policycoreutils bug fix update

Updated policycoreutils packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

The policycoreutils packages contain the core utilities that are required for
the basic operation of a Security-Enhanced Linux (SELinux) system and its
policies.

These updated policycoreutils packages provide fixes for the following bugs:

* The semanage utility did not produce correct audit messages in the Common
Criteria certified environment. This update modifies semanage so that it now
sends correct audit events when the user is assigned to or removed from a new
role.

This update also modifies behavior of semanage concerning the user's SELinux
Multi-Level Security (MLS) and Multi-Category Security (MCS) range. The utility
now works with the user's default range of the MLS/MCS security level instead of
the lowest.

In addition, the semanage(8) manual page has been corrected to reflect the
current semanage functionality. (BZ#784595)

* Prior to this update, the ppc and ppc64 versions of the policycoreutils
package conflicted with each other when installed on the same system. This
update fixes this bug; ppc and ppc64 versions of the package can now be
installed simultaneously. (BZ#751313)

* The missing exit(1) function call in the underlying code of the sepolgen-ifgen
utility could cause the restorecond daemon to access already freed memory when
retrieving user's information. This would cause restorecond to terminate
unexpectedly with a segmentation fault. With this update, restorecond has been
modified to check the return value of the getpwuid() function to avoid this
situation. (BZ#684015)

* When installing packages on the system in Federal Information Processing
Standard (FIPS) mode, parsing errors could occur and installation failed. This
was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser,
which used MD5 checksums that are not supported in FIPS mode. This update
modifies the parser to use SHA-256 checksums and installation process is now
successful. (BZ#786191)

* Due to a pam_namespace issue which caused a leak of mount points to the parent
namespace, polyinstantiated directories could be seen by users other than the
owner of that directory. With this update, the mount points no longer leak to
the parent namespace, and users can only see directories they own. (BZ#786664)

* When a user or a program ran the "semanage fcontext" command, a traceback
error was returned. This was due to a typographical error in the source code of
the semanage command. This updates fixes this error, and executing the semanage
fcontext command works as expected. (BZ#806736, BZ#807011)

All users of policycoreutils are advised to upgrade to these updated packages,
which fix these bugs.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

684015 - unchecked return value of getpwuid() in policycoreutils-rhat.patch
784595 - semanage is sending the wrong kind of audit events
786191 - selinux-policy update shows error parsing file obj_perm_sets.spt in FIPS mode