LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

June 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL June 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Low: selinux-policy bug fix update on SL6.x i386/x86_64
From:	Stephan Wiesand <[log in to unmask]>
Reply To:	Stephan Wiesand <[log in to unmask]>
Date:	Fri, 28 Jun 2013 21:21:53 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (52 lines)

Dear SL Developers,

I really disagree with these SELinux updates being dumped on each and every SL system. This one is not an SL security update. It's a bugfix for those using OpenStack or OpenvSwitch. One part of that is not even included at all in SL, the other one is a technology preview. 99.999% of all SL systems have no need for this at all.

Why not just dump each and every update from fastbugs to the SL security errata? 

Sorry for the rant,
	Stephan

On Jun 27, 2013, at 23:21 , Bonnie King wrote:

> Synopsis: Low: selinux-policy bug fix update
> Issue date: 2013-06-27
> 
> This update fixes the following bug:
> 
> * Previously, SELinux returned AVC denial messages during attempts to attach an LVM volume to a Red Hat OpenStack 3 instance. The relevant
> SELinux policy rules have been modified to add an additional MCS attribute for hald_t SELinux domain, and AVC denial messages are no longer returned when attaching LVM volume to a Red Hat OpenStack 3 instance.
> 
> * When using Quantum 2013.1.2 with netns support, several SELinux denials were produced. This update allows qemu to manage nova lib files, hald to read svirt images, and AVC denials no longer occur in the described scenario.
> 
> * Previously, the logrotate daemon rotated logs and tried to update the
> process ID (PID) in the "/var/run/openvswitch/ovs-vswitchd.pid"
> configuration, which caused AVC denials. Usually, the logrotate script
> sends a SIGHUP to a daemon to order it to reopen log files after they were rotated. This update revises the openvswitch policy, and AVC denials no longer occur in the described scenario.
> 
> This update has been placed in the security tree to avoid selinux bugs.
> 
> SL6.x
> 
> SRPMS:
> 
> selinux-policy-3.7.19-195.el6_4.12.src.rpm
> 
> i386:
> 
> selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
> 
> x86_64:
> 
> selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
> selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
> 
> - Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV