Bug 1264 - [UPDATE REQUEST] [UPSTREAM UPDATE] selinux-policy
: [UPDATE REQUEST] [UPSTREAM UPDATE] selinux-policy
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-18 23:27 MSK by Andrew Lukoshko
Modified: 2012-12-21 14:07 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2012-12-18 23:27:04 MSK
Updated selinux-policy from RHEL6 upstream.

Advisory:
* Due to a bug in the SELinux policy, it was not possible to run a cron job with
a valid MLS (Multi Level Security) context for the sysadm_u SELinux user. This
update fixes relevant SELinux policy rules and cron now works as expected in the
described scenario.

* Previously, SELinux prevented "rhevm-guest-agent-gdm-plugin" to connect to the
SO_PASSCRED UNIX domain socket. Consequently, Single Sign-On (SSO) did not work
because the access to the credential socket was blocked. This update fixes the
relevant policy and SSO now works as expected in the described scenario.

http://rhn.redhat.com/errata/RHBA-2012-1581.html

Build lists:
https://abf.rosalinux.ru/build_lists/857423
https://abf.rosalinux.ru/build_lists/857424
Comment 1 Vladimir Potapov 2012-12-21 13:56:59 MSK
selinux-policy-3.7.19-155.res6.13
******************* RHEL Advisory *********************
Due to a bug in the SELinux policy, it was not possible to run a cron job with
a valid MLS (Multi Level Security) context for the sysadm_u SELinux user. This
update fixes relevant SELinux policy rules and cron now works as expected in the
described scenario.

* Previously, SELinux prevented "rhevm-guest-agent-gdm-plugin" to connect to the
SO_PASSCRED UNIX domain socket. Consequently, Single Sign-On (SSO) did not work
because the access to the credential socket was blocked. This update fixes the
relevant policy and SSO now works as expected in the described scenario
*******************************************************
QA Verified