Fedora 12 Update: selinux-policy-3.6.32-46.fc12

Tue Nov 24 07:50:06 UTC 2009

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11672
2009-11-18 13:32:41
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 12
Version     : 3.6.32
Release     : 46.fc12
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2.20090730

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 16 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-46
- abrt needs more access to rpm pid files
- Abrt wants to execute its own tmp files
- abrt needs to write sysfs 
- abrt needs to search all file system dirs
- logrotate and tmpreaper need to be able to manage abrt cache
- rtkit_daemon needs to be able to setsched on lots of user apps
- networkmanager creates dirs in /var/lib
- plymouth executes lvm tools
* Fri Nov 13 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-45
- Allow mount on dos file systems
- fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses
* Thu Nov 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-44
- Add lighttpd file context to apache.fc
- Allow tmpreaper to read /var/cache/yum
- Allow kdump_t sys_rawio
- Add execmem_exec_t context for /usr/bin/aticonfig
- Allow dovecot-deliver to signull dovecot
- Add textrel_shlib_t to /usr/lib/libADM5avcodec.so
* Tue Nov 10 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-43
- Fix transition so unconfined_exemem_t creates user_tmp_t
- Allow chrome_sandbox_t to write to user_tmp_t when printing
- Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files
- Allow execmem_t to execmod files in mozilla_home_t
- Allow firewallgui to communicate with nscd
* Mon Nov  9 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-42
- Allow kdump to read the kernel core interface 
- Dontaudit abrt read all files in home dir
- Allow kismet client to write to .kismet dir in homedir
- Turn on  asterisk policy and allow logrotate to communicate with it
- Allow abrt to manage rpm cache files
- Rules to allow sysadm_t to install a kernel
- Allow local_login to read console_device_t to Z series logins
- Allow automount and devicekit_disk to search all filesystem dirs
- Allow corosync to setrlimit
- Allow hal to read modules.dep
- Fix xdm using pcscd
- Dontaudit gssd trying to write user_tmp_t, kerberos libary problem.
- Eliminate transition from unconifned_t to loadkeys_t
- Dontaudit several leaks to xauth_t
- Allow xdm_t to search for man pages
- Allow xdm_dbus to append to xdm log
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #506351 - SELinux is preventing evince (nsplugin_t) "ioctl" inotifyfs_t
        https://bugzilla.redhat.com/show_bug.cgi?id=506351
  [ 2 ] Bug #533622 - [feature] Policy for lighttpd
        https://bugzilla.redhat.com/show_bug.cgi?id=533622
  [ 3 ] Bug #534114 - SELinux is preventing /usr/bin/python "name_connect" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=534114
  [ 4 ] Bug #536729 - SELinux is preventing /bin/bash "sys_tty_config" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=536729
  [ 5 ] Bug #536755 - SELinux is preventing /bin/plymouth access to a leaked fifo_file file descriptor.
        https://bugzilla.redhat.com/show_bug.cgi?id=536755
  [ 6 ] Bug #536976 - SELinux is preventing /usr/libexec/dovecot/deliver "signull" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=536976
  [ 7 ] Bug #536992 - SELinux is preventing /usr/bin/avidemux2_gtk from loading /usr/lib/libADM5avcodec.so.52 which requires text relocation.
        https://bugzilla.redhat.com/show_bug.cgi?id=536992
  [ 8 ] Bug #537097 - SELinux is preventing /usr/bin/eu-unstrip "read" access on silverlight-media-pack-linux-x86-5-1.so.
        https://bugzilla.redhat.com/show_bug.cgi?id=537097
  [ 9 ] Bug #537252 - SELinux is preventing /usr/bin/python "name_connect" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=537252
  [ 10 ] Bug #537476 - SELinux prevented mount from mounting on the file or directory     "/mnt/live" (type "dosfs_t").
        https://bugzilla.redhat.com/show_bug.cgi?id=537476
  [ 11 ] Bug #537487 - SELinux is preventing /usr/bin/xauth "write open" access on .serverauth.6599-c.
        https://bugzilla.redhat.com/show_bug.cgi?id=537487
  [ 12 ] Bug #537549 - SELinux is preventing /usr/libexec/rtkit-daemon "setsched" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=537549
  [ 13 ] Bug #537555 - SELinux is preventing /usr/bin/python "execute" access on /tmp/ffidvwa0y (deleted).
        https://bugzilla.redhat.com/show_bug.cgi?id=537555
  [ 14 ] Bug #537557 - SELinux is preventing /usr/bin/python "read" access on smi_data_buf_size.
        https://bugzilla.redhat.com/show_bug.cgi?id=537557
  [ 15 ] Bug #537611 - SELinux is preventing /usr/bin/slim "sigchld" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=537611
  [ 16 ] Bug #537617 - selinux logs AVCs on bootup - plymouth_t denied access for lvm/cryptsetup
        https://bugzilla.redhat.com/show_bug.cgi?id=537617
  [ 17 ] Bug #537629 - selinux policy alert - abrt_t denied search to /mnt/windows (fusefs_t)
        https://bugzilla.redhat.com/show_bug.cgi?id=537629
  [ 18 ] Bug #537633 - SELinux is preventing /usr/sbin/upsmon "getattr" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=537633
  [ 19 ] Bug #537679 - SELinux is preventing /usr/bin/python "search" access on 12304.
        https://bugzilla.redhat.com/show_bug.cgi?id=537679
  [ 20 ] Bug #537680 - SELinux is preventing /usr/bin/python "unlink" access on yum.pid.
        https://bugzilla.redhat.com/show_bug.cgi?id=537680
  [ 21 ] Bug #537702 - SELinux is preventing /opt/altera9.1/quartus/linux/quartus_map from loading /opt/altera9.1/quartus/linux/libccl_err.so which requires text relocation.
        https://bugzilla.redhat.com/show_bug.cgi?id=537702
  [ 22 ] Bug #537723 - SELinux is preventing /usr/sbin/abrtd "name_connect" access.
        https://bugzilla.redhat.com/show_bug.cgi?id=537723
  [ 23 ] Bug #537826 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "read" access on /usr/share/X11/fonts/TTF/luxisr.ttf.
        https://bugzilla.redhat.com/show_bug.cgi?id=537826
  [ 24 ] Bug #537833 - SELinux is preventing /usr/bin/iceauth "read" access on dcopPfMg8b.
        https://bugzilla.redhat.com/show_bug.cgi?id=537833
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------