このコンテンツは選択した言語では利用できません。

3.82. selinux-policy


Updated selinux-policy packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The selinux-policy packages contain the rules that govern how confined processes run on the system.

Bug Fixes

BZ#959217
Due to missing rules in the SELinux policy, the sssd_t domain could not connect to port 464. With this update, the appropriate rules have been added to the policy and sssd_t now connects to that port as expected.
BZ#984453
Previously, SELinux prevented the fence_xvm agent from fencing nodes even if the fenced_can_network_connect Boolean was enabled. The SELinux policy has been modified to fix this bug and SELinux no longer blocks fence_xvm in the described scenario.
BZ#997710
Due to missing rules in the SELinux policy, SELinux did not allow the dovecot_deliver_t process to send the SIGNULL signal. With this update, the SELinux rules have been modified accordingly and SELinux no longer prevents dovecot_deliver_t from sending SIGNULL.
BZ#1005589
Previously, SELinux prevented the iptables_t process from using the inotify utility to monitor file system activity. This update adds appropriate SELinux rules and iptables_t can use inotify as expected.
BZ#1008472
When SELinux was in enforcing mode, the glibc library was unable to update the /etc/localtime file. The SELinux policy has been modified to fix this bug and glibc can now update the file as expected.
BZ#1053050
Due to missing SELinux rules, the automount utility could not read symbolic links, which caused the AVC denial messages to return. With this update, the SELinux policy has been modified and SELinux no longer prevents automount from reading symbolic links.
BZ#1078357
Previously, the restorecon command failed to restore the SELinux context on a file located in a symbolically linked directory. The underlying source code has been modified to fix this bug and restorecon now works correctly in the described scenario.
BZ#1083491
Previously, the smbd daemon service was unable to connect to the nmbd service using a Unix stream socket, which caused AVC messages to be logged in the /var/log/audit/audit.log file. To fix this bug, a set of new rules has been added to the SELinux policy to allow smbd to connect to nmbd.
BZ#1089006
An attempt to start a clustered service with the postgres-8 resource script failed due to a bug in the SELinux policy. With this update, the policy has been modified and the service now starts as expected.
BZ#1096891
Due to missing rules in the SELinux policy, the radiusd daemon was unable to write to the /tmp/ directory. Consequently, when radiusd was integrated with the Kerberos network authentication system, an attempt to authenticate a user failed. This update applies a new SELinux policy module so that radiusd works correctly in the described scenario.
BZ#1098031
The zarafa-indexer package has been replaced with the zarafa-search package. Previously, the zarafa-search utility was not labeled with the same SELinux context as the zarafa-indexer utility. With this update, the appropriate SELinux policy rules have been modified and zarafa-search now runs in the zarafa_indexer_t domain as expected.
Users of selinux-policy are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.