Fedora 12 Update: selinux-policy-3.6.32-66.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jan 8 20:14:44 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-0184
2010-01-05 22:29:38
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 12
Version : 3.6.32
Release : 66.fc12
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20090730
--------------------------------------------------------------------------------
Update Information:
* Mon Jan 4 2010 Dan Walsh <dwalsh at redhat.com> 3.6.32-66 - Allow lircd to use
tcp_socket and connect/bind to port 8675 * Wed Dec 30 2009 Dan Walsh
<dwalsh at redhat.com> 3.6.32-65 - Allow traceroute to use all terms - Fix mgetty
use for faxes - Dontaudit xdm listing fusefs - Allow xguest to resolve host
names - Allow abrt to read noxattr filesystems (cdrom) - Allow abrt_helper to
send itself signals - Allow amavis to read certs - Allow apache to bind to
port 3000 (Ruby on rails) - Asterist uses mysql and snmp - Allow consolekit to
write wtmp file for shutdown - Allow cups ipc_lock - Allow hal to transition
to ppp - Fix mailman labels for 64 bit systems - dontaudit system_mail access
to leaked terminals - Allow mysqld_safe_t to unlink mysqld pid files - nrpe_t
uses getpw calls - Allow NetworkManager to delete ppp pid files - Allow pptp_t
to sens userdomain signals - Allow prelude to connect to mysql - Allow swat to
start winbind server - Fixes for snort - Allow telnetd to setattr user
terminals - Allow qemu to read fusefs - Allow domains that have telinit to
connectto upstart unix_stream_socket - Dontaudit ipsec_mgmt sys_tty_config -
Fix labels for postgrestgres test suite - Other textrel_shlib_t fixes * Wed
Dec 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-64 - Update to Rawhide
filesystem.if file - Allow abrt to read nfs - Allow cups to search fusefs -
Allow dovecot_auth to search var_log - Fix label on ksmtuned.pid - Dontaudit
policykit looking at mount points - Allow xdm to manage /var/cache/fontconfig
- Allow xenstored to search xenfs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2010 Dan Walsh <dwalsh at redhat.com> 3.6.32-66
- Allow lircd to use tcp_socket and connect/bind to port 8675
* Wed Dec 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-65
- Allow traceroute to use all terms
- Fix mgetty use for faxes
- Dontaudit xdm listing fusefs
- Allow xguest to resolve host names
- Allow abrt to read noxattr filesystems (cdrom)
- Allow abrt_helper to send itself signals
- Allow amavis to read certs
- Allow apache to bind to port 3000 (Ruby on rails)
- Asterist uses mysql and snmp
- Allow consolekit to write wtmp file for shutdown
- Allow cups ipc_lock
- Allow hal to transition to ppp
- Fix mailman labels for 64 bit systems
- dontaudit system_mail access to leaked terminals
- Allow mysqld_safe_t to unlink mysqld pid files
- nrpe_t uses getpw calls
- Allow NetworkManager to delete ppp pid files
- Allow pptp_t to sens userdomain signals
- Allow prelude to connect to mysql
- Allow swat to start winbind server
- Fixes for snort
- Allow telnetd to setattr user terminals
- Allow qemu to read fusefs
- Allow domains that have telinit to connectto upstart unix_stream_socket
- Dontaudit ipsec_mgmt sys_tty_config
- Fix labels for postgrestgres test suite
- Other textrel_shlib_t fixes
* Wed Dec 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-64
- Update to Rawhide filesystem.if file
- Allow abrt to read nfs
- Allow cups to search fusefs
- Allow dovecot_auth to search var_log
- Fix label on ksmtuned.pid
- Dontaudit policykit looking at mount points
- Allow xdm to manage /var/cache/fontconfig
- Allow xenstored to search xenfs
* Tue Dec 22 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-63
- Allow sendmail setpgid
- Allow dovecot to read nfs homedirs
* Mon Dec 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-62
- Add label for /var/ekpd
- Allow portreserve to look at bin files
- Allow gssd to ask the kernel to load modules
- If you can run mount you can run fusermount
* Mon Dec 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-61
- Fixes for sandbox_x_server
- Fix ntop policy
- Sandbox fixes
* Fri Dec 18 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-60
- Fixs for cluster policy
- mysql_safe fixes
- Fixes for sssd
- Cgroup access for virtd
- Dontaudit fail2ban leaks
