SCIENTIFIC-LINUX-ERRATA Archives

December 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Low: selinux-policy enhancement update on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 18 Dec 2012 09:05:55 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (43 lines) 
Synopsis: Low: selinux-policy enhancement update
Issue date: 2012-12-18

This update adds the following bugfixes:

* Due to a bug in the SELinux policy, it was not possible to run a cron 
job with
a valid MLS (Multi Level Security) context for the sysadm_u SELinux 
user. This
update fixes relevant SELinux policy rules and cron now works as 
expected in the
described scenario.

* Previously, SELinux prevented "rhevm-guest-agent-gdm-plugin" to 
connect to the
SO_PASSCRED UNIX domain socket. Consequently, Single Sign-On (SSO) did 
not work
because the access to the credential socket was blocked. This update 
fixes the
relevant policy and SSO now works as expected in the described scenario.

This update has been placed in the security tree to avoid selinux bugs.


SL6.x

SRPMS:
selinux-policy-3.7.19-155.el6_3.13.src.rpm

i386:
selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm

x86_64:
selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm

ATOM RSS1 RSS2