3.82. selinux-policy

Bug Fixes

BZ#959217

Due to missing rules in the SELinux policy, the sssd_t domain could not connect to port 464. With this update, the appropriate rules have been added to the policy and sssd_t now connects to that port as expected.

BZ#984453

Previously, SELinux prevented the fence_xvm agent from fencing nodes even if the fenced_can_network_connect Boolean was enabled. The SELinux policy has been modified to fix this bug and SELinux no longer blocks fence_xvm in the described scenario.

BZ#997710

Due to missing rules in the SELinux policy, SELinux did not allow the dovecot_deliver_t process to send the SIGNULL signal. With this update, the SELinux rules have been modified accordingly and SELinux no longer prevents dovecot_deliver_t from sending SIGNULL.

BZ#1005589

Previously, SELinux prevented the iptables_t process from using the inotify utility to monitor file system activity. This update adds appropriate SELinux rules and iptables_t can use inotify as expected.

BZ#1008472

When SELinux was in enforcing mode, the glibc library was unable to update the /etc/localtime file. The SELinux policy has been modified to fix this bug and glibc can now update the file as expected.

BZ#1053050

Due to missing SELinux rules, the automount utility could not read symbolic links, which caused the AVC denial messages to return. With this update, the SELinux policy has been modified and SELinux no longer prevents automount from reading symbolic links.

BZ#1078357

Previously, the restorecon command failed to restore the SELinux context on a file located in a symbolically linked directory. The underlying source code has been modified to fix this bug and restorecon now works correctly in the described scenario.

BZ#1083491

Previously, the smbd daemon service was unable to connect to the nmbd service using a Unix stream socket, which caused AVC messages to be logged in the /var/log/audit/audit.log file. To fix this bug, a set of new rules has been added to the SELinux policy to allow smbd to connect to nmbd.

BZ#1089006

An attempt to start a clustered service with the postgres-8 resource script failed due to a bug in the SELinux policy. With this update, the policy has been modified and the service now starts as expected.

BZ#1096891

Due to missing rules in the SELinux policy, the radiusd daemon was unable to write to the /tmp/ directory. Consequently, when radiusd was integrated with the Kerberos network authentication system, an attempt to authenticate a user failed. This update applies a new SELinux policy module so that radiusd works correctly in the described scenario.

BZ#1098031

The zarafa-indexer package has been replaced with the zarafa-search package. Previously, the zarafa-search utility was not labeled with the same SELinux context as the zarafa-indexer utility. With this update, the appropriate SELinux policy rules have been modified and zarafa-search now runs in the zarafa_indexer_t domain as expected.