- Issued:
- 2013-02-20
- Updated:
- 2013-02-20
RHBA-2013:0396 - policycoreutils bug fix and enhancement update
Synopsis
policycoreutils bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated policycoreutils packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
Description
The policycoreutils packages contain the policy core utilities that are required for basic operation of SELinux. These utilities include load_policy to load policies, setfiles to label file systems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context.
This update fixes the following bugs:
-
Previously, when the policycoreutils-gui utility was used to add an SELinux policy for a socket file, policycoreutils-gui failed with a traceback. This bug has been fixed, policycoreutils-gui now succeeds, and the SELinux policy is now added in this scenario. (BZ#816460, BZ#885527)
-
Due to a bug in the code, when the restorecon utility failed, it returned the success exit code. This bug has been fixed and restorecon now returns appropriate exit codes. (BZ#824779)
-
When multiple type accesses from the same role occurred, the audit2allow utility produced policy files that could not be parsed by the checkmodule compiler. With this update, audit2allow produces correct policy files which can be compiled by checkmodule. (BZ#843727)
-
The restorecond init script allows to use the "reload" operation. Previously, the usage message produced by restorecond did not mention the operation. The operation has been added to the usage message, which is now complete. (BZ#876971)
-
Prior to this update, the audit2allow utility produced a confusing output when one of the several processed AVCs could be allowed by a boolean, as it was not clear which AVC the message was related to. The layout of the output has been corrected and the audit2allow output no longer causes confusion. (BZ#882862)
-
Due to a regression, the vdsm package failed to be installed on Red Hat Enterprise Linux 6.4 if SELinux was disabled. A patch which enables the vdsm installation has been provided. (BZ#893065)
In addition, this update adds the following enhancements:
-
A new function to the semanage utility has been implemented. Now, the user is able to notice that a specified file context semanage command is wrong and an appropriate error message is returned. (BZ#834160)
-
With this update, the restorecon utility now returns a warning message for paths for which a default SELinux security context is not defined in the policy. (BZ#851479)
Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- policycoreutils-python-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-python-2.0.83-19.30.el6.i686.rpm
- policycoreutils-newrole-2.0.83-19.30.el6.i686.rpm
- policycoreutils-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-gui-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-debuginfo-2.0.83-19.30.el6.i686.rpm
- policycoreutils-gui-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-debuginfo-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-sandbox-2.0.83-19.30.el6.i686.rpm
- policycoreutils-sandbox-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-2.0.83-19.30.el6.ppc64.rpm
- policycoreutils-debuginfo-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-python-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-gui-2.0.83-19.30.el6.i686.rpm
- policycoreutils-2.0.83-19.30.el6.src.rpm
- policycoreutils-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-sandbox-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-gui-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-newrole-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-sandbox-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-python-2.0.83-19.30.el6.s390x.rpm
- policycoreutils-debuginfo-2.0.83-19.30.el6.x86_64.rpm
- policycoreutils-2.0.83-19.30.el6.i686.rpm
Fixes
- This content is not included.BZ - 843727
- This content is not included.BZ - 876971
- This content is not included.BZ - 893065
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.