Skip to navigation

Bug Fix Advisory selinux-policy bug fix and enhancement update

Advisory: RHBA-2013:0060-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-01-07
Last updated on: 2013-01-08
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated selinux-policy packages that fix a number of bugs and add various
enhancements are now available for Red Hat Enterprise Linux 5.

The selinux-policy packages contain the rules that govern how confined processes
run on the system.

These updated selinux-policy packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 5.9 Technical Notes for
information on the most significant of these changes:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.9_Technical_Notes/selinux-policy.html#RHBA-2013-0060

All users of SELinux are advised to upgrade to these updated packages, which fix
a number of bugs and add various enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
selinux-policy-2.4.6-338.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5877878eba4e1748c52df8460cedc592
SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21
 
IA-32:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
IA-64:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
PPC:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
s390x:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
x86_64:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
selinux-policy-2.4.6-338.el5.src.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5877878eba4e1748c52df8460cedc592
SHA-256: dab636c7f660980675b7946b7c1c6749b2e8eb7382c9f4af8508b9e4dbf50e21
 
IA-32:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
x86_64:
selinux-policy-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: d191518428e8a8f162d865ecdeef55dc
SHA-256: c5f21d0235f6e94bd44afbbf0a69ea76fc0bfdcc2485e4dd8eb5f5fb6ccbd02f
selinux-policy-devel-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 791615dbf0f62fc55a90e8aaeefc5373
SHA-256: c99a49ac53292ed54e4388541fef11bd2902e1c0c36f269c3930dec571e3bcfe
selinux-policy-minimum-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 6a9b66551ffd50fe4d5b69b47683c44a
SHA-256: 9e557f0e6323382d8dfb0a6be0a8802aa7929bef7b45b0b6eafb249d89fbc900
selinux-policy-mls-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 62cd2795f4ff53d8cf8d60e70b9c2aa3
SHA-256: e9ee16801a3d0aa926a42b71abd232f2fb89dd3ced868627d92e445cf5112a98
selinux-policy-strict-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 55445241361442dae27fab86085d9ae1
SHA-256: 14db1ecb6b000024c99a5a401fd9d07cf53df02ed6d0a7e92d0b4ab8e8a946df
selinux-policy-targeted-2.4.6-338.el5.noarch.rpm
File outdated by:  RHBA-2013:1312
    MD5: 5a3ac7f9a5a5c74c5ee677c908f58176
SHA-256: 3f1fe373c719c594c78126eeee7c3e4c76c88e596e32b4bce8f0e5a6c8508f86
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

480129 - Error at calling service amavisd restart when SELinux is in enforce mode
682856 - When using postsuper to requeue a message, wrong selinux context is applied to /var/spool/postfix/maildrop/$ID
714184 - boolean allow_postfix_local_write_mail_spool has no effect on postfix local mail delivery
738995 - cyrus-imapd downgrade selinux test fail
750588 - Need virt_selinux man page
751385 - SELinux error (setattr) for VM/KVM universe jobs (RHEL5 only)
772205 - RFE: support for proftpd mod_ban
784197 - targeted: cannot stop tog-pegasus service
785076 - SELinux is preventing krb5_child (sssd_t) "write" to ./coolkey (auth_cache_t)
807686 - [RFE] ssh_to_job for VM/Java/Sched/Local universe
810239 - selinux-policy does not always have a correct label for files in /var/log/ which were processed by logrotate before
828122 - SELinux problem telnetd + /sbin/unix_chkpwd
833843 - freeadius2 cannot connect to postgresql due to AVC denial
838511 - service clamd.amavisd cannot access /var/run/amavisd directory
839608 - Extra policy rule required for hplip3 fax support
841178 - SELinux postfix_qmgr_t disabled access to postfix_spool_maildrop_t
842053 - SELinux is preventing semanage (semanage_t) "getattr" to / (fs_t).
843443 - SELinux prevents snmpd (snmpd_t) from writing to /var/run/clumond.sock (ricci_modcluster_var_run_t)
843841 - backport policy for rsyslog v5
848693 - /usr/libexec/sesh is not labelled correctly
848727 - service netplugd restart produces AVCs
849071 - hp3-sendfax caused denial, dbus + hplip
851064 - ptrace AVC denial for freeradius2
851187 - rgmanager's clusvcadm triggers SElinux AVCs avc: denied { read / write } for pid=4598 comm="restorecon" path="pipe:[13296]" dev=pipefs ino=13296 scontext=root:system_r:restorecon_t:s0 tcontext=root:system_r:rgmanager_t:s0 tclass=fifo_file
851658 - SSO: ocsp request from KDC fails in selinux enforce mode, access needs to be allowed by the selinux policy.
852988 - Unexpected AVC because of SELinux denied access by procmail
854194 - SELinux prevents /usr/sbin/snmptrapd (snmpd_t) from connectto operation on /var/agentx/master socket
855324 - AVC denials for openswan when it is started and stopped quickly on freshly booted system
859338 - pulse fails to start IPVS sync daemon
863155 - SELinux prevents swat/net/winbindd from writing to /var/nmbd/unexpected socket


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/