Skip to navigation

Bug Fix Advisory selinux-policy bug fix and enhancement update

Advisory: RHBA-2011:1069-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated selinux-policy packages that fix several bugs and add two enhancements
are now available for Red Hat Enterprise Linux 5.

The selinux-policy packages contain the rules that govern how confined processes
run on the system.

These updated selinux-policy packages include a number of bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/selinux-policy.html#RHBA-2011-1069

All users of SELinux are advised to upgrade to these updated packages, which
provide numerous bug fixes and enhancements.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
selinux-policy-2.4.6-316.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: 087ef3b9bd5e17a195b6edb2755771c8
SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
 
IA-32:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
IA-64:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
PPC:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
s390x:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
x86_64:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
selinux-policy-2.4.6-316.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: 087ef3b9bd5e17a195b6edb2755771c8
SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0
 
IA-32:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
x86_64:
selinux-policy-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: c2e47901cae9d589206fb70684aaa1f4
SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4
selinux-policy-devel-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f2e5875bfcfec381b2826bb4b9ffd3c2
SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 19fa48b1fa8bf3a8250dcfb89ac7ebc6
SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1
selinux-policy-mls-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: f4d4692dc45db522c6d688b54a0959b5
SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526
selinux-policy-strict-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: b6083c4b53a9fc0d97a44251bcb9f3bb
SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: e27c398eb5001dc5164c46eef1dd7aba
SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

610812 - SELinux Policy does not allow freeradius2 to disable core dumps
632573 - AVC on yum install, change policy to dontaudit
651609 - clustat denied bind to hi_reserved_port_t
657571 - MLS policy prevents modprobe from calling signull ...
662677 - programs resolving a NetBIOS name can't access /var/cache/samba/unexpected.tdb
663016 - syntax error in /usr/share/selinux/devel/include/apps/thunderbird.if
664684 - init_write_script_pipes(load_policy_t)
666513 - /var/spool/rsyslog is missing and no selinux policy for this dir
667692 - selinux doesn't allow samba utmp = yes
672289 - selinux blocks samba from creating /etc/krb5.keytab
672540 - SELinux avc's for /var/lib/sss/pipes/nss
674452 - selinux blocks rsyslogd from opening more file descriptors
674689 - pyzor with nfs home directories
678496 - ipvsadm pulse and selinux don't play well
689736 - MLS in single-user mode: /var/lock/lvm: setfscreatecon failed: Permission denied
689960 - openswan debugging facility which allows coredumps in case of problems is broken by selinux policy dontaudit
692811 - SELinux prevents pxe installation to work
693723 - /dev/random inaccessible by ssh-keygen (copy from 693420)
694865 - pyzor denied reading system config dir
697804 - SELinux denies any SCTP communication
698043 - SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
698257 - named cannot update logs in chroot
703072 - file labelling inconsistencies
703458 - enforcing MLS: lsusb leads to AVCs
703482 - enforcing MLS -- AVCs appear when running "kpartx -v /dev/sda"
703714 - openais service causes AVCs
704121 - SELinux is preventing ntpd (ntpd_t) "write" to nss (sssd_var_lib_t)
704690 - syslog-ng 3.x SELinux violations
706005 - SELinux is preventing restorecond (restorecond_t) "write" to nss (sssd_var_lib_t).
707101 - selinux prevents clamav-milter from running
707139 - SELinux killing Apache Worker MPM
707969 - avc: denied { signal } for ... comm="ccsd" scontext=root:system_r:ccs_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
708986 - enforcing MLS: root (sysadm_r or secadm_r) cannot run ssh-keygen
709045 - single-user mode, enforcing MLS: sh: /usr/bin/crontab: Permission denied
709080 - enforcing MLS: lvmdump causes AVCs
711020 - samba, sys_admin capability AVC denial
711725 - Are iprinit, iprdump and iprupdate services supported in MLS policy ?
711794 - enforcing MLS: user_u and staff_u cannot run ssh-keygen
712363 - pulse: cannot create heartbeat socket
713078 - SELinux is preventing krb5_child (sssd_t) "search" to ./home (home_root_t)
713797 - avc: denied { name_connect } for ... comm="clustat" dest=50006 scontext=...:ricci_modclusterd_t:s0 tcontext=...:cluster_port_t:s0 tclass=tcp_socket
714960 - SELinux is preventing the krb5_child from using potentially mislabeled files (./.k5login).


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/