- Issued:
- 2014-10-13
- Updated:
- 2014-10-13
RHBA-2014:1569 - policycoreutils bug fix update
Synopsis
policycoreutils bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated policycoreutils packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
Description
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.
This update fixes the following bugs:
-
An attempt to use the SELinux graphical utility to create a new SELinux policy with a name that contained the dash character ("") failed with an error. The underlying source code has been modified to fix this bug and the error is no longer returned in the described scenario. As a result, it is possible to create SELinux policies with names containing "". (BZ#885526)
-
The "sandbox -M" command failed to start when the home directory was linked with a symbolic link. This bug has been fixed and sandbox now properly works with home directories linked with symbolic links. (BZ#913175)
-
Certain option descriptions were missing from the sandbox(8) and restorecon(8) manual pages. The descriptions have been added to those manual pages. (BZ#961805)
-
The "semanage fcontext -a -e [source_directory] [target_directory]" command sets the same SELinux file context for the target directory as the source directory has. When the user specified the name of the source directory with the trailing slash character ("/") at the end, the command failed to change the context. This update applies a patch to fix this bug and the command now works as expected. (BZ#1002209)
-
When running the "semanage permissive -a [type]" command with an incorrect domain type, an invalid .te file was generated and stored. Consequently, an attempt to execute the command again with the valid domain type failed because semanage tried to compile the previously generated invalid .te file. This bug has been fixed and semanage now works as expected. (BZ#1028202)
-
The semanage "-N" option was not supported and an error was returned when trying to use the option. This update adds the support for the "-N" option. (BZ#1032828)
-
The "fixfiles restore", "fixfiles check", and "fixfiles validate" commands can be executed with or without specifying a directory. Previously, when the aforementioned commands were run with no directory specified, they returned a non-zero value. This behavior is incorrect because no error was encountered. The underlying source code has been modified to fix this bug and the commands no longer return a non-zero value in the described scenario. (BZ#1043969)
-
Due to an incorrect handling of parameters in the setfiles code, the setfiles command did not check the legality of all given parameters. With this update, the code has been modified and setfiles now correctly checks the legality of the given parameters. (BZ#1086456)
-
When the setfiles utility was executed with a non-existent directory specified, the command was supposed to return an error message but it did not. The underlying source code has been modified to fix this bug and the command now properly returns the error message in the described scenario. (BZ#1086572)
-
This update removes the incorrectly working sandbox "-c" option. (BZ#1091139)
-
The setfiles "-d" option shows what specification matches each file. The setfiles "-q" option suppresses a non-error output. Previously, it was possible to specify both options in one setfiles command, even though the options were contrary to each other. With this update, the options have been marked as mutually exclusive. As a result, an attempt to execute them at once fails and an error message is returned. (BZ#1098062)
-
An attempt to run the semanage command with the "-i" argument specified failed with a traceback. The underlying source code has been modified to fix this bug and "semanage -i" now works as expected. (BZ#1119726)
Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- policycoreutils-debuginfo-2.0.83-19.47.el6.i686.rpm
- policycoreutils-debuginfo-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-2.0.83-19.47.el6.i686.rpm
- policycoreutils-python-2.0.83-19.47.el6.i686.rpm
- policycoreutils-python-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-sandbox-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-python-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-gui-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-debuginfo-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-sandbox-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-newrole-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-sandbox-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-sandbox-2.0.83-19.47.el6.i686.rpm
- policycoreutils-gui-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-2.0.83-19.47.el6.src.rpm
- policycoreutils-gui-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-python-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-2.0.83-19.47.el6.ppc64.rpm
- policycoreutils-2.0.83-19.47.el6.s390x.rpm
- policycoreutils-gui-2.0.83-19.47.el6.i686.rpm
- policycoreutils-debuginfo-2.0.83-19.47.el6.x86_64.rpm
- policycoreutils-newrole-2.0.83-19.47.el6.i686.rpm
Fixes
- This content is not included.BZ - 913175
- This content is not included.BZ - 1002209
- This content is not included.BZ - 1028202
- This content is not included.BZ - 1032828
- This content is not included.BZ - 1043969
- This content is not included.BZ - 1122023
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.