- Issued:
- 2024-05-22
- Updated:
- 2024-05-22
RHBA-2024:3143 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for selinux-policy is now available for Red Hat Enterprise Linux 8.
Description
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- RHEL-1099 - User's temporary files are not labeled correctly
- RHEL-1678 - Regression due to /usr/bin/msmtp security context mismatch
- RHEL-2415 - SELinux blocks numad from ipc_owner
- RHEL-3539 - SELinux File context are not showing correct information as expected - authselect backup files with etc_t but dir expects var_lib_t
- RHEL-14186 - exim generates an AVC on "create" when sending mails
- RHEL-14376 - default label for /var/run/auditd.state file is not correct
- RHEL-16185 - missing interface definitions [rhel-8]
- RHEL-16567 - Confined user's sudo fails to authenticate with RSA PAM due to AVC
- RHEL-16715 - SELinux prevents the systemd-localed from creating the /etc/X11/xorg.conf.d directory [rhel-8]
- RHEL-1679 - Users mapped to sysadm_u cannot execute `sudo dnf` command
- RHEL-10087 - selinux prevents syslogd_t from execution the systemd_systemctl_exec_t
- RHEL-15398 - Confined sysadm cannot execute "sudo tcpdump" command [rhel-8]
- RHEL-1954 - AVC created when named-chroot is enabled and "virsh domfsinfo" command is used
- RHEL-9947 - Users mapped to sysadm_u cannot execute `sudo traceroute` command
- RHEL-19426 - [8.10] avc denied when starting opa-fm service
- RHEL-21374 - AVC appears when mdadm checks the /dev/stratis location [rhel-8]
- RHEL-22276 - AVC "sys_admin" on conntrackd when using Kernel space filtering
- RHEL-1388 - Confined user cannot list/edit a crontab through sudo'ing
- RHEL-22748 - SELinux prevents the caddy service from reading the /proc/sys/net/core/somaxconn file
- RHEL-25002 - Cannot execute "tlog-rec" as a confined user [rhel-8]
- RHEL-11249 - libdnf used by Insights client labels temporary files with insights_client_tmp_t leading to denials by systemd and gnupg
- RHEL-2606 - selinux denial on wtmp log file - when user runs sudo su as a confined user
- RHEL-27507 - SELinux prevents the wdmd from reading the /sys/class/watchdog/watchdog0/identity symlink [rhel-8]
- RHEL-1628 - "unconfined_login" boolean doesn't seem to have any effect on users
- RHEL-22843 - SELinux blocks Keepalived scripts from calling systemctl
CVEs
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-139.el8_10.src.rpm | SHA-256: de259f5102eeb2a444bfbf53e04193247e8904fc5b1153660d432fad471e1966 |
| x86_64 | |
| selinux-policy-3.14.3-139.el8_10.noarch.rpm | SHA-256: c4c4d26d57172b1af5bd403b6142700416ebef25459f3e0180ea01217ebbcc16 |
| selinux-policy-devel-3.14.3-139.el8_10.noarch.rpm | SHA-256: 12fc84956f3536cc67c2aa09fb59eb0ac022108323f2cd8becae1af2f02cd233 |
| selinux-policy-doc-3.14.3-139.el8_10.noarch.rpm | SHA-256: 2724365fb5db5089cb1addec323469c417a62b11783a935cf54d87e61f68d71d |
| selinux-policy-minimum-3.14.3-139.el8_10.noarch.rpm | SHA-256: 7cf2c7c402bcb4e738bc127b30054f7a612c6be78eeab97871fee338ba5159e7 |
| selinux-policy-mls-3.14.3-139.el8_10.noarch.rpm | SHA-256: 19c736de0f8d351773ca37cd198ed73bb2c79760463f3a0d6d418b59f6b4aed0 |
| selinux-policy-sandbox-3.14.3-139.el8_10.noarch.rpm | SHA-256: 5d24ed63e25b221a475253c58feb2b425f6d69a12ed44cdb2dac485923bb5374 |
