ELBA-2024-11159

ULN >
Oracle Linux Errata repository >
ELBA-2024-11159

ELBA-2024-11159 - libselinux, libsemanage, and selinux-policy bug fix and enhancement update

Type:	BUG
Severity:	NA
Release Date:	2025-01-06

Description

libselinux
[2.9-9]
- restorecon: Include (RHEL-50830)

libsemanage
[2.9-10]
- Preserve file context and ownership in policy store (RHEL-17509)

selinux-policy
[3.14.3-139.0.1]
- Allow kdump create and use its memfd: objects [Orabug: 36538844]
- Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36226040]
- Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36170954]
- Allow mailman_domain to manage mailman_log_t link files [Orabug: 36160497]
- Label /var/log/kdump.log with kdump_log_t [Orabug: 32911792]
- Allow tuned_t to manage information from the debugging filesystem [Orabug: 34685730]
- Allow kdumpctl_t to execmem [Orabug: 34712872]
- Allow svirt_t domain to mmap svirt_image_t character files [Orabug: 34314421]
- Allow tuned_t to read the process state of all domains [Orabug: 33520684]
- Allow initrc_t to manage pid files used by chronyd [Orabug: 33520623]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Allow tuned_t to execute systemd_systemctl_exec_t files [Orabug: 32355342]
- Make logrotate work with mls policy [Orabug: 32343731]
- Add interface kernel_relabelfrom_usermodehelper() [Orabug: 31396031]
- Allow systemd_tmpfiles_t domain to relabel from usermodehelper_t files [Orabug: 31396031]
- Make udev work with mls policy [Orabug: 31405299]
- Make tuned work with mls policy [Orabug: 31396024]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Enable policykit and sssd policy modules with minimum policy [Orabug: 29744511]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_aarch64_appstream
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_aarch64_baseos_latest
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_aarch64_codeready_builder
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_aarch64_u10_baseos_patch
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_aarch64_baseos_latest
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_aarch64_codeready_builder
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-3.14.3-139.0.1.el8_10.1.src.rpm	816cd0c8c8fe4c024c3dbf3541513866	-	ol8_aarch64_baseos_latest
	selinux-policy-3.14.3-139.0.1.el8_10.1.src.rpm	816cd0c8c8fe4c024c3dbf3541513866	-	ol8_aarch64_u10_baseos_patch
	libselinux-2.9-9.el8_10.aarch64.rpm	8702cf189caed60a05712acc52cc71a2	-	ol8_aarch64_baseos_latest
	libselinux-2.9-9.el8_10.aarch64.rpm	8702cf189caed60a05712acc52cc71a2	-	ol8_aarch64_u10_baseos_patch
	libselinux-devel-2.9-9.el8_10.aarch64.rpm	6553cff3c8764049a21bc1db2e30904d	-	ol8_aarch64_baseos_latest
	libselinux-devel-2.9-9.el8_10.aarch64.rpm	6553cff3c8764049a21bc1db2e30904d	-	ol8_aarch64_u10_baseos_patch
	libselinux-ruby-2.9-9.el8_10.aarch64.rpm	4dccba14689972ded79ce90cf8a55641	-	ol8_aarch64_appstream
	libselinux-static-2.9-9.el8_10.aarch64.rpm	8a01047a0a0527b6d4c618df22271cc0	-	ol8_aarch64_codeready_builder
	libselinux-utils-2.9-9.el8_10.aarch64.rpm	134b12ef08cf2d9cbc65f209d8528a51	-	ol8_aarch64_baseos_latest
	libselinux-utils-2.9-9.el8_10.aarch64.rpm	134b12ef08cf2d9cbc65f209d8528a51	-	ol8_aarch64_u10_baseos_patch
	libsemanage-2.9-10.el8_10.aarch64.rpm	5cb928a0f87ab0a4ff1e2f0ca165d098	-	ol8_aarch64_baseos_latest
	libsemanage-2.9-10.el8_10.aarch64.rpm	5cb928a0f87ab0a4ff1e2f0ca165d098	-	ol8_aarch64_u10_baseos_patch
	libsemanage-devel-2.9-10.el8_10.aarch64.rpm	75a1a5c822cdfcddbd05c95b73e1dba7	-	ol8_aarch64_codeready_builder
	python3-libselinux-2.9-9.el8_10.aarch64.rpm	e423460c4c76568111f05e04f10174a1	-	ol8_aarch64_baseos_latest
	python3-libselinux-2.9-9.el8_10.aarch64.rpm	e423460c4c76568111f05e04f10174a1	-	ol8_aarch64_u10_baseos_patch
	python3-libsemanage-2.9-10.el8_10.aarch64.rpm	fd5491af8e522a0f5568faa8af53129f	-	ol8_aarch64_baseos_latest
	python3-libsemanage-2.9-10.el8_10.aarch64.rpm	fd5491af8e522a0f5568faa8af53129f	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-3.14.3-139.0.1.el8_10.1.noarch.rpm	e7d0b71a44154796964d4cf2f5fccd55	-	ol8_aarch64_baseos_latest
	selinux-policy-3.14.3-139.0.1.el8_10.1.noarch.rpm	e7d0b71a44154796964d4cf2f5fccd55	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-devel-3.14.3-139.0.1.el8_10.1.noarch.rpm	129dce4d325132c74445c5a9a09ab0a3	-	ol8_aarch64_baseos_latest
	selinux-policy-devel-3.14.3-139.0.1.el8_10.1.noarch.rpm	129dce4d325132c74445c5a9a09ab0a3	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-doc-3.14.3-139.0.1.el8_10.1.noarch.rpm	26036b23123a272bf31db4bb9f44b648	-	ol8_aarch64_baseos_latest
	selinux-policy-doc-3.14.3-139.0.1.el8_10.1.noarch.rpm	26036b23123a272bf31db4bb9f44b648	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-minimum-3.14.3-139.0.1.el8_10.1.noarch.rpm	e02e5d73b477a3fb14066a481c4fcc1d	-	ol8_aarch64_baseos_latest
	selinux-policy-minimum-3.14.3-139.0.1.el8_10.1.noarch.rpm	e02e5d73b477a3fb14066a481c4fcc1d	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-mls-3.14.3-139.0.1.el8_10.1.noarch.rpm	fa9c2c0543034d4e835629c0c1cdeb36	-	ol8_aarch64_baseos_latest
	selinux-policy-mls-3.14.3-139.0.1.el8_10.1.noarch.rpm	fa9c2c0543034d4e835629c0c1cdeb36	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-sandbox-3.14.3-139.0.1.el8_10.1.noarch.rpm	389adea0f342332cc327b83bb7073614	-	ol8_aarch64_baseos_latest
	selinux-policy-sandbox-3.14.3-139.0.1.el8_10.1.noarch.rpm	389adea0f342332cc327b83bb7073614	-	ol8_aarch64_u10_baseos_patch
	selinux-policy-targeted-3.14.3-139.0.1.el8_10.1.noarch.rpm	24dd2fad6cbecf87d0d7796701b06244	-	ol8_aarch64_baseos_latest
	selinux-policy-targeted-3.14.3-139.0.1.el8_10.1.noarch.rpm	24dd2fad6cbecf87d0d7796701b06244	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_x86_64_appstream
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_x86_64_baseos_latest
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_x86_64_codeready_builder
	libselinux-2.9-9.el8_10.src.rpm	d13bc5f206e2bb317ed9c9c71445d77d	-	ol8_x86_64_u10_baseos_patch
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_x86_64_baseos_latest
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_x86_64_codeready_builder
	libsemanage-2.9-10.el8_10.src.rpm	b7b49a60f50db022144d166f9a3028e3	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-3.14.3-139.0.1.el8_10.1.src.rpm	816cd0c8c8fe4c024c3dbf3541513866	-	ol8_x86_64_baseos_latest
	selinux-policy-3.14.3-139.0.1.el8_10.1.src.rpm	816cd0c8c8fe4c024c3dbf3541513866	-	ol8_x86_64_u10_baseos_patch
	libselinux-2.9-9.el8_10.i686.rpm	d6a22ecbc1d6d96ebdf48ab507b2771d	-	ol8_x86_64_baseos_latest
	libselinux-2.9-9.el8_10.i686.rpm	d6a22ecbc1d6d96ebdf48ab507b2771d	-	ol8_x86_64_u10_baseos_patch
	libselinux-2.9-9.el8_10.x86_64.rpm	24a3de6f37089d7e6bfd760715748b16	-	ol8_x86_64_baseos_latest
	libselinux-2.9-9.el8_10.x86_64.rpm	24a3de6f37089d7e6bfd760715748b16	-	ol8_x86_64_u10_baseos_patch
	libselinux-devel-2.9-9.el8_10.i686.rpm	eef473402d029bf5855d71962ba4c2b4	-	ol8_x86_64_baseos_latest
	libselinux-devel-2.9-9.el8_10.i686.rpm	eef473402d029bf5855d71962ba4c2b4	-	ol8_x86_64_u10_baseos_patch
