Issued:
2013-11-20
Updated:
2013-11-20

RHBA-2013:1608 - policycoreutils bug fix and enhancement update

Synopsis

policycoreutils bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated policycoreutils packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.

Description

The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.

This update fixes the following bugs:

  • Previously, several semanage command-line options did not work as expected. With this update, these options have been corrected and now work proprerly. (BZ#860506)

  • With this update, the semanage man page has been updated to be consistent with information contained in the semanage help page. (BZ#868218)

  • Due to a bug in the policycoreutils package, installation of the ipa-server-selinux package failed. This bug has been fixed and ipa-server-selinux can now be installed without complications. (BZ#886059)

  • Prior to this update, the sandbox utility did not accept symbolic links specified in the /etc/sysconfig/sandbox file. Consequently, executing the "sandbox -M" command failed with a "No such file or directory" message. The underlying source code has been modified and symlinks can now be configured in /etc/sysconfig/sandbox without complications. (BZ#913175)

  • Previously, the fixfiles script did not recognize a change in the regular expression describing the /sbin/ip6?tables-multi* files. Consequently, these files were labeled incorrectly after updating the system with the yum update command. With this update, fixfiles has been corrected to accept the change of regular expression. (BZ#916727)

  • Prior to this update, after executing the "semanage boolean -m" command, a traceback was returned. This bug has been fixed and tracebacks are no longer displayed in the aforementioned scenario. (BZ#918460)

  • Previously, the semanage utility did not allow to set the "none" context on directories and files. Consequently, the following message was displayed when attempting to do so:

    /usr/sbin/semanage: Type none is invalid, must be a file or device type

This bug has been fixed, and it is now possible to set the "none" context without complications. (BZ#928320, BZ#947504)

  • Prior to this update, the "-o" option of the audit2allow command overwrote the contents of the output file instead of just appending the new content. This bug has been fixed, and "audit2allow -o" now works as expected. (BZ#967728)

  • After attempting to enable a SELinux boolean that did not exist, a brief error message was generated. This update modifies this message to be more informative. (BZ#984484)

  • After attempting to permanently change a boolean that did not exist, an incorrect error message was generated. This message has been modified to provide correct information about the cause of the problem. (BZ#998974)

In addition, this update adds the following enhancement:

  • This update adds a possibility to exclude selected files when running the restorecon utility, which can significantly reduce execution times. (BZ#916734)

Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Scientific Computing6x86_64
Red Hat Enterprise Linux for Power, big endian6ppc64
Red Hat Enterprise Linux for IBM z Systems6s390x
Red Hat Enterprise Linux Workstation6x86_64
Red Hat Enterprise Linux Workstation6i386
Red Hat Enterprise Linux Server6x86_64
Red Hat Enterprise Linux Server6i386
Red Hat Enterprise Linux Server from RHUI6x86_64
Red Hat Enterprise Linux Server from RHUI6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)6s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)6s390x
Red Hat Enterprise Linux Desktop6x86_64
Red Hat Enterprise Linux Desktop6i386

Updated Packages

  • policycoreutils-debuginfo-2.0.83-19.39.el6.s390x.rpm
  • policycoreutils-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-sandbox-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-python-2.0.83-19.39.el6.s390x.rpm
  • policycoreutils-python-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-gui-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-gui-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-newrole-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-gui-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-newrole-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-newrole-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-debuginfo-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-debuginfo-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-sandbox-2.0.83-19.39.el6.s390x.rpm
  • policycoreutils-python-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-debuginfo-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-sandbox-2.0.83-19.39.el6.i686.rpm
  • policycoreutils-sandbox-2.0.83-19.39.el6.x86_64.rpm
  • policycoreutils-python-2.0.83-19.39.el6.ppc64.rpm
  • policycoreutils-2.0.83-19.39.el6.src.rpm
  • policycoreutils-2.0.83-19.39.el6.s390x.rpm
  • policycoreutils-gui-2.0.83-19.39.el6.s390x.rpm
  • policycoreutils-newrole-2.0.83-19.39.el6.s390x.rpm

Fixes

CVEs

(none)

References

(none)

Additional information