ELBA-2015-1552
- ULN >
- Oracle Linux Errata repository >
- ELBA-2015-1552
ELBA-2015-1552 - selinux-policy bug fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2015-08-05 |
Description
[3.13.1-23.0.1.el7_1.13]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
[3.13.1-23.el7_1.13]
- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
- Allow glusterd to communicate with cluster domains over stream socket.
Resolves:#1238963
[3.13.1-23.el7_1.12]
- Allow iptables to read ctdbd lib files.
Resolves:#1238965
[3.13.1-23.el7_1.11]
- Allow glusterd to manage nfsd and rpcd services.
- Allow samba_t net_admin capability to make CIFS mount working.
Resolves:#1238965
- Dontaudit smbd_t block_suspend capability.
[3.13.1-23.el7_1.10]
- Allow gluster to connect to all ports. It is required by random services executed by gluster.
- Allow glusterd to execute showmount in the showmount domain.
- Add samba_signull_unconfined_net()
- Add samba_signull_winbind()
Resolves:#1232755
- Add logging_syslogd_run_nagios_plugins boolean for rsyslog to allow transition to nagios unconfined plugins.
Resolves:#1238963
- Label gluster python hooks also as bin_t.
Resolves:#1238965
- We allow can_exec() on ssh_keygen on gluster. But there is a transition defined by init_initrc_domain() because we need to allow execute unconfined services by glusterd. So ssh-keygen ends up with ssh_keygen_t and we need to allow to manage /var/lib/glusterd/geo-replication/secret.pem.
[3.13.1-23.el7_1.9]
- S30samba-start gluster hooks wants to search audit logs. Dontaudit it.
- Allow glusterd to interact with gluster tools running in a user domain
- nrpe needs kill capability to make gluster moniterd nodes working.
Resolves:#1238964
- Add cron_system_cronjob_use_shares boolean to allow system cronjob to be executed from shares - NFS, CIFS, FUSE. It requires 'entrypoint' permissios on nfs_t, cifs_t and fusefs_t SELinux types.
- Allow ctdb_t sending signull to smbd_t, for checking if smbd process exists.
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
