红帽产品勘误 RHBA-2022:7691 - Bug Fix Advisory
发布:
2022-11-08
已更新:
2022-11-08

RHBA-2022:7691 - Bug Fix Advisory

概述

selinux-policy bug fix and enhancement update

类型/严重性

Bug Fix Advisory

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for selinux-policy is now available for Red Hat Enterprise Linux 8.

描述

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

解决方案

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

修复

  • BZ - 1721943 - SELinux is preventing /usr/sbin/ip from write access on the file /var/log/vmware-imc/toolsDeployPkg.log
  • BZ - 1852086 - allow rhsmcertd_t var_log_t:dir add_name and :file create
  • BZ - 1897517 - php-fpm can't write into redis' socket
  • BZ - 2008033 - SELinux is preventing to use vrrp_rt_priority of keepalived(RHEL8.4).
  • BZ - 2059509 - dhcpd cannot read /proc/sys/net/ipv4/ip_local_port_range
  • BZ - 2060721 - SELinux prevents sssd from using the inotify_add_watch syscall on the /run/systemd/resolve directory
  • BZ - 2060834 - "systemctl start insights-client" broken
  • BZ - 2062607 - AVC denied for chronyd socket [rhel-8.7.0]
  • BZ - 2063195 - insights-client-results.service gets selinux denials and permission denied
  • BZ - 2063871 - AVC lldpad denied sendto scontext=system_u:system_r:lldpad_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_dgram_socket
  • BZ - 2066005 - SELinux is preventing /usr/libexec/postfix/lmtp from write access on the sock_file lmtp.
  • BZ - 2068007 - SELinux is preventing hostapd from 'sendto' accesses on the unix_dgram_socket /tmp/wpa_ctrl_439937-1. [rhel-8.7.0]
  • BZ - 2073349 - SELinux prevents the ntlm_auth process from reading the /proc/net/unix file
  • BZ - 2075810 - sblim-sfcbd daemon cannot connect to reposd unix socket
  • BZ - 2076641 - rhel8.7: SELinux rules for rng-tools
  • BZ - 2081907 - SELinux prevents audisp-remote to send message
  • BZ - 2083504 - samba-dcerpcd and samba rpcd programs need selinux-policy permissions
  • BZ - 2083940 - SELinux is preventing privoxy from using the 'execmem' accesses on a process.
  • BZ - 2087069 - After upgrading system to RHEL 8.6, insights-client fails to run when it's triggered via systemd
  • BZ - 2090800 - SELinux is preventing ss from nlmsg_read access on the netlink_tcpdiag_socket labeled ctdbd_t
  • BZ - 2096825 - ipa trust-add fails due to a missing SELinux policy for samba-dcerpcd
  • BZ - 2098189 - SELinux prevents the keepalived process from reading the /sys/devices/system/cpu/ directory
  • BZ - 2104913 - insights-client raises SELinux issues
  • BZ - 2108383 - selinux-policy AVC during "mount -t cifs"
  • BZ - 2117199 - RHEL8.7 AVC during ipa trust-add
  • BZ - 2118628 - [RHEL8] chronyd not allowed to bind to PTP event port
  • BZ - 2119472 - Mode default differs for /var/lib/sepolgen/interface_info provided by selinux-policy-devel
  • BZ - 2119507 - insights-client fails to execute additional services

CVE

(none)

Red Hat Enterprise Linux for x86_64 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
s390x
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
s390x
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for Power, little endian 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for ARM 64 8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
aarch64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
aarch64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
ppc64le
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
selinux-policy-3.14.3-108.el8.src.rpm SHA-256: 462e3adcd58898007a9fb71f994fbfa1493bd4ad91bba166810bc28850eca493
x86_64
selinux-policy-3.14.3-108.el8.noarch.rpm SHA-256: f096e19f0725062d390b557e28b3e04449d45c8635246171e015357b928218b3
selinux-policy-devel-3.14.3-108.el8.noarch.rpm SHA-256: 025caba6147bb95c8e52a72243a79896ce1353021d1013c04c658d8b4ba6cdfa
selinux-policy-doc-3.14.3-108.el8.noarch.rpm SHA-256: a7106adec64928045dfcb858a94663c7c7b2406e39910168b2c8154ea22f8fd1
selinux-policy-minimum-3.14.3-108.el8.noarch.rpm SHA-256: b591e1cf901234bc5f1779b973c9f6ea9012121b1c9e5361eccf6db2cbc39821
selinux-policy-mls-3.14.3-108.el8.noarch.rpm SHA-256: 95d29d908add32091c6a14b57bcee2eec55d5e41d149066e94955512a54cbc5a
selinux-policy-sandbox-3.14.3-108.el8.noarch.rpm SHA-256: 6544b0cc7a1f8ed972c95ff78623df6a50581b865841a173c3b9289812511216
selinux-policy-targeted-3.14.3-108.el8.noarch.rpm SHA-256: a5a3efebdb4fd22edaa51a1ae737ef5801c8a8b6f87fb0891dd2ed93d55876f5

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/