8.156. policycoreutils

Bug Fixes

BZ#860506

Previously, several semanage command-line options did not work as expected. With this update, these options have been corrected and now work proprerly.

BZ#868218

With this update, the semanage man page has been updated to be consistent with information contained in the semanage help page.

BZ#886059

Due to a bug in the policycoreutils package, installation of the ipa-server-selinux package failed. This bug has been fixed and ipa-server-selinux can now be installed without complications.

BZ#913175

Prior to this update, the sandbox utility did not accept symbolic links specified in the /etc/sysconfig/sandbox file. Consequently, executing the "sandbox -M" command failed with a "No such file or directory" message. The underlying source code has been modified and symlinks can now be configured in /etc/sysconfig/sandbox without complications.

BZ#916727

Previously, the fixfiles script did not recognize a change in the regular expression describing the /sbin/ip6?tables-multi* files. Consequently, these files were labeled incorrectly after updating the system with the yum update command. With this update, fixfiles has been corrected to accept the change of regular expression.

BZ#918460

Prior to this update, after executing the "semanage boolean -m" command, a traceback was returned. This bug has been fixed and tracebacks are no longer displayed in the aforementioned scenario.

BZ#928320, BZ#947504

Previously, the semanage utility did not allow to set the "none" context on directories and files. Consequently, the following message was displayed when attempting to do so:

/usr/sbin/semanage: Type none is invalid, must be a file or device type

This bug has been fixed, and it is now possible to set the "none" context without complications.

BZ#967728

Prior to this update, the "-o" option of the audit2allow command overwrote the contents of the output file instead of just appending the new content. This bug has been fixed, and "audit2allow -o" now works as expected.

BZ#984484

After attempting to enable a SELinux boolean that did not exist, a brief error message was generated. This update modifies this message to be more informative.

BZ#998974

After attempting to permanently change a boolean that did not exist, an incorrect error message was generated. This message has been modified to provide correct information about the cause of the problem.

Enhancement

BZ#916734

This update adds a possibility to exclude selected files when running the restorecon utility, which can significantly reduce execution times.