このコンテンツは選択した言語では利用できません。

8.120. libselinux


Updated libselinux packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The libselinux packages contain the core library of an SELinux system. The libselinux library provides an API for SELinux applications to get and set process and file security contexts, and to obtain security policy decisions. It is required for any applications that use the SELinux API, and used by all applications that are SELinux-aware.

Bug Fixes

BZ#753675
When attempting to run the virt-manager utility over SSH X11 forwarding, SELinux prevented the D-Bus system from performing actions even if SELinux was in permissive mode. As a consequence, such attempts failed and an AVC denial message was logged. With this update, a patch has been provided to fix this bug, and SELinux in permissive mode no longer blocks D-Bus in the described scenario.
BZ#1011109
Prior to this update, the selinux(8) manual page contained outdated information. This manual page has been updated, and SELinux is now documented correctly.
BZ#1025507
The Name Server Caching Daemon (nscd) uses SELinux permissions to check if a connecting user is allowed to query the cache. However, two permissions, NSCD__GETNETGRP and NSCD__SHMEMNETGRP, were missing from the SELinux list of permissions. Consequently, the netgroup caching worked only when SELinux was running in permissive mode. The missing permissions have been added to the list, and the netgroup caching now works as expected.
BZ#1091857
Previously, the matchpathcon utility did not handle non-existent files or directories properly; the "matchpathcon -V" command verified the files of directories instead of specifying that they did not exist. The underlying source code has been modified to fix this bug, and matchpathcon now correctly recognizes non-existent files or directories. As a result, an error message is returned when a file or directory do not exist.
BZ#1096816
It was not possible to add a new user inside a Docker container because SELinux in enforcing or permissive mode incorrectly blocked an attempt to modify the /etc/passwd file. With this update, when the /selinux/ or /sys/fs/selinux/ directories are mounted as read-only, the libselinux library acts as if SELinux is disabled. This behavior stops SELinux-aware applications from attempting to perform SELinux actions inside a container, and /etc/passwd can now be modified as expected.
Users of libselinux are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.