| selinux-policy-targeted-3.14.3-139.el8_10.noarch.rpm | SHA-256: c66757b39f20657d343835e7d16b1d79dfcc300207a5e57caae9787db2915efc |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-139.el8_10.src.rpm | SHA-256: de259f5102eeb2a444bfbf53e04193247e8904fc5b1153660d432fad471e1966 |
| s390x | |
| selinux-policy-3.14.3-139.el8_10.noarch.rpm | SHA-256: c4c4d26d57172b1af5bd403b6142700416ebef25459f3e0180ea01217ebbcc16 |
| selinux-policy-devel-3.14.3-139.el8_10.noarch.rpm | SHA-256: 12fc84956f3536cc67c2aa09fb59eb0ac022108323f2cd8becae1af2f02cd233 |
| selinux-policy-doc-3.14.3-139.el8_10.noarch.rpm | SHA-256: 2724365fb5db5089cb1addec323469c417a62b11783a935cf54d87e61f68d71d |
| selinux-policy-minimum-3.14.3-139.el8_10.noarch.rpm | SHA-256: 7cf2c7c402bcb4e738bc127b30054f7a612c6be78eeab97871fee338ba5159e7 |
| selinux-policy-mls-3.14.3-139.el8_10.noarch.rpm | SHA-256: 19c736de0f8d351773ca37cd198ed73bb2c79760463f3a0d6d418b59f6b4aed0 |
| selinux-policy-sandbox-3.14.3-139.el8_10.noarch.rpm | SHA-256: 5d24ed63e25b221a475253c58feb2b425f6d69a12ed44cdb2dac485923bb5374 |
| selinux-policy-targeted-3.14.3-139.el8_10.noarch.rpm | SHA-256: c66757b39f20657d343835e7d16b1d79dfcc300207a5e57caae9787db2915efc |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-139.el8_10.src.rpm | SHA-256: de259f5102eeb2a444bfbf53e04193247e8904fc5b1153660d432fad471e1966 |
| ppc64le | |
| selinux-policy-3.14.3-139.el8_10.noarch.rpm | SHA-256: c4c4d26d57172b1af5bd403b6142700416ebef25459f3e0180ea01217ebbcc16 |
| selinux-policy-devel-3.14.3-139.el8_10.noarch.rpm | SHA-256: 12fc84956f3536cc67c2aa09fb59eb0ac022108323f2cd8becae1af2f02cd233 |
| selinux-policy-doc-3.14.3-139.el8_10.noarch.rpm | SHA-256: 2724365fb5db5089cb1addec323469c417a62b11783a935cf54d87e61f68d71d |
| selinux-policy-minimum-3.14.3-139.el8_10.noarch.rpm | SHA-256: 7cf2c7c402bcb4e738bc127b30054f7a612c6be78eeab97871fee338ba5159e7 |
| selinux-policy-mls-3.14.3-139.el8_10.noarch.rpm | SHA-256: 19c736de0f8d351773ca37cd198ed73bb2c79760463f3a0d6d418b59f6b4aed0 |
| selinux-policy-sandbox-3.14.3-139.el8_10.noarch.rpm | SHA-256: 5d24ed63e25b221a475253c58feb2b425f6d69a12ed44cdb2dac485923bb5374 |
| selinux-policy-targeted-3.14.3-139.el8_10.noarch.rpm | SHA-256: c66757b39f20657d343835e7d16b1d79dfcc300207a5e57caae9787db2915efc |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| selinux-policy-3.14.3-139.el8_10.src.rpm | SHA-256: de259f5102eeb2a444bfbf53e04193247e8904fc5b1153660d432fad471e1966 |
| aarch64 | |
| selinux-policy-3.14.3-139.el8_10.noarch.rpm | SHA-256: c4c4d26d57172b1af5bd403b6142700416ebef25459f3e0180ea01217ebbcc16 |
| selinux-policy-devel-3.14.3-139.el8_10.noarch.rpm | SHA-256: 12fc84956f3536cc67c2aa09fb59eb0ac022108323f2cd8becae1af2f02cd233 |
| selinux-policy-doc-3.14.3-139.el8_10.noarch.rpm | SHA-256: 2724365fb5db5089cb1addec323469c417a62b11783a935cf54d87e61f68d71d |
| selinux-policy-minimum-3.14.3-139.el8_10.noarch.rpm | SHA-256: 7cf2c7c402bcb4e738bc127b30054f7a612c6be78eeab97871fee338ba5159e7 |
| selinux-policy-mls-3.14.3-139.el8_10.noarch.rpm | SHA-256: 19c736de0f8d351773ca37cd198ed73bb2c79760463f3a0d6d418b59f6b4aed0 |
| selinux-policy-sandbox-3.14.3-139.el8_10.noarch.rpm | SHA-256: 5d24ed63e25b221a475253c58feb2b425f6d69a12ed44cdb2dac485923bb5374 |
| selinux-policy-targeted-3.14.3-139.el8_10.noarch.rpm | SHA-256: c66757b39f20657d343835e7d16b1d79dfcc300207a5e57caae9787db2915efc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
