7.187. policycoreutils

Bug Fixes

BZ#816460, BZ#885527

Previously, when the policycoreutils-gui utility was used to add an SELinux policy for a socket file, policycoreutils-gui failed with a traceback. This bug has been fixed, policycoreutils-gui now succeeds, and the SELinux policy is now added in this scenario.

BZ#824779

Due to a bug in the code, when the restorecon utility failed, it returned the success exit code. This bug has been fixed and restorecon now returns appropriate exit codes.

BZ#843727

When multiple type accesses from the same role occurred, the audit2allow utility produced policy files that could not be parsed by the checkmodule compiler. With this update, audit2allow produces correct policy files which can be compiled by checkmodule.

BZ#876971

The restorecond init script allows to use the "reload" operation. Previously, the usage message produced by restorecond did not mention the operation. The operation has been added to the usage message, which is now complete.

BZ#882862

Prior to this update, the audit2allow utility produced a confusing output when one of the several processed AVCs could be allowed by a boolean, as it was not clear which AVC the message was related to. The layout of the output has been corrected and the audit2allow output no longer causes confusion.

BZ#893065

Due to a regression, the vdsm package failed to be installed on Red Hat Enterprise Linux 6.4 if SELinux was disabled. A patch which enables the vdsm installation has been provided.

Enhancements

BZ#834160

A new function to the semanage utility has been implemented. Now, the user is able to notice that a specified file context semanage command is wrong and an appropriate error message is returned.

BZ#851479

With this update, the restorecon utility now returns a warning message for paths for which a default SELinux security context is not defined in the policy.