* Tue Dec 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-59
- Dontaudit udp_socket leaks for xauth_t
- Dontaudit rules for iceauth_t
- Let locate read symlinks on noxattr file systems
- Remove wine from unconfined domain if unconfined pp removed
- Add labels for vhostmd
- Add port 546 as a dhcpc port
- Add labeled for /dev/dahdi
- Add certmonger policy
- Allow sysadm to communicate with racoon and zebra
- Allow dbus service dbus_chat with unconfined_t
- Fixes for xguest
- Add dontaudits for abrt
- file contexts for mythtv
- Lots of fixes for asterisk
- Fix file context for certmaster
- Add log dir for dovecot
- Policy for ksmtuned
- File labeling and fixes for mysql and mysql_safe
- New plugin infrstructure for nagios
- Allow nut_upsd_t dac_override
- File context fixes for nx
- Allow oddjob_mkhomedir to create homedir
- Add pcscd_pub interfaces to be used by xdm
- Add stream connect from fenced to corosync
- Fixes for swat
- Allow fsdaemon to manage scsi devices
- Policy for tgtd
- Policy for vhostmd
- Allow ipsec to create tmp files
- Change label on fusermount
* Thu Dec 10 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-58
- Dontaudit udp_socket leaks for xauth_t
* Wed Dec 9 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-57
- Allow unconfined_t to send dbus messages to setroubleshoot
- Allow confined screen app to setattr on user ttys
- remove wine_t from unconfined domain when unconfined.pp disabled
- Allow sysadm_t to communicate with racoon
- Allow xauth to be run from all unconfined user types
- Fix labeling on all /var/cache/mod_* apps
- Allow asterisk to communicate with postgresql
- Fix labeling for /var/lib/certmaster
- Add policy for ksmtuned and tgtd
- Fixes fro vhostmd
* Mon Dec 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-56
- Dontaudit exec of fusermount from xguest
- Allow licrd to use mouse_device
- Allow sysadm_t to connect to zebra stream socket
- Dontaudit policykit_auth trying to config terminal
- Allow logrotate and asterisk to execute asterisk
- Allow logrotate to read var_lib files (zope) and connect to fail2ban stream
- Allow firewallgui to communicate with unconfined_t
- Allow podsleuth to ask the kernel to load modules
- Fix labeling on vhostmd scripts
- Remove transition from unconfined_t to windbind_helper_t
- Allow abrt_helper to look at inotify
- Fix labels for mythtv
- Allow apache to signal sendmail
- allow asterisk to send mail
- Allow rpcd to get and setcap
- Add tor_bind_all_unreserved_ports boolean
- Add policy for vhostmd
- MOre textrel_shlib_t files
- Add rw_herited_term_perms
* Thu Dec 3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-55
- Add fprintd_chat(unconfined_t) to fix su timeout problem
- Make xguest follow allow_execstack boolean
- Dontaudit dbus looking at nfs
* Thu Dec 3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-54
- Require selinux-policy from selinux-policy-TYPE
- Add labeling to /usr/lib/win32 textrel_shlib_t
- dontaudit all leaks for abrt_helper
- Fix labeling for mythtv
- Dontaudit setroubleshoot_fix leaks
- Allow xauth_t to read usr_t
- Allow iptables to use fifo files
- Fix labeling on /var/lib/wifiroamd
* Tue Dec 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-53
- Remove transition from dhcpc_t to consoletype_t, just allow exec
- Fixes for prelink cron job
- Fix label on yumex backend
- Allow unconfined_java_t to communicate with iptables
- Allow abrt to read /tmp files
- Fix nut/ups policy
* Tue Dec 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-52
- Major fixup of ntop policy
- Fix label on /usr/lib/xorg/modules/extensions/libglx.so.195.22
- Allow xdm to signal session bus
- Allow modemmanager to use generic ptys, and sys_tty_config capability
- Allow abrt_helper chown access, dontaudit leaks
- Allow logwatch to list cifs and nfs file systems
- Allow kismet to read network state
- Allow cupsd_config_t to connecto unconfined unix_stream
- Fix avahi labeling and allow avahi to manage /etc/resolv.conf
- Allow sshd to read usr_t files
- Allow login programs to manage pcscd_var_run_t files
- Allow tor to read usr_t files
* Wed Nov 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-51
- Mark google shared libraries as requiring textrel_shlib
- Allow svirt to bind/connect to network ports
- Add label for .libvirt directory.
