- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1637 - policycoreutils bug fix and enhancement update
Synopsis
policycoreutils bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated policycoreutils packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
Description
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.
This update fixes the following bugs:
-
Due to the wrong run_init pseudo terminal (pty) handling, it was not possible to start the sshd daemon properly with the run_init utility. With this update, the bug has been fixed so that run_init now works, as expected. (BZ#662064)
-
If the "-D" option was used with the "semanage module" command, it resulted in a traceback. With this update, the functionality that allowed removal of every single policy module from a system has been removed from the semanage utility so that the bug is now fixed. (BZ#666861)
-
Previously, the semanage(8) man page did not describe certain options. This update corrects the man page so that these options are now described, as expected. (BZ#677541, BZ#677542)
-
Previously, the SELinux graphical tools and the common SELinux tools did not work on systems with SELinux disabled. This bug has been fixed by allowing the SELinux graphical tools and the common SELinux tools to run on these systems. (BZ#689153, BZ#695288, BZ#696809, BZ#735044)
-
Previously, running the "sandbox -H /tmp/testuserhome ls ~" command resulted in a traceback. With this update, the command now works as expected. (BZ#690502)
-
Previously, the gnome-python2-gtkhtml2 package was required by the policycoreutils-gui package. As a result, the Automatic Bug Reporting Tool (ABRT) utilities generated a traceback. With this update, the gnome-python2-gtkhtml2 package is no longer required by the policycoreutils-gui package, thus the bug is fixed. (BZ#702860)
-
Previously, the sestatus(8) man page missed the description of the "-b" option. This update corrects the man page so that this option is now described, as expected. (BZ#705027)
-
Previously, polyinstantiated directories had the wrong multilevel secure (MLS) range set for a user. As a result, the user was not able to create files in the /tmp/ directory, or, under certain circumstances, to log in. This update fixes the bug by correcting the namespace.init script. (BZ#715021)
-
Previously, the rsync package was not required by any of the policycoreutils packages, although the "seunshare" command, which is provided by the policycoreutils-sandbox package, requires the rsync package to work properly. With this update, the rsync package is now required by the policycoreutils-sandbox package, thus the bug is fixed. (BZ#734467)
-
Previously, it was possible to change the USER, ROLE, and MLS ranges on an object with the "restorecon" command even if the "-F" option was not specified. This update fixes the unintended behavior by disallowing "restorecon" to change the USER, ROLE or MLS ranges on the object unless the "-F" option is specified. (BZ#736153)
-
If the "restorecon" command was successful, the return code "1" was erroneously returned. This unintended behavior has been fixed with this update so that "restorecon" now returns the code "0", as expected. (BZ#739587, BZ#740669)
-
If booting with the "SELinux=disabled" option set in the /etc/selinux/config file (but without specifying the "selinux=0" option at the kernel prompt), dracut output the following error:
dracut: /sbin/load_policy: Can't load policy: No such file or directory
With this update, dracut no longer outputs this error. (BZ#750594)
All users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- policycoreutils-gui-2.0.83-19.18.el6.i686.rpm
- policycoreutils-sandbox-2.0.83-19.18.el6.i686.rpm
- policycoreutils-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-2.0.83-19.18.el6.x86_64.rpm
- policycoreutils-debuginfo-2.0.83-19.18.el6.i686.rpm
- policycoreutils-python-2.0.83-19.18.el6.i686.rpm
- policycoreutils-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-2.0.83-19.18.el6.i686.rpm
- policycoreutils-debuginfo-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-sandbox-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-gui-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-debuginfo-2.0.83-19.18.el6.x86_64.rpm
- policycoreutils-sandbox-2.0.83-19.18.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.18.el6.i686.rpm
- policycoreutils-gui-2.0.83-19.18.el6.x86_64.rpm
- policycoreutils-python-2.0.83-19.18.el6.x86_64.rpm
- policycoreutils-2.0.83-19.18.el6.src.rpm
- policycoreutils-newrole-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-python-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-debuginfo-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-newrole-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-gui-2.0.83-19.18.el6.ppc64.rpm
- policycoreutils-sandbox-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-python-2.0.83-19.18.el6.s390x.rpm
- policycoreutils-newrole-2.0.83-19.18.el6.x86_64.rpm
Fixes
- This content is not included.BZ - 658532
- This content is not included.BZ - 666861
- This content is not included.BZ - 677542
- This content is not included.BZ - 679798
- This content is not included.BZ - 689153
- This content is not included.BZ - 690502
- This content is not included.BZ - 690744
- This content is not included.BZ - 695288
- This content is not included.BZ - 696809
- This content is not included.BZ - 702860
- This content is not included.BZ - 705027
- This content is not included.BZ - 717640
- This content is not included.BZ - 728833
- This content is not included.BZ - 734467
- This content is not included.BZ - 735044
- This content is not included.BZ - 736153
- This content is not included.BZ - 739587
- This content is not included.BZ - 740669
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.