	libselinux-devel-2.9-9.el8_10.x86_64.rpm	99233a774d12b2daafb21eb6d59b9f55	-	ol8_x86_64_baseos_latest
	libselinux-devel-2.9-9.el8_10.x86_64.rpm	99233a774d12b2daafb21eb6d59b9f55	-	ol8_x86_64_u10_baseos_patch
	libselinux-ruby-2.9-9.el8_10.x86_64.rpm	33401677e42de49cdbbf9b34a2959fa0	-	ol8_x86_64_appstream
	libselinux-static-2.9-9.el8_10.i686.rpm	1ce34aed83f03dbb5da71303efe418e9	-	ol8_x86_64_codeready_builder
	libselinux-static-2.9-9.el8_10.x86_64.rpm	b991fc12155141c2487d451042c915e6	-	ol8_x86_64_codeready_builder
	libselinux-utils-2.9-9.el8_10.x86_64.rpm	8b5ba471167ef5ac2622f42f4e2eb713	-	ol8_x86_64_baseos_latest
	libselinux-utils-2.9-9.el8_10.x86_64.rpm	8b5ba471167ef5ac2622f42f4e2eb713	-	ol8_x86_64_u10_baseos_patch
	libsemanage-2.9-10.el8_10.i686.rpm	71f943642e0de0fe4671d6f858f270ef	-	ol8_x86_64_baseos_latest
	libsemanage-2.9-10.el8_10.i686.rpm	71f943642e0de0fe4671d6f858f270ef	-	ol8_x86_64_u10_baseos_patch
	libsemanage-2.9-10.el8_10.x86_64.rpm	55352428d35f0a8c58e352d8058dc2cd	-	ol8_x86_64_baseos_latest
	libsemanage-2.9-10.el8_10.x86_64.rpm	55352428d35f0a8c58e352d8058dc2cd	-	ol8_x86_64_u10_baseos_patch
	libsemanage-devel-2.9-10.el8_10.i686.rpm	5f5321bfdfec6b756e7f9f4d2b85efb3	-	ol8_x86_64_codeready_builder
	libsemanage-devel-2.9-10.el8_10.x86_64.rpm	44ffaeef19dfde50c729210ff06a82c2	-	ol8_x86_64_codeready_builder
	python3-libselinux-2.9-9.el8_10.x86_64.rpm	f08a409fb03337700017846d6bd51107	-	ol8_x86_64_baseos_latest
	python3-libselinux-2.9-9.el8_10.x86_64.rpm	f08a409fb03337700017846d6bd51107	-	ol8_x86_64_u10_baseos_patch
	python3-libsemanage-2.9-10.el8_10.x86_64.rpm	277c3074c2882d2f81fac2cc0a481c7e	-	ol8_x86_64_baseos_latest
	python3-libsemanage-2.9-10.el8_10.x86_64.rpm	277c3074c2882d2f81fac2cc0a481c7e	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-3.14.3-139.0.1.el8_10.1.noarch.rpm	e7d0b71a44154796964d4cf2f5fccd55	-	ol8_x86_64_baseos_latest
	selinux-policy-3.14.3-139.0.1.el8_10.1.noarch.rpm	e7d0b71a44154796964d4cf2f5fccd55	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-devel-3.14.3-139.0.1.el8_10.1.noarch.rpm	129dce4d325132c74445c5a9a09ab0a3	-	ol8_x86_64_baseos_latest
	selinux-policy-devel-3.14.3-139.0.1.el8_10.1.noarch.rpm	129dce4d325132c74445c5a9a09ab0a3	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-doc-3.14.3-139.0.1.el8_10.1.noarch.rpm	26036b23123a272bf31db4bb9f44b648	-	ol8_x86_64_baseos_latest
	selinux-policy-doc-3.14.3-139.0.1.el8_10.1.noarch.rpm	26036b23123a272bf31db4bb9f44b648	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-minimum-3.14.3-139.0.1.el8_10.1.noarch.rpm	e02e5d73b477a3fb14066a481c4fcc1d	-	ol8_x86_64_baseos_latest
	selinux-policy-minimum-3.14.3-139.0.1.el8_10.1.noarch.rpm	e02e5d73b477a3fb14066a481c4fcc1d	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-mls-3.14.3-139.0.1.el8_10.1.noarch.rpm	fa9c2c0543034d4e835629c0c1cdeb36	-	ol8_x86_64_baseos_latest
	selinux-policy-mls-3.14.3-139.0.1.el8_10.1.noarch.rpm	fa9c2c0543034d4e835629c0c1cdeb36	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-sandbox-3.14.3-139.0.1.el8_10.1.noarch.rpm	389adea0f342332cc327b83bb7073614	-	ol8_x86_64_baseos_latest
	selinux-policy-sandbox-3.14.3-139.0.1.el8_10.1.noarch.rpm	389adea0f342332cc327b83bb7073614	-	ol8_x86_64_u10_baseos_patch
	selinux-policy-targeted-3.14.3-139.0.1.el8_10.1.noarch.rpm	24dd2fad6cbecf87d0d7796701b06244	-	ol8_x86_64_baseos_latest
	selinux-policy-targeted-3.14.3-139.0.1.el8_10.1.noarch.rpm	24dd2fad6cbecf87d0d7796701b06244	-	ol8_x86_64_u10_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691