Scientific Linux alert SL-seli-20120214 (selinux-policy)

From:
    	     
 
Pat Riehecky <riehecky@fnal.gov> 
To:
    	     
 
"SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
    <SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 
Subject:
    	     
 
Security ERRATA Low: selinux-policy on SL6.x i386/x86_64 
Date:
    	     
 
Tue, 14 Feb 2012 10:20:17 -0600
Message-ID:
    	     
 
<4F3A89C1.1080103@fnal.gov>
Archive-link:
    	     
 
Article, Thread
              
Synopsis: Low: selinux-policy enhancement update
Issue date: 2012-02-13


The selinux-policy packages contain the rules that govern how confined 
processes
run on the system.

This update fixes the following bug:

* An incorrect SELinux policy prevented the qpidd service from starting. 
These
selinux-policy packages contain updated SELinux rules, which allow the qpidd
service to be started correctly.

* With SELinux in enforcing mode, the ssh-keygen utility was prevented from
access to various applications and thus could not be used to generate 
SSH keys
for these programs. With this update, the "ssh_keygen_t" SELinux domain 
type has
been implemented as unconfined, which ensures the ssh-keygen utility to work
correctly.

All users of selinux-policy are advised to upgrade to these updated 
packages,
which fix these bugs.



SL6.x

SRPMS:
selinux-policy-3.7.19-126.el6_2.6.src.rpm

i386:
selinux-policy-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-doc-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-minimum-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-mls-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-targeted-3.7.19-126.el6_2.6.noarch.rpm

x86_64:
selinux-policy-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-doc-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-minimum-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-mls-3.7.19-126.el6_2.6.noarch.rpm
selinux-policy-targeted-3.7.19-126.el6_2.6.noarch.rpm