- Issued:
- 2023-11-14
- Updated:
- 2023-11-14
RHBA-2023:7091 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for selinux-policy is now available for Red Hat Enterprise Linux 8.
Description
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2004843 - SELinux is preventing executing svnserve's hooks
- BZ - 2093355 - AVCs when trying to execute a command through qemu-ga ("guest-exec" command)
- BZ - 2160000 - SNMP OIDs 1.3.6.1.2.1.25.3.6 (hrDiskStorageTable) and 1.3.6.1.2.1.25.3.7 (hrPartitionTable) not working with SELinux enforcing
- BZ - 2165752 - SELinux policy prevents sendmail_t from performing Cyrus IMAP mail delivery
- BZ - 2167731 - sos command running under wrong context
- BZ - 2172541 - pam_cap fails due to missing rule
- BZ - 2173289 - ipa-healthcheck cannot be executed by system cronjobs (system_cronjob_t)
- BZ - 2177254 - systemd's SIGPIPE masking is not inherited by services
- BZ - 2177607 - [RHEL8.6/Insights/SELinux/Bug] AVC Compliance irq with selinux-policy-3.14.3-95.el8_6.6
- BZ - 2177704 - Cannot add smartcard key to SSH agent when user is confined
- BZ - 2183351 - SELinux prevents the insights-client service from executing the ipcs command
- BZ - 2185158 - [RHEL8.7/Insights/SELinux/Bug] Insights-client SELinux AVC denials for python3 and teamdctl
- BZ - 2196524 - hostnamectl and timedatectl are timeouting when running through cluster_t context
- BZ - 2207819 - In selinux-policy-3.14.3-117.el8, AVC denials frequently occur in commands executed via insights-client
- BZ - 2208162 - AVC denials caused by rebased pkcsslotd
- BZ - 2210771 - AVC reported when configuring custom print command in smb.conf
- BZ - 2213606 - SELinux labels RIPE Atlas Probe/Anchor's /usr/sbin/ripe-atlas process as zebra_t
- BZ - 2213965 - Policy for httpd to connect to Redis via TCP socket missing
- BZ - 2214572 - Insight generates AVC for command "systemctl status --all" when system has persistent journal.
- BZ - 2216151 - Listing /var with details (ls -l /var) leads to missing permissions printing on some directories
- BZ - 2218362 - selinux-policy-doc and container-selinux.8 manpage ownership
- BZ - 2225233 - dotnet executed by the insights-client service triggers SELinux denials
- BZ - 2225527 - Make insights_client_t an unconfined domain
- BZ - 2229559 - [RHEL8/Insights/SELinux/Bug] SELinux AVC denials for insights-client var-log-t
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-128.el8.src.rpm | SHA-256: 258c6f3f43b710ca204f80ebb819716daaaf6583a0dc9dbc30b9ca7dd88b2bc8 |
| x86_64 | |
| selinux-policy-3.14.3-128.el8.noarch.rpm | SHA-256: 6943ce091034b24201cf2030ce75ce85bc4c378c68ba9e2daa72e1b987187339 |
| selinux-policy-devel-3.14.3-128.el8.noarch.rpm | SHA-256: d93fe4b24a57b5f1c8219ce2e0283dfb697fef80b7e0af8fd7fd023cc03ebdf3 |
| selinux-policy-doc-3.14.3-128.el8.noarch.rpm | SHA-256: fa717295addf19f7fd1627e4b639e15144f5d90d57a7b8662996e33835d09895 |
| selinux-policy-minimum-3.14.3-128.el8.noarch.rpm | SHA-256: 66fbc5e1fc698dfa0087daa4a534ef13b95b3e9cad2cddc0aad415ce938dde8b |
| selinux-policy-mls-3.14.3-128.el8.noarch.rpm | SHA-256: 5a4d81e48bfe3537030240d36f2c5c3aaa8cd80816894a5ee93ad7097d2faf55 |
| selinux-policy-sandbox-3.14.3-128.el8.noarch.rpm | SHA-256: d465c26e634f8e83e3a09cb8674f000683746e6c0b31bcd638867d7a66033c0d |
| selinux-policy-targeted-3.14.3-128.el8.noarch.rpm | SHA-256: 5ec4bb024d8844d44939a2321863438b2cd2b6cf26269ccffae21f5396253934 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-128.el8.src.rpm | SHA-256: 258c6f3f43b710ca204f80ebb819716daaaf6583a0dc9dbc30b9ca7dd88b2bc8 |
| s390x | |
| selinux-policy-3.14.3-128.el8.noarch.rpm | SHA-256: 6943ce091034b24201cf2030ce75ce85bc4c378c68ba9e2daa72e1b987187339 |
| selinux-policy-devel-3.14.3-128.el8.noarch.rpm | SHA-256: d93fe4b24a57b5f1c8219ce2e0283dfb697fef80b7e0af8fd7fd023cc03ebdf3 |
| selinux-policy-doc-3.14.3-128.el8.noarch.rpm | SHA-256: fa717295addf19f7fd1627e4b639e15144f5d90d57a7b8662996e33835d09895 |
| selinux-policy-minimum-3.14.3-128.el8.noarch.rpm | SHA-256: 66fbc5e1fc698dfa0087daa4a534ef13b95b3e9cad2cddc0aad415ce938dde8b |
| selinux-policy-mls-3.14.3-128.el8.noarch.rpm | SHA-256: 5a4d81e48bfe3537030240d36f2c5c3aaa8cd80816894a5ee93ad7097d2faf55 |
| selinux-policy-sandbox-3.14.3-128.el8.noarch.rpm | SHA-256: d465c26e634f8e83e3a09cb8674f000683746e6c0b31bcd638867d7a66033c0d |
| selinux-policy-targeted-3.14.3-128.el8.noarch.rpm | SHA-256: 5ec4bb024d8844d44939a2321863438b2cd2b6cf26269ccffae21f5396253934 |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-128.el8.src.rpm | SHA-256: 258c6f3f43b710ca204f80ebb819716daaaf6583a0dc9dbc30b9ca7dd88b2bc8 |
| ppc64le | |
| selinux-policy-3.14.3-128.el8.noarch.rpm | SHA-256: 6943ce091034b24201cf2030ce75ce85bc4c378c68ba9e2daa72e1b987187339 |
| selinux-policy-devel-3.14.3-128.el8.noarch.rpm | SHA-256: d93fe4b24a57b5f1c8219ce2e0283dfb697fef80b7e0af8fd7fd023cc03ebdf3 |
| selinux-policy-doc-3.14.3-128.el8.noarch.rpm | SHA-256: fa717295addf19f7fd1627e4b639e15144f5d90d57a7b8662996e33835d09895 |
| selinux-policy-minimum-3.14.3-128.el8.noarch.rpm | SHA-256: 66fbc5e1fc698dfa0087daa4a534ef13b95b3e9cad2cddc0aad415ce938dde8b |
| selinux-policy-mls-3.14.3-128.el8.noarch.rpm | SHA-256: 5a4d81e48bfe3537030240d36f2c5c3aaa8cd80816894a5ee93ad7097d2faf55 |
| selinux-policy-sandbox-3.14.3-128.el8.noarch.rpm | SHA-256: d465c26e634f8e83e3a09cb8674f000683746e6c0b31bcd638867d7a66033c0d |
| selinux-policy-targeted-3.14.3-128.el8.noarch.rpm | SHA-256: 5ec4bb024d8844d44939a2321863438b2cd2b6cf26269ccffae21f5396253934 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-128.el8.src.rpm | SHA-256: 258c6f3f43b710ca204f80ebb819716daaaf6583a0dc9dbc30b9ca7dd88b2bc8 |
| aarch64 | |
| selinux-policy-3.14.3-128.el8.noarch.rpm | SHA-256: 6943ce091034b24201cf2030ce75ce85bc4c378c68ba9e2daa72e1b987187339 |
| selinux-policy-devel-3.14.3-128.el8.noarch.rpm | SHA-256: d93fe4b24a57b5f1c8219ce2e0283dfb697fef80b7e0af8fd7fd023cc03ebdf3 |
| selinux-policy-doc-3.14.3-128.el8.noarch.rpm | SHA-256: fa717295addf19f7fd1627e4b639e15144f5d90d57a7b8662996e33835d09895 |
| selinux-policy-minimum-3.14.3-128.el8.noarch.rpm | SHA-256: 66fbc5e1fc698dfa0087daa4a534ef13b95b3e9cad2cddc0aad415ce938dde8b |
| selinux-policy-mls-3.14.3-128.el8.noarch.rpm | SHA-256: 5a4d81e48bfe3537030240d36f2c5c3aaa8cd80816894a5ee93ad7097d2faf55 |
| selinux-policy-sandbox-3.14.3-128.el8.noarch.rpm | SHA-256: d465c26e634f8e83e3a09cb8674f000683746e6c0b31bcd638867d7a66033c0d |
| selinux-policy-targeted-3.14.3-128.el8.noarch.rpm | SHA-256: 5ec4bb024d8844d44939a2321863438b2cd2b6cf26269ccffae21f5396253934 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
