Bug 1064 - [UPDATE REQUEST] [UPSTREAM UPDATE] selinux-policy
: [UPDATE REQUEST] [UPSTREAM UPDATE] selinux-policy
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-11 08:58 MSK by Andrew Lukoshko
Modified: 2013-10-23 13:30 MSD (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2012-11-11 08:58:31 MSK
Updated selinux-policy from RHEL6 upstream.

Advisory:
* Previously, SELinux was blocking the /usr/libexec/qemu-kvm utility during a
migration of a virtual machine from Red Hat Enterprise Virtualization Manager.
Consequently, such a migration attempt failed and AVC messages were returned.
This update fixes the virt_use_fusefs boolean and adds the sanlock_use_fusefs
boolean, thus allowing the migration to succeed in the described scenario.
* When trying to start a virtual machine on a POSIX-compliant file system,
SELinux denied the operation and returned AVC messages. This update amends the
SELinux policy to allow the described scenario to succeed.
http://rhn.redhat.com/errata/RHBA-2012-1441.html

Build lists:
https://abf.rosalinux.ru/build_lists/844323
https://abf.rosalinux.ru/build_lists/844324

Install:
i686: yum install http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844323/RPMS/selinux-policy-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844323/RPMS/selinux-policy-minimum-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844323/RPMS/selinux-policy-mls-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844323/RPMS/selinux-policy-targeted-3.7.19-155.res6.6.noarch.rpm

x86_64: yum install http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844324/RPMS/selinux-policy-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844324/RPMS/selinux-policy-minimum-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844324/RPMS/selinux-policy-mls-3.7.19-155.res6.6.noarch.rpm http://abf.rosalinux.ru/downloads/rosa-server2012/container/selinux-policy-844324/RPMS/selinux-policy-targeted-3.7.19-155.res6.6.noarch.rpm

Please DON'T PUBLISH, just test.
Comment 1 Andrew Lukoshko 2012-11-19 19:14:49 MSK
Package is updated once again:
https://abf.rosalinux.ru/build_lists/847408
https://abf.rosalinux.ru/build_lists/847409

Advisory:
* An SELinux policy for openshift packages has been added.

Previous update is outdated.
Comment 2 Vladimir Potapov 2012-11-21 11:54:33 MSK
selinux-policy-3.7.19-155.res6.8
********************** RHEL Advisory ****************
* Previously, SELinux was blocking the /usr/libexec/qemu-kvm utility during a
migration of a virtual machine from Red Hat Enterprise Virtualization Manager.
Consequently, such a migration attempt failed and AVC messages were returned.
This update fixes the virt_use_fusefs boolean and adds the sanlock_use_fusefs
boolean, thus allowing the migration to succeed in the described scenario.
* When trying to start a virtual machine on a POSIX-compliant file system,
SELinux denied the operation and returned AVC messages. This update amends the
SELinux policy to allow the described scenario to succeed.
******************************************************
QA Verified