* Tue Nov 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-50
- Allow modemmanager sys_admin
* Mon Nov 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-49
- Allow sssd to read all processes domain
* Mon Nov 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-48
- Abrt connect to any port
- Dontaudit chrome-sandbox trying to getattr on all processes
- Allow passwd to execute gnome-keyring
- Allow chrome_sandbox_t to read home content inherited from the parent
- Fix eclipse labeling
- Allow mozilla to connect to flash port
- Allow pulseaudio to connect to unix_streams
- Allow sambagui to read secrets file
- Allow mount to mount unlabeled files
- ALlow abrt to use ypbind, send kill signals
- Allow arpwatch to create socket class
- Allow asterisk to read urand
- Allow corosync to communicate with user tmpfs
- Allow devicedisk to read virt images block devices
- Allow gpsd to sys_tty_config
- Fix nagios interfaces
- Policy for nagios plugins
- Fixes for nx
- Allow rtkit_daemon to read locale file
- Allow snort to create socket
- Additional perms for xauth
- lots of textrel_lib_t file context
* Tue Nov 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-47
- Make mozilla call in execmem.if optional to fix build of minimum install
- Allow uucpd to execute shells and send mail
- Fix label on libtfmessbsp.so
* Mon Nov 16 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-46
- abrt needs more access to rpm pid files
- Abrt wants to execute its own tmp files
- abrt needs to write sysfs
- abrt needs to search all file system dirs
- logrotate and tmpreaper need to be able to manage abrt cache
- rtkit_daemon needs to be able to setsched on lots of user apps
- networkmanager creates dirs in /var/lib
- plymouth executes lvm tools
* Fri Nov 13 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-45
- Allow mount on dos file systems
- fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses
* Thu Nov 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-44
- Add lighttpd file context to apache.fc
- Allow tmpreaper to read /var/cache/yum
- Allow kdump_t sys_rawio
- Add execmem_exec_t context for /usr/bin/aticonfig
- Allow dovecot-deliver to signull dovecot
- Add textrel_shlib_t to /usr/lib/libADM5avcodec.so
* Tue Nov 10 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-43
- Fix transition so unconfined_exemem_t creates user_tmp_t
- Allow chrome_sandbox_t to write to user_tmp_t when printing
- Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files
- Allow execmem_t to execmod files in mozilla_home_t
- Allow firewallgui to communicate with nscd
* Mon Nov 9 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-42
- Allow kdump to read the kernel core interface
- Dontaudit abrt read all files in home dir
- Allow kismet client to write to .kismet dir in homedir
- Turn on asterisk policy and allow logrotate to communicate with it
- Allow abrt to manage rpm cache files
- Rules to allow sysadm_t to install a kernel
- Allow local_login to read console_device_t to Z series logins
- Allow automount and devicekit_disk to search all filesystem dirs
- Allow corosync to setrlimit
- Allow hal to read modules.dep
- Fix xdm using pcscd
- Dontaudit gssd trying to write user_tmp_t, kerberos libary problem.
