--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-a15b7e7314
2021-09-30 01:12:40.914776
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 34
Version : 34.21
Release : 1.fc34
URL :
https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux core policy package.
Originally based off of reference policy,
the policy has been adjusted to provide support for Fedora.
--------------------------------------------------------------------------------
Update Information:
New F34 selinux-policy build
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 23 2021 Zdenek Pytela <zpytela(a)redhat.com> - 34.21-1
- Add bluetooth-related permissions into a tunable block
- Allow gnome at-spi processes create and use stream sockets
- Allow usbmuxd get attributes of tmpfs_t filesystems
- Allow fprintd install a sleep delay inhibitor
- Allow collectd get attributes of infiniband devices
- Allow collectd create and user netlink rdma socket
- Allow collectd map packet_socket
- Allow snort create and use blootooth socket
- Allow systemd watch and watch_reads console devices
- Allow snort create and use generic netlink socket
- Allow NetworkManager dbus chat with fwupd
- Allow unconfined domains read/write domain perf_events
- Allow scripts to enter LUKS password
- Update mount_manage_pid_files() to use manage_files_pattern
- Support hitless reloads feature in haproxy
- Allow haproxy list the sysfs directories content
- Allow gnome at-spi processes get attributes of tmpfs filesystems
- Allow unbound connectto unix_stream_socket
- Allow rhsmcertd_t dbus chat with anaconda install_t
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1883507 - collectd triggers a few SELinux denials - infiniband, RDMA, packet
socket
https://bugzilla.redhat.com/show_bug.cgi?id=1883507
[ 2 ] Bug #1954380 - SELinux is preventing usbmuxd from 'getattr' accesses on
the filesystem /dev/shm.
https://bugzilla.redhat.com/show_bug.cgi?id=1954380
[ 3 ] Bug #1993692 - SELinux is preventing snort from 'create' accesses on the
bluetooth_socket labeled snort_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1993692
[ 4 ] Bug #1993693 - SELinux is preventing snort from 'create' accesses on the
netlink_generic_socket labeled snort_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1993693
[ 5 ] Bug #1999526 - avc: denied { watch watch_reads }
comm="systemd-tty-ask" path="/dev/tty1
https://bugzilla.redhat.com/show_bug.cgi?id=1999526
[ 6 ] Bug #2001219 - AVC denial of StandardInput=tty in a service
https://bugzilla.redhat.com/show_bug.cgi?id=2001219
[ 7 ] Bug #2003451 - SELinux is preventing at-spi-bus-laun from 'getattr'
accesses on the filesystem /dev/shm.
https://bugzilla.redhat.com/show_bug.cgi?id=2003451
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-a15b7e7314' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------