Issued:: 2022-11-08
Updated:: 2022-11-08

RHBA-2022:7691 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

selinux-policy bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for selinux-policy is now available for Red Hat Enterprise Linux 8.

Description

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

BZ - 1721943 - SELinux is preventing /usr/sbin/ip from write access on the file /var/log/vmware-imc/toolsDeployPkg.log
BZ - 1852086 - allow rhsmcertd_t var_log_t:dir add_name and :file create
BZ - 1897517 - php-fpm can't write into redis' socket
BZ - 2008033 - SELinux is preventing to use vrrp_rt_priority of keepalived(RHEL8.4).
BZ - 2059509 - dhcpd cannot read /proc/sys/net/ipv4/ip_local_port_range
BZ - 2060721 - SELinux prevents sssd from using the inotify_add_watch syscall on the /run/systemd/resolve directory
BZ - 2060834 - "systemctl start insights-client" broken
BZ - 2062607 - AVC denied for chronyd socket [rhel-8.7.0]
BZ - 2063195 - insights-client-results.service gets selinux denials and permission denied
BZ - 2063871 - AVC lldpad denied sendto scontext=system_u:system_r:lldpad_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket
BZ - 2066005 - SELinux is preventing /usr/libexec/postfix/lmtp from write access on the sock_file lmtp.
BZ - 2068007 - SELinux is preventing hostapd from 'sendto' accesses on the unix_dgram_socket /tmp/wpa_ctrl_439937-1. [rhel-8.7.0]
BZ - 2073349 - SELinux prevents the ntlm_auth process from reading the /proc/net/unix file
BZ - 2075810 - sblim-sfcbd daemon cannot connect to reposd unix socket
BZ - 2076641 - rhel8.7: SELinux rules for rng-tools
BZ - 2081907 - SELinux prevents audisp-remote to send message
BZ - 2083504 - samba-dcerpcd and samba rpcd programs need selinux-policy permissions
BZ - 2083940 - SELinux is preventing privoxy from using the 'execmem' accesses on a process.
BZ - 2087069 - After upgrading system to RHEL 8.6, insights-client fails to run when it's triggered via systemd
BZ - 2090800 - SELinux is preventing ss from nlmsg_read access on the netlink_tcpdiag_socket labeled ctdbd_t
BZ - 2096825 - ipa trust-add fails due to a missing SELinux policy for samba-dcerpcd
BZ - 2098189 - SELinux prevents the keepalived process from reading the /sys/devices/system/cpu/ directory
BZ - 2104913 - insights-client raises SELinux issues
BZ - 2108383 - selinux-policy AVC during "mount -t cifs"
BZ - 2117199 - RHEL8.7 AVC during ipa trust-add
BZ - 2118628 - [RHEL8] chronyd not allowed to bind to PTP event port
BZ - 2119472 - Mode default differs for /var/lib/sepolgen/interface_info provided by selinux-policy-devel
BZ - 2119507 - insights-client fails to execute additional services

CVEs

(none)

References

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
s390x
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
s390x
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for Power, little endian 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for ARM 64 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
aarch64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
aarch64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm	SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm	SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm	SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm	SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm	SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm	SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm	SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm	SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation