Site Navigation:
bugfix selinux-policy-3.12.1-28.fc19 critical path bugfix update
Status:stable
Release: Fedora 19
Update ID: FEDORA-2013-5045
Builds: selinux-policy-3.12.1-28.fc19 (logs)
Pushed: True
Date Submitted: 2013-04-06 11:07:22
Date Released: 2013-04-06 16:44:01
Date Modified: 2013-04-08 11:34:57
Submitter: dwalsh
Karma: 4
Stable karma: 3
Unstable karma: -3
Details
  • Try to label on controlC devices up to 30 correctly
  • Add mount_rw_pid_files() interface
  • Add additional mount/umount interfaces needed by mock
  • fsadm_t sends audit messages in reads kernel_ipc_info when doing livecd-iso-to-disk
  • Fix tabs
  • Allow initrc_domain to search rgmanager lib files
  • Add more fixes which make mock working together with confined users

  • Allow mock_t to manage rpm files

  • Allow mock_t to read rpm log files
  • Allow mock to setattr on tmpfs, devpts
  • Allow mount/umount filesystems

  • Add rpm_read_log() interface

  • yum-cron runs rpm from within it.
  • Allow tuned to transition to dmidecode
  • Allow firewalld to do net_admin
  • Allow mock to unmont tmpfs_t
  • Fix virt_sigkill() interface
  • Add additional fixes for mock. Mainly caused by mount running in mock_t
  • Allow mock to write sysfs_t and mount pid files
  • Add mailman_domain to mailman_template()
  • Allow openvswitch to execute shell
  • Allow qpidd to use kerberos
  • Allow mailman to use fusefs, needs back port to RHEL6
  • Allow apache and its scripts to use anon_inodefs
  • Add alias for git_user_content_t and git_sys_content_t so that RHEL6 will update to RHEL7
  • Realmd needs to connect to samba ports, needs back port to F18 also
  • Allow colord to read /run/initial-setup-
  • Allow sanlock-helper to send sigkill to virtd which is registred to sanlock
  • Add virt_kill() interface
  • Add rgmanager_search_lib() interface
  • Allow wdmd to getattr on all filesystems. Back ported from RHEL6
Bugs Fixed
852926 - SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the directory sssd.
852927 - SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the file gphoto2.monitor.
855076 - SELinux is preventing /usr/bin/clamscan from 'read' accesses on the file /etc/freshclam.conf.
865517 - checkpolicy says it's only needed to build policies, but it's a runtime dep
868653 - SELinux is preventing /usr/sbin/automount from 'read' accesses on the file overcommit_memory.
872729 - Applications randomly need access to /proc/sys/vm/overcommit_memory
875192 - SELinux is preventing /usr/bin/gnome-shell from 'read' accesses on the directory /var/lib/AccountsService/icons.
879611 - FTBFS queuegraph
880337 - SELinux is preventing rngd from 'write' accesses on the file write_wakeup_threshold.
894439 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/httpd.
918476 - “hostnamectl set-hostname <name>” does not work on rawhide
923497 - Generated live image has many incorrect SELinux contexts, possibly due to missing l2tp.pp file in host's selinux-policy-targeted
923531 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'search' accesses on the directory /etc/X11/xorg.conf.d.
924226 - Update SElinux policy for Shared System Certificates
924776 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'unlink' accesses on the file 00-keyboard.conf.
927323 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/httpd.
928153 - confusing changes to rpm changelog
928331 - SELinux is preventing /usr/lib/systemd/systemd-localed from 'remove_name' accesses on the directory .00-keyboard.confj1CWKN.
928582 - SELinux is preventing /usr/bin/touch from 'write' accesses on the directory lock.
928832 - scriptlet failure in selinux-policy-devel-3.12.1-24.fc19
929340 - SELinux is preventing /usr/bin/kdm from 'create' accesses on the file .xsession-errors-:0.
929374 - SELinux is preventing /usr/bin/systemctl from 'lock' accesses on the file /run/utmp.
929409 - SELinux is preventing /usr/bin/python2.7 from 'getattr' accesses on the file /proc/sys/net/ipv4/ip_forward.
946857 - SELinux is preventing firewalld from 'open' accesses on the file /proc/sys/net/ipv4/ip_forward.
947001 - SELinux is preventing /usr/bin/rm from 'remove_name' accesses on the directory man-db.lock.
947665 - SELinux is preventing /usr/libexec/colord from 'search' accesses on the directory gnome-initial-setup.
948137 - SELinux is preventing /usr/sbin/httpd from 'name_connect' accesses on the tcp_socket .
948396 - Some dirs are labeled differently in /var/lib/mock directory
948662 - SELinux is preventing /usr/libexec/colord from 'read' accesses on the file /run/gnome-initial-setup/.local/share/icc/edid-a99d98c760ecb11e07592f0536164edc.icc.
948663 - SELinux is preventing /usr/lib/systemd/systemd-hostnamed from 'unlink' accesses on the file hostname.
949195 - SELinux is preventing /usr/bin/systemctl from 'read' accesses on the file utmp.
867767 - realmd AVC's on clean install
928845 - enable firewalld to write to /proc/sys/net/ipv4/ip_forward
Feedback
bodhi - 2013-04-06 11:07:29
This update has been submitted for testing by dwalsh.
autoqa - 2013-04-06 14:44:56
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/q3jc (results are informative only)
bodhi - 2013-04-06 16:30:05
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-04-06 16:54:57
This update has been pushed to testing
bodhi - 2013-04-08 11:34:44
mgrepl has edited this update. New build(s): selinux-policy-3.12.1-28.fc19. Removed build(s): selinux-policy-3.12.1-26.fc19.
bodhi - 2013-04-08 11:45:03
This update has been submitted for testing by mgrepl.
autoqa - 2013-04-08 12:22:11
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/q4nl (results are informative only)
autoqa - 2013-04-08 13:54:03
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/q4us (results are informative only)
bodhi - 2013-04-08 15:10:17
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-04-08 15:58:08
This update has been pushed to testing
dwalsh - 2013-04-08 17:29:09
I got a full reboot without any AVC's. Everything seems to work.
egreshko - 2013-04-08 21:41:47
bodhi - 2013-04-11 08:01:40
This update has been submitted for stable by mgrepl.
autoqa - 2013-04-11 11:59:28
AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/qbg4 (results are informative only)
deanhunter - 2013-04-11 15:12:07
This update fixes 948663.
deanhunter - 2013-04-11 15:16:46
This update fixes 948662.
deanhunter - 2013-04-11 15:27:27
I was mistaken. 948662 is NOT fixed.
adamwill (proventesters) - 2013-04-12 21:23:51
looks good to me, running on my desktop for some time and it's definitely no worse than previous builds. dean, please don't file negative karma just because a single bug wasn't fixed. See https://fedoraproject.org/wiki/QA:Update_feedback_guidelines . thanks!
deanhunter - 2013-04-14 16:04:15
Ah..., sorry.
ausil (proventesters) - 2013-04-18 20:49:10
no noticed issues here
pbrobinson (proventesters) - 2013-04-18 21:50:49
Seems OK to me in testing
nonamedotc - 2013-04-18 23:39:46
Good here.
bodhi - 2013-04-19 05:30:22
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-04-19 05:57:20
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters