bff6b82aa3ddaf0b54cf91ce6e78acacd20c474f7d936 |
| selinux-policy-doc-3.14.3-80.el8.noarch.rpm | SHA-256: 63cfed969cdfcc579c2a7b35983eeb06579461cac1233ba4296a7d5931d6d59d |
| selinux-policy-minimum-3.14.3-80.el8.noarch.rpm | SHA-256: 0f910302205c57a4de5c256af3703029d2f52032503063972fbc6810e3d8264c |
| selinux-policy-mls-3.14.3-80.el8.noarch.rpm | SHA-256: 407f6ede5ba6b80b625c5f5345ce3f337ba9e3310b939852dbcb435080e83431 |
| selinux-policy-sandbox-3.14.3-80.el8.noarch.rpm | SHA-256: 0f33f562c0a72593b4ffc34b9e66483dcb08bf7ee342dfafbebd39935a2eae50 |
| selinux-policy-targeted-3.14.3-80.el8.noarch.rpm | SHA-256: f5361f959d87ceb9c6fa101c443a20b28c769d5adcd0a0b6fd2bce871204183e |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-80.el8.src.rpm | SHA-256: f8bb13fd5063edfa45c8bde646743fbb3b1881e398a3a6b13941936fa8020901 |
| aarch64 | |
| selinux-policy-3.14.3-80.el8.noarch.rpm | SHA-256: 6bde078378d758ca574298032ecbcbb98f80bc68df25273f98705bda74793ebf |
| selinux-policy-devel-3.14.3-80.el8.noarch.rpm | SHA-256: ffa349d259b37692bb7bff6b82aa3ddaf0b54cf91ce6e78acacd20c474f7d936 |
| selinux-policy-doc-3.14.3-80.el8.noarch.rpm | SHA-256: 63cfed969cdfcc579c2a7b35983eeb06579461cac1233ba4296a7d5931d6d59d |
| selinux-policy-minimum-3.14.3-80.el8.noarch.rpm | SHA-256: 0f910302205c57a4de5c256af3703029d2f52032503063972fbc6810e3d8264c |
| selinux-policy-mls-3.14.3-80.el8.noarch.rpm | SHA-256: 407f6ede5ba6b80b625c5f5345ce3f337ba9e3310b939852dbcb435080e83431 |
| selinux-policy-sandbox-3.14.3-80.el8.noarch.rpm | SHA-256: 0f33f562c0a72593b4ffc34b9e66483dcb08bf7ee342dfafbebd39935a2eae50 |
| selinux-policy-targeted-3.14.3-80.el8.noarch.rpm | SHA-256: f5361f959d87ceb9c6fa101c443a20b28c769d5adcd0a0b6fd2bce871204183e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.