- Eliminate transition from unconifned_t to loadkeys_t
- Dontaudit several leaks to xauth_t
- Allow xdm_t to search for man pages
- Allow xdm_dbus to append to xdm log
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #539462 - SELinux is preventing /usr/sbin/cupsd "search" access on Setup.
https://bugzilla.redhat.com/show_bug.cgi?id=539462
[ 2 ] Bug #540850 - SELinux is preventing /usr/libexec/polkit-1/polkitd "search" access on /usr/share.
https://bugzilla.redhat.com/show_bug.cgi?id=540850
[ 3 ] Bug #541624 - SELinux is preventing /usr/sbin/xenstored "search" access on /proc/xen.
https://bugzilla.redhat.com/show_bug.cgi?id=541624
[ 4 ] Bug #542583 - SELinux is preventing /bin/mount access to a leaked file file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=542583
[ 5 ] Bug #544695 - SELinux is preventing /usr/libexec/kde4/kdm_greet "rename" access on 3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2.NEW.
https://bugzilla.redhat.com/show_bug.cgi?id=544695
[ 6 ] Bug #545180 - SELinux is preventing /usr/bin/python "dac_override" access.
https://bugzilla.redhat.com/show_bug.cgi?id=545180
[ 7 ] Bug #545463 - SELinux is preventing /usr/sbin/snort-plain "module_request" access.
https://bugzilla.redhat.com/show_bug.cgi?id=545463
[ 8 ] Bug #546027 - SELinux is preventing /usr/local/games/darwinia/lib/darwinia.bin.x86 from loading /usr/local/games/darwinia/lib/libSDL-1.2.so.0 which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=546027
[ 9 ] Bug #546691 - SELinux is preventing /usr/sbin/avahi-autoipd "net_raw" access.
https://bugzilla.redhat.com/show_bug.cgi?id=546691
[ 10 ] Bug #547826 - SELinux is preventing /usr/libexec/dovecot/deliver "search" access on /var/log.
https://bugzilla.redhat.com/show_bug.cgi?id=547826
[ 11 ] Bug #547965 - SELinux is preventing /usr/bin/ruby "name_bind" access.
https://bugzilla.redhat.com/show_bug.cgi?id=547965
[ 12 ] Bug #547979 - SELinux is preventing /bin/bash "read" access on meminfo.
https://bugzilla.redhat.com/show_bug.cgi?id=547979
[ 13 ] Bug #548051 - SELinux is preventing /bin/bash access to a leaked unix_stream_socket file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=548051
[ 14 ] Bug #548052 - SELinux is preventing /usr/bin/Xephyr "execmem" access.
https://bugzilla.redhat.com/show_bug.cgi?id=548052
[ 15 ] Bug #548053 - SELinux is preventing /usr/bin/Xephyr "execute" access on /dev/zero.
https://bugzilla.redhat.com/show_bug.cgi?id=548053
[ 16 ] Bug #548054 - SELinux is preventing /bin/ps "search" access.
https://bugzilla.redhat.com/show_bug.cgi?id=548054
[ 17 ] Bug #548102 - SELinux is preventing /bin/kill "kill" access.
https://bugzilla.redhat.com/show_bug.cgi?id=548102
[ 18 ] Bug #548107 - SELinux is preventing /bin/sed "create" access on sed0qskIr.
https://bugzilla.redhat.com/show_bug.cgi?id=548107
[ 19 ] Bug #548206 - SELinux is preventing /usr/sbin/bluetoothd "search" access on hid.
https://bugzilla.redhat.com/show_bug.cgi?id=548206
[ 20 ] Bug #548361 - SELinux is preventing /usr/bin/python "search" access on 1187.
