RHBA-2010:0182: bug fix update
241
• SELinux AVC denial errors were triggered when using the sysadm SELinux user to connect to
racoon
using a UNIX domain stream socket. After applying this update, access functions as
expected. (
BZ#545369
1935
)
• When using the MLS functionality,
iptables
can now start properly and has proper permissions to
read configuration files. (
BZ#546604
1936
)
• Policy has been modified to give the
smartd
daemon the ability to read from and write to generic
SCSI devices. (
BZ#547387
1937
)
• SELinux policy has been modified to fix a segfault error when using an iSCSI target with the
bnx2i
interface type. (
BZ#548599
1938
)
• The
/var/vdsm
directory was incorrectly labeled by SELinux, showing two different SELinux
contexts. After applying this update, the directory is now correctly labeled with a single label.
(
BZ#549492
1939
)
• When using the '-i' option to the
lpadmin
command to set an interface script for a printer, SELinux
error messages are triggered. A new type,
cupsd_interface_t
, has been added to policy to
allow
cupsd
to properly utilize a System V style interface script. (
BZ#550015
1940
)
• The
postgresql
regression tests include libraries that need to be dynamically loaded by the
postgresql server. Some of these libraries were incorrectly labeled, which caused the regression
tests to fail and SELinux errors to appear. This update applies the correct permissions to the
libraries, and the postgresql regression tests now operate as expected. (
BZ#551063
1941
)
•
prelink
is a utility that can reduce the startup times of applications by linking to libraries
and storing the linking in the executable. prelink is now allowed under SELinux policy to load
and execute functions from shared libraries, with legacy support included for older libraries.
(
BZ#551664
1942
)
•
qemu-kvm
caused SELinux errors when creating or starting a virtual machine when
Transport
Layer Security
(TLS) is enabled in qemu.conf for an environment using a Public Key
Infrastructure (PKI). This error occurred because qemu-kvm did not have sufficient permission to
read from a random number generator (
/dev/random
and
/dev/urandom
) in order to gather
its entropy. Permissions have been modified so that qemu-kvm can now read from these random
number generators. (
BZ#552763
1943
)
• A regression error was discovered when installing new SELinux packages. The
postfix_postdrop
command was unable to use sockets. This resulted in emails not being sent.
After applying this update, postfix is able to read and write sendmail unix_stream_sockets and
emails can be sent using sendmail as expected. (
BZ#553492
1944
)
• The
/etc/xen
was incorrectly labeled. This caused errors when using automated scripts for
staging Xen guest virtual machines. A fix was applied to correctly label the directory, which resolved
the problem. Xen guests are now functioning as expected. (
BZ#554777
1945
)
• Restarting networking services using the
service network restart
command resulted in an
AVC denial caused by dhcpc_t being unable to relabel to and from net_conf_t. This update allows
this with the result that restarting networking succeeds without SELinux denials. (
BZ#559355
1946
)
• The
iscsid
daemon, which implements the control path of the iSCSI protocol along with
management functions, could not create its log file due to an incorrect SELinux context.
(
BZ#562303
1947
)
Summary of Contents for ENTERPRISE LINUX 5.5 - S 2010
Page 10: ...x ...
Page 308: ...298 ...
Page 310: ...300 ...
Page 468: ...458 ...
Page 470: ...460 ...