- Issued:
- 2011-07-21
- Updated:
- 2011-07-21
RHBA-2011:1069 - Bug Fix Advisory
Synopsis
selinux-policy bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated selinux-policy packages that fix several bugs and add two enhancements
are now available for Red Hat Enterprise Linux 5.
Description
The selinux-policy packages contain the rules that govern how confined processes
run on the system.
These updated selinux-policy packages include a number of bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes:
All users of SELinux are advised to upgrade to these updated packages, which
provide numerous bug fixes and enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 610812 - SELinux Policy does not allow freeradius2 to disable core dumps
- BZ - 632573 - AVC on yum install, change policy to dontaudit
- BZ - 651609 - clustat denied bind to hi_reserved_port_t
- BZ - 657571 - MLS policy prevents modprobe from calling signull ...
- BZ - 662677 - programs resolving a NetBIOS name can't access /var/cache/samba/unexpected.tdb
- BZ - 663016 - syntax error in /usr/share/selinux/devel/include/apps/thunderbird.if
- BZ - 664684 - init_write_script_pipes(load_policy_t)
- BZ - 666513 - /var/spool/rsyslog is missing and no selinux policy for this dir
- BZ - 667692 - selinux doesn't allow samba utmp = yes
- BZ - 672289 - selinux blocks samba from creating /etc/krb5.keytab
- BZ - 672540 - SELinux avc's for /var/lib/sss/pipes/nss
- BZ - 674452 - selinux blocks rsyslogd from opening more file descriptors
- BZ - 674689 - pyzor with nfs home directories
- BZ - 678496 - ipvsadm pulse and selinux don't play well
- BZ - 689736 - MLS in single-user mode: /var/lock/lvm: setfscreatecon failed: Permission denied
- BZ - 689960 - openswan debugging facility which allows coredumps in case of problems is broken by selinux policy dontaudit
- BZ - 692811 - SELinux prevents pxe installation to work
- BZ - 693723 - /dev/random inaccessible by ssh-keygen (copy from 693420)
- BZ - 694865 - pyzor denied reading system config dir
- BZ - 697804 - SELinux denies any SCTP communication
- BZ - 698043 - SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
- BZ - 698257 - named cannot update logs in chroot
- BZ - 703072 - file labelling inconsistencies
- BZ - 703458 - enforcing MLS: lsusb leads to AVCs
- BZ - 703482 - enforcing MLS -- AVCs appear when running "kpartx -v /dev/sda"
- BZ - 703714 - openais service causes AVCs
- BZ - 704121 - SELinux is preventing ntpd (ntpd_t) "write" to nss (sssd_var_lib_t)
- BZ - 704690 - syslog-ng 3.x SELinux violations
- BZ - 706005 - SELinux is preventing restorecond (restorecond_t) "write" to nss (sssd_var_lib_t).
- BZ - 707101 - selinux prevents clamav-milter from running
- BZ - 707139 - SELinux killing Apache Worker MPM
- BZ - 707969 - avc: denied { signal } for ... comm="ccsd" scontext=root:system_r:ccs_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
- BZ - 708986 - enforcing MLS: root (sysadm_r or secadm_r) cannot run ssh-keygen
- BZ - 709045 - single-user mode, enforcing MLS: sh: /usr/bin/crontab: Permission denied
- BZ - 709080 - enforcing MLS: lvmdump causes AVCs
- BZ - 711020 - samba, sys_admin capability AVC denial
- BZ - 711725 - Are iprinit, iprdump and iprupdate services supported in MLS policy ?
- BZ - 711794 - enforcing MLS: user_u and staff_u cannot run ssh-keygen
- BZ - 712363 - pulse: cannot create heartbeat socket
- BZ - 713078 - SELinux is preventing krb5_child (sssd_t) "search" to ./home (home_root_t)
- BZ - 713797 - avc: denied { name_connect } for ... comm="clustat" dest=50006 scontext=...:ricci_modclusterd_t:s0 tcontext=...:cluster_port_t:s0 tclass=tcp_socket
- BZ - 714960 - SELinux is preventing the krb5_child from using potentially mislabeled files (./.k5login).
CVEs
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
x86_64 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
ia64 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
i386 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
x86_64 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
i386 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
x86_64 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
i386 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
s390x | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
ppc | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
selinux-policy-2.4.6-316.el5.src.rpm | SHA-256: b83ef12bca25bbd3411a7782cbf8499f6a766532d4179a4d489bdeb49683b6d0 |
x86_64 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
i386 | |
selinux-policy-2.4.6-316.el5.noarch.rpm | SHA-256: 74e6a45718b18211768650e437d49b5a613bdb836cdfb18f7cb3674821ac66e4 |
selinux-policy-devel-2.4.6-316.el5.noarch.rpm | SHA-256: d24abce7aaa0edda6b97bb51c8a634ca6884ecebd3fe48834df553e434d5d145 |
selinux-policy-minimum-2.4.6-316.el5.noarch.rpm | SHA-256: add01e57f6c721dee33e842ef3bef0613526fb4b4188ab6630103d121b8b37b1 |
selinux-policy-mls-2.4.6-316.el5.noarch.rpm | SHA-256: e9d85a5197a2da3ddf0951a516a2dea3de2f36668cf427470f28a89d0163b526 |
selinux-policy-strict-2.4.6-316.el5.noarch.rpm | SHA-256: 2c72bc29019fa280f79750a4e260e6d6a6975252f60e7e814d2aff733ba2b8bf |
selinux-policy-targeted-2.4.6-316.el5.noarch.rpm | SHA-256: e3ed57874f4d2ccbf742b155bc89d940db0aeb191df5e182b9ea10560c3efde8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.