https://bugzilla.redhat.com/show_bug.cgi?id=548361
[ 21 ] Bug #548394 - SELinux is preventing /usr/bin/mplayer from loading /usr/lib/nmm/liba52.so.0.0.0 which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=548394
[ 22 ] Bug #548567 - SELinux is preventing /usr/libexec/hal-storage-mount "create" access on .hal-mtab-lock.
https://bugzilla.redhat.com/show_bug.cgi?id=548567
[ 23 ] Bug #548618 - SELinux is preventing the ftp daemon from writing files outside the home directory (untitled folder).
https://bugzilla.redhat.com/show_bug.cgi?id=548618
[ 24 ] Bug #548644 - SELinux is preventing /usr/lib/cyrus-imapd/cyrus-master from binding to port 4190.
https://bugzilla.redhat.com/show_bug.cgi?id=548644
[ 25 ] Bug #548647 - SELinux is preventing /usr/lib/cyrus-imapd/cyrus-master "write" access on mibs.
https://bugzilla.redhat.com/show_bug.cgi?id=548647
[ 26 ] Bug #548677 - SELinux is preventing /usr/bin/abrt-pyhook-helper "read" access on /proc/<pid>/mountinfo.
https://bugzilla.redhat.com/show_bug.cgi?id=548677
[ 27 ] Bug #548717 - SELinux is preventing /usr/local/mpeg123/bin/mpg123 from loading /usr/local/mpeg123/lib/libmpg123.so.0.22.1 which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=548717
[ 28 ] Bug #548755 - SELinux is preventing /usr/lib/chromium-browser/chromium-browser "write" access on /home/*/.config/chromium/Default/databases/chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0/1.
https://bugzilla.redhat.com/show_bug.cgi?id=548755
[ 29 ] Bug #548794 - SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=548794
[ 30 ] Bug #548901 - SELinux is preventing /bin/bash "sys_tty_config" access.
https://bugzilla.redhat.com/show_bug.cgi?id=548901
[ 31 ] Bug #548972 - SELinux is preventing /bin/sed "execute" access on /bin/sed.
https://bugzilla.redhat.com/show_bug.cgi?id=548972
[ 32 ] Bug #549063 - SELinux is preventing /usr/bin/freshclam "connectto" access on /var/run/clamav/clamd.socket.
https://bugzilla.redhat.com/show_bug.cgi?id=549063
[ 33 ] Bug #549278 - SELinux is preventing /usr/bin/perl "create" access on munin-master-processmanager-3116.sock.
https://bugzilla.redhat.com/show_bug.cgi?id=549278
[ 34 ] Bug #549505 - SELinux is preventing /usr/kerberos/sbin/kpropd "unlink" access on host_0.
https://bugzilla.redhat.com/show_bug.cgi?id=549505
[ 35 ] Bug #549507 - SELinux is preventing /usr/sbin/rpc.gssd "read" access on krb5cc_501_AjUh0E.
https://bugzilla.redhat.com/show_bug.cgi?id=549507
[ 36 ] Bug #549529 - SELinux is preventing /usr/libexec/kde4/kdm_greet "rename" access on 3830d5c3ddfd5cd38a049b759396e72e-x86-64.cache-2.NEW.
https://bugzilla.redhat.com/show_bug.cgi?id=549529
[ 37 ] Bug #549561 - SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=549561
[ 38 ] Bug #549568 - SELinux is preventing /sbin/portreserve "getattr" access on /opt/eset/esets/sbin/esets_daemon.
https://bugzilla.redhat.com/show_bug.cgi?id=549568
[ 39 ] Bug #549612 - SELinux is preventing /usr/bin/gok "getattr" access on /var/squidGuard.
https://bugzilla.redhat.com/show_bug.cgi?id=549612
[ 40 ] Bug #549618 - SELinux is preventing /usr/bin/iceauth access to a leaked unix_stream_socket file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=549618
[ 41 ] Bug #549625 - SELinux is preventing /usr/bin/python "read" access on /var/lib/mock/local/repodata/filelists.sqlite.bz2.
https://bugzilla.redhat.com/show_bug.cgi?id=549625
[ 42 ] Bug #549675 - SELinux is preventing /usr/lib/chromium-browser/chromium-browser from loading /usr/lib/chromium-browser/libmedia.so which requires text relocation
https://bugzilla.redhat.com/show_bug.cgi?id=549675
[ 43 ] Bug #549708 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "execstack" access.
https://bugzilla.redhat.com/show_bug.cgi?id=549708
[ 44 ] Bug #549731 - SELinux is preventing /usr/lib/cups/backend/ekplp "write" access on /var/ekpd/ekplp0.
https://bugzilla.redhat.com/show_bug.cgi?id=549731
[ 45 ] Bug #549770 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser "execstack" access.
https://bugzilla.redhat.com/show_bug.cgi?id=549770
[ 46 ] Bug #549819 - SELinux is preventing /usr/libexec/nmh/slocal "setpgid" access.
https://bugzilla.redhat.com/show_bug.cgi?id=549819
[ 47 ] Bug #549937 - SELinux prevented yum from reading files stored on a NFS filesytem.
https://bugzilla.redhat.com/show_bug.cgi?id=549937
[ 48 ] Bug #549973 - SELinux is preventing /usr/sbin/httpd from loading /usr/local/zend/lib/apache2/libphp5.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=549973
[ 49 ] Bug #549999 - SELinux is preventing /usr/bin/python from loading /usr/lib/python2.6/site-packages/pymedia/muxer.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=549999
[ 50 ] Bug #550204 - SELinux is preventing /usr/sbin/pppd "read write" access on ppp.
https://bugzilla.redhat.com/show_bug.cgi?id=550204
[ 51 ] Bug #550252 - SELinux is preventing /usr/bin/ocp-0.1.15 from loading /usr/lib/ocp-0.1.15/mixclip.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=550252
[ 52 ] Bug #550261 - SELinux is preventing /usr/sbin/ssmtp "write" access on /dev/pts/0.
https://bugzilla.redhat.com/show_bug.cgi?id=550261
[ 53 ] Bug #550304 - SELinux is preventing /usr/lib64/firefox-3.5.6/firefox "read" access on /etc/hosts.
https://bugzilla.redhat.com/show_bug.cgi?id=550304
[ 54 ] Bug #550436 - SELinux is preventing /usr/sbin/smbd "connectto" access on /var/run/winbindd/pipe.
https://bugzilla.redhat.com/show_bug.cgi?id=550436
[ 55 ] Bug #550474 - SELinux is preventing /usr/bin/nmap access to a leaked /dev/console file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=550474
[ 56 ] Bug #550508 - SELinux is preventing /bin/rm "unlink" access on /var/run/mysqld/mysqld.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=550508
[ 57 ] Bug #550562 - SELinux is preventing /usr/lib/octagaplayer/octagaplayer-bin from loading /usr/lib/octagaplayer/libapplication.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=550562
[ 58 ] Bug #550589 - SELinux is preventing /usr/local/google-earth/googleearth-bin from loading /usr/local/google-earth/libminizip.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=550589
[ 59 ] Bug #550608 - SELinux is preventing /usr/bin/qemu-system-x86_64 "read" access on Fedora-12-x86_64-DVD.iso.
https://bugzilla.redhat.com/show_bug.cgi?id=550608
[ 60 ] Bug #550766 - SELinux is preventing /usr/bin/python "read" access on repomd.xml.
https://bugzilla.redhat.com/show_bug.cgi?id=550766
[ 61 ] Bug #550837 - SELinux is preventing /usr/libexec/gnome-settings-daemon "read" access on 36 Fire Letters.
