Skip to navigation

Bug Fix Advisory selinux-policy bug fix update

Advisory: RHBA-2009:1242-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated selinux-policy packages that fix several bugs are now available.

The selinux-policy packages contain the rules that govern how confined
processes run on the system.

These updated packages resolve several bugs in Security-Enhanced Linux
(SELinux) policy as shipped with Red Hat Enterprise Linux 5. The majority
of these bugs resulted in SELinux denying legitimate access.

Refer to the Red Hat Enterprise Linux 5.4 Technical Notes for detailed
documentation on the bug fixes applied by this update. A link to
the section for this selinux-policy update is in the "References" below.

All users are advised to upgrade to these updated packages, which resolve
these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
selinux-policy-2.4.6-255.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: f6e770a72e88347ab85140572e582fe7
 
IA-32:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
IA-64:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
PPC:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
s390x:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
x86_64:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
selinux-policy-2.4.6-255.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: f6e770a72e88347ab85140572e582fe7
 
IA-32:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
x86_64:
selinux-policy-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 521f06f135a3e7ce50973dd398deed48
selinux-policy-devel-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 1ee44a44e37677e3e16c5e4dbc352e2b
selinux-policy-minimum-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 93656fbb24dc129f7c42c4757ff63d7d
selinux-policy-mls-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 4d41409a61974b6e776f24ce2cc66b31
selinux-policy-strict-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 037a42d069b19ad64751f1ab2a95df43
selinux-policy-targeted-2.4.6-255.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 242f17f05619abb0cf83037608089b2f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

429726 - Allow samba to change unix passwords
475562 - SELinux is preventing perl (logwatch_t) "write" to ./services (etc_t).
477123 - Typo errors in man pages
479819 - postgrey avc: denied socket connection
480943 - SELinux is preventing nm-system-setti after update to 5.3
481387 - selinux prevents "getattr" and "execute"
481628 - AVCs for system_dbusd_t -> [ hal_t, unconfined_t
481706 - SELinux is preventing automount (automount_t) "signal" to <Unknown> (mount_t).
483173 - SELinux prevents nm-system-setti (system_dbusd_t) "getsched"
484146 - setsebool -P samba_enable_home_dirs=1 is not completely effective.
485078 - Wrong security context for sysstat package
485107 - Cannot execute spamc from procmail
485111 - samba not able to access users' public_html directory
486187 - RHEL-5.3 selinux-policy broke spamassassin
486354 - Cannot boot RHEL5.3 with strict enforcing selinux
486965 - cannot open matlab on redhat EL 5.3, unless I override / change selinux settings
487021 - Selinux prevents Samba from rotating log files.
489899 - selinux-policy: allow dbus to domain_read_all_domains_state [rhel-5.4]
490024 - nscd_t needs search permissions on sbin_t
492567 - restorecon breaks selinux contexts in /var/named/chroot/proc (which is bind mounted to /proc so breaks that too)
495010 - SELinux is preventing /sbin/restorecon (restorecon_t) "read" to inotify (inotifyfs_t).
496867 - SELinux issue causing libvirtd launched dnsmasq to fail
497168 - updated openswan package creating AVCs
497273 - Comming autofs update needs Selinux policy update
498596 - selinux-policy-targeted blocking amanda client operation
499249 - [RHEL5.4] selinux AVC: denials when trying to start a xen guest
499691 - SELinux is preventing hp (hplip_t) "read write" to socket (cupsd_t).
499701 - spamassassin spamd dies because of SElinux when it is HUP(ed)
499888 - selinux denials when migration tests over ssh is being done:
500392 - Problems with clamav-milter 0.95.1
500395 - selinux-policy: setkey executed from initrc_t from if{up,down}-ipsec fails to set policies
502182 - error installing selinux-policy-minimum: could not read file 'unconfined.pp'
504238 - kvm guest installations are failing with selinux-policy-targeted < 2.4.6-245.el5
504738 - Packets are lost when transfer from bridge to physical nic
504805 - selinux is denying cyrus-master from binding the mupdate port
504872 - SELinux targetted policy blocks VMWare-hgfsmounter from mounting shared disks.
506057 - iscsid generates lots of AVC messages
507712 - Selinux directed me to report this bug -- pasted Selinux information below
508348 - selinux policy blocks postgresql dblink_connect
511143 - selinux policy allows addr 0 mappings by default
511359 - avcs when running pluto with selinux in enforcing mode
511927 - SELinux: should automount have access to winbind pipe?
512301 - Multiple different specifications for /var/vdsm(/.*)?
513208 - VDSM selinux context errors


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/