ELBA-2015-1552
- ULN >
- Oracle Linux Errata repository >
- ELBA-2015-1552
ELBA-2015-1552 - selinux-policy bug fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2015-08-05 |
Description
[3.13.1-23.0.1.el7_1.13]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
[3.13.1-23.el7_1.13]
- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes.
- Allow glusterd to communicate with cluster domains over stream socket.
Resolves:#1238963
[3.13.1-23.el7_1.12]
- Allow iptables to read ctdbd lib files.
Resolves:#1238965
[3.13.1-23.el7_1.11]
- Allow glusterd to manage nfsd and rpcd services.
- Allow samba_t net_admin capability to make CIFS mount working.
Resolves:#1238965
- Dontaudit smbd_t block_suspend capability.
[3.13.1-23.el7_1.10]
- Allow gluster to connect to all ports. It is required by random services executed by gluster.
- Allow glusterd to execute showmount in the showmount domain.
- Add samba_signull_unconfined_net()
- Add samba_signull_winbind()
Resolves:#1232755
- Add logging_syslogd_run_nagios_plugins boolean for rsyslog to allow transition to nagios unconfined plugins.
Resolves:#1238963
- Label gluster python hooks also as bin_t.
Resolves:#1238965
- We allow can_exec() on ssh_keygen on gluster. But there is a transition defined by init_initrc_domain() because we need to allow execute unconfined services by glusterd. So ssh-keygen ends up with ssh_keygen_t and we need to allow to manage /var/lib/glusterd/geo-replication/secret.pem.
[3.13.1-23.el7_1.9]
- S30samba-start gluster hooks wants to search audit logs. Dontaudit it.
- Allow glusterd to interact with gluster tools running in a user domain
- nrpe needs kill capability to make gluster moniterd nodes working.
Resolves:#1238964
- Add cron_system_cronjob_use_shares boolean to allow system cronjob to be executed from shares - NFS, CIFS, FUSE. It requires 'entrypoint' permissios on nfs_t, cifs_t and fusefs_t SELinux types.
- Allow ctdb_t sending signull to smbd_t, for checking if smbd process exists.
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | selinux-policy-3.13.1-23.0.1.el7_1.13.src.rpm | f03b24741cd9ef6684581f9bdfda3971b24d695c60c6f246e839fd142f9dab9a | ELBA-2024-12651 | ol7_x86_64_latest_archive |
| selinux-policy-3.13.1-23.0.1.el7_1.13.src.rpm | f03b24741cd9ef6684581f9bdfda3971b24d695c60c6f246e839fd142f9dab9a | ELBA-2024-12651 | ol7_x86_64_optional_archive | |
| selinux-policy-3.13.1-23.0.1.el7_1.13.src.rpm | f03b24741cd9ef6684581f9bdfda3971b24d695c60c6f246e839fd142f9dab9a | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
| selinux-policy-3.13.1-23.0.1.el7_1.13.noarch.rpm | dcb0acf6240682579d8de6341c1ee0b8389a15e97883a845e8d900a393986a5e | ELBA-2024-12651 | ol7_x86_64_latest_archive | |
| selinux-policy-3.13.1-23.0.1.el7_1.13.noarch.rpm | dcb0acf6240682579d8de6341c1ee0b8389a15e97883a845e8d900a393986a5e | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
| selinux-policy-devel-3.13.1-23.0.1.el7_1.13.noarch.rpm | f2940278292af1a19c4d81f5eac1d4eec2ab875b9290008af316ffca5f292684 | ELBA-2024-12651 | ol7_x86_64_latest_archive | |
| selinux-policy-devel-3.13.1-23.0.1.el7_1.13.noarch.rpm | f2940278292af1a19c4d81f5eac1d4eec2ab875b9290008af316ffca5f292684 | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
| selinux-policy-doc-3.13.1-23.0.1.el7_1.13.noarch.rpm | 2484568471e9aa76641314d0a7442c01948842bddd885462638f6c771a0f957b | ELBA-2024-12651 | ol7_x86_64_optional_archive | |
| selinux-policy-minimum-3.13.1-23.0.1.el7_1.13.noarch.rpm | 29b1b972fb24412c2abe91d94d53805d1079be7f3443d86c7eb2947e51c453db | ELBA-2024-12651 | ol7_x86_64_latest_archive | |
| selinux-policy-minimum-3.13.1-23.0.1.el7_1.13.noarch.rpm | 29b1b972fb24412c2abe91d94d53805d1079be7f3443d86c7eb2947e51c453db | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
| selinux-policy-mls-3.13.1-23.0.1.el7_1.13.noarch.rpm | 004d98fcda968e4b90839cb52ede0bd50dea873b80a95e5cd5f8e4271ca3e58a | ELBA-2024-12651 | ol7_x86_64_latest_archive | |
| selinux-policy-mls-3.13.1-23.0.1.el7_1.13.noarch.rpm | 004d98fcda968e4b90839cb52ede0bd50dea873b80a95e5cd5f8e4271ca3e58a | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
| selinux-policy-sandbox-3.13.1-23.0.1.el7_1.13.noarch.rpm | d5d0b0951665182b55b5a37484077d8deb820b1c0b23db5e3d6cd8173537a237 | ELBA-2024-12651 | ol7_x86_64_optional_archive | |
| selinux-policy-targeted-3.13.1-23.0.1.el7_1.13.noarch.rpm | 9cecb0b1372181caa0c677cf98bd7afaa5aa9a510c5d38b6c37118e414ac6c21 | ELBA-2024-12651 | ol7_x86_64_latest_archive | |
| selinux-policy-targeted-3.13.1-23.0.1.el7_1.13.noarch.rpm | 9cecb0b1372181caa0c677cf98bd7afaa5aa9a510c5d38b6c37118e414ac6c21 | ELBA-2024-12651 | ol7_x86_64_u1_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