https://bugzilla.redhat.com/show_bug.cgi?id=550837
[ 62 ] Bug #550874 - SELinux is preventing /opt/AutoScan/bin/autoscan-network from loading /opt/AutoScan/usr/lib/libvte.so.9.2.4 which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=550874
[ 63 ] Bug #550918 - SELinux is preventing winbindd "read" access on /var/run/winbindd.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=550918
[ 64 ] Bug #551069 - SELinux is preventing /usr/sbin/in.telnetd "setattr" access on 0.
https://bugzilla.redhat.com/show_bug.cgi?id=551069
[ 65 ] Bug #551092 - SELinux is preventing /bin/bash "sys_tty_config" access.
https://bugzilla.redhat.com/show_bug.cgi?id=551092
[ 66 ] Bug #551181 - SELinux is preventing /usr/sbin/asterisk "search" access on /var/lib/mysql.
https://bugzilla.redhat.com/show_bug.cgi?id=551181
[ 67 ] Bug #551196 - SELinux is preventing /usr/sbin/pptp "signal" access.
https://bugzilla.redhat.com/show_bug.cgi?id=551196
[ 68 ] Bug #551280 - SELinux is preventing /usr/sbin/NetworkManager "unlink" access on resolv.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=551280
[ 69 ] Bug #551286 - SELinux policy for mgetty is missing, getty_t is not the right class...
https://bugzilla.redhat.com/show_bug.cgi?id=551286
[ 70 ] Bug #551313 - SELinux is preventing /usr/bin/abrt-pyhook-helper "signal" access.
https://bugzilla.redhat.com/show_bug.cgi?id=551313
[ 71 ] Bug #551514 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from loading /usr/lib/firefox/plugins/libractrl.so which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=551514
[ 72 ] Bug #551676 - SELinux is preventing /sbin/ip access to a leaked fifo_file file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=551676
[ 73 ] Bug #551682 - SELinux is preventing /usr/sbin/lircd "bind" access.
https://bugzilla.redhat.com/show_bug.cgi?id=551682
[ 74 ] Bug #551889 - SELinux is preventing ps "sys_ptrace" access.
https://bugzilla.redhat.com/show_bug.cgi?id=551889
[ 75 ] Bug #552006 - SELinux is preventing /usr/sbin/swat "dac_override" access.
https://bugzilla.redhat.com/show_bug.cgi?id=552006
[ 76 ] Bug #552012 - SELinux is preventing /bin/cat "read" access on /var/run/syslogd.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=552012
[ 77 ] Bug #552017 - SELinux is preventing /usr/sbin/snort-plain "module_request" access.
https://bugzilla.redhat.com/show_bug.cgi?id=552017
[ 78 ] Bug #552028 - SELinux is preventing /usr/lib/cups/backend/pipslitelp "write" access on /var/run/pipslitelp0.
https://bugzilla.redhat.com/show_bug.cgi?id=552028
[ 79 ] Bug #552227 - selinux breaks pam_mounts fsck ability
https://bugzilla.redhat.com/show_bug.cgi?id=552227
[ 80 ] Bug #552272 - SELinux is preventing /usr/bin/nautilus-sendto from loading /usr/lib/libGLcore.so.190.42 which requires text relocation.
https://bugzilla.redhat.com/show_bug.cgi?id=552272
[ 81 ] Bug #552336 - SELinux is preventing /bin/mailx "getattr" access on /var/run/packagekit-cron.t8cDjo.
https://bugzilla.redhat.com/show_bug.cgi?id=552336
[ 82 ] Bug #552358 - SELinux is preventing /usr/sbin/asterisk "read" access on 002.
https://bugzilla.redhat.com/show_bug.cgi?id=552358
[ 83 ] Bug #552373 - SELinux is preventing /bin/mailx "ioctl" access on /var/run/packagekit-cron.gaSknB.
https://bugzilla.redhat.com/show_bug.cgi?id=552373
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list