-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-a15b7e7314 2021-09-30 01:12:40.914776 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 34 Version : 34.21 Release : 1.fc34 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora.
-------------------------------------------------------------------------------- Update Information:
New F34 selinux-policy build -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 23 2021 Zdenek Pytela zpytela@redhat.com - 34.21-1 - Add bluetooth-related permissions into a tunable block - Allow gnome at-spi processes create and use stream sockets - Allow usbmuxd get attributes of tmpfs_t filesystems - Allow fprintd install a sleep delay inhibitor - Allow collectd get attributes of infiniband devices - Allow collectd create and user netlink rdma socket - Allow collectd map packet_socket - Allow snort create and use blootooth socket - Allow systemd watch and watch_reads console devices - Allow snort create and use generic netlink socket - Allow NetworkManager dbus chat with fwupd - Allow unconfined domains read/write domain perf_events - Allow scripts to enter LUKS password - Update mount_manage_pid_files() to use manage_files_pattern - Support hitless reloads feature in haproxy - Allow haproxy list the sysfs directories content - Allow gnome at-spi processes get attributes of tmpfs filesystems - Allow unbound connectto unix_stream_socket - Allow rhsmcertd_t dbus chat with anaconda install_t -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1883507 - collectd triggers a few SELinux denials - infiniband, RDMA, packet socket https://bugzilla.redhat.com/show_bug.cgi?id=1883507 [ 2 ] Bug #1954380 - SELinux is preventing usbmuxd from 'getattr' accesses on the filesystem /dev/shm. https://bugzilla.redhat.com/show_bug.cgi?id=1954380 [ 3 ] Bug #1993692 - SELinux is preventing snort from 'create' accesses on the bluetooth_socket labeled snort_t. https://bugzilla.redhat.com/show_bug.cgi?id=1993692 [ 4 ] Bug #1993693 - SELinux is preventing snort from 'create' accesses on the netlink_generic_socket labeled snort_t. https://bugzilla.redhat.com/show_bug.cgi?id=1993693 [ 5 ] Bug #1999526 - avc: denied { watch watch_reads } comm="systemd-tty-ask" path="/dev/tty1 https://bugzilla.redhat.com/show_bug.cgi?id=1999526 [ 6 ] Bug #2001219 - AVC denial of StandardInput=tty in a service https://bugzilla.redhat.com/show_bug.cgi?id=2001219 [ 7 ] Bug #2003451 - SELinux is preventing at-spi-bus-laun from 'getattr' accesses on the filesystem /dev/shm. https://bugzilla.redhat.com/show_bug.cgi?id=2003451 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a15b7e7314' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org