3.82. selinux-policy


Updated selinux-policy packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The selinux-policy packages contain the rules that govern how confined processes run on the system.

Bug Fixes

BZ#959217
Due to missing rules in the SELinux policy, the sssd_t domain could not connect to port 464. With this update, the appropriate rules have been added to the policy and sssd_t now connects to that port as expected.
BZ#984453
Previously, SELinux prevented the fence_xvm agent from fencing nodes even if the fenced_can_network_connect Boolean was enabled. The SELinux policy has been modified to fix this bug and SELinux no longer blocks fence_xvm in the described scenario.
BZ#997710
Due to missing rules in the SELinux policy, SELinux did not allow the dovecot_deliver_t process to send the SIGNULL signal. With this update, the SELinux rules have been modified accordingly and SELinux no longer prevents dovecot_deliver_t from sending SIGNULL.
BZ#1005589
Previously, SELinux prevented the iptables_t process from using the inotify utility to monitor file system activity. This update adds appropriate SELinux rules and iptables_t can use inotify as expected.
BZ#1008472
When SELinux was in enforcing mode, the glibc library was unable to update the /etc/localtime file. The SELinux policy has been modified to fix this bug and glibc can now update the file as expected.
BZ#1053050
Due to missing SELinux rules, the automount utility could not read symbolic links, which caused the AVC denial messages to return. With this update, the SELinux policy has been modified and SELinux no longer prevents automount from reading symbolic links.
BZ#1078357
Previously, the restorecon command failed to restore the SELinux context on a file located in a symbolically linked directory. The underlying source code has been modified to fix this bug and restorecon now works correctly in the described scenario.
BZ#1083491
Previously, the smbd daemon service was unable to connect to the nmbd service using a Unix stream socket, which caused AVC messages to be logged in the /var/log/audit/audit.log file. To fix this bug, a set of new rules has been added to the SELinux policy to allow smbd to connect to nmbd.
BZ#1089006
An attempt to start a clustered service with the postgres-8 resource script failed due to a bug in the SELinux policy. With this update, the policy has been modified and the service now starts as expected.
BZ#1096891
Due to missing rules in the SELinux policy, the radiusd daemon was unable to write to the /tmp/ directory. Consequently, when radiusd was integrated with the Kerberos network authentication system, an attempt to authenticate a user failed. This update applies a new SELinux policy module so that radiusd works correctly in the described scenario.
BZ#1098031
The zarafa-indexer package has been replaced with the zarafa-search package. Previously, the zarafa-search utility was not labeled with the same SELinux context as the zarafa-indexer utility. With this update, the appropriate SELinux policy rules have been modified and zarafa-search now runs in the zarafa_indexer_t domain as expected.
Users of selinux-policy are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.