[El-errata] ELBA-2015-0985 Oracle Linux 7 selinux-policy bug fix and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue May 12 14:37:26 PDT 2015 

Oracle Linux Bug Fix Advisory ELBA-2015-0985

http://linux.oracle.com/errata/ELBA-2015-0985.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
selinux-policy-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-devel-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-doc-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-minimum-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-mls-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-sandbox-3.13.1-23.0.1.el7_1.7.noarch.rpm
selinux-policy-targeted-3.13.1-23.0.1.el7_1.7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-23.0.1.el7_1.7.src.rpm



Description of changes:

[3.13.1-23.0.1.el7_1.7]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.

[3.13.1-23.el7_7.7]
- Label /usr/libexec/postgresql-ctl as postgresql_exec_t
- Update virt_read_pid_files() interface to allow read also symlinks 
with virt_var_run_t type.
- Add labeling for /usr/libexec/mysqld_safe-scl-helper.
- Add support for /usr/libexec/mongodb-scl-helper RHSCL helper script.
Resolves:#1209942
- Allow mysqld_t to use pam.It is needed by MariDB if auth_apm.so auth 
plugin is used
Resolves:#1214236
- Added label mysqld_etc_t for /etc/my.cnf.d/ dir.
Resolves:#1214235
- Add support for mongod/mongos systemd unit files.
Resolves:#1214194

[3.13.1-23.el7_7.6]
- Make mongodb_t as nsswitch domain
- ALlow mongod execmem by default
Resolves:#1212970

[3.13.1-23.el7_7.5]
- Update policy/mls for sockets related to accept.
Resolves:#1207549

[3.13.1-23.el7_7.4]
- Update policy/mls for sockets. Rules were contradictory.
Resolves:#1207549

[3.13.1-23.el7_7.3]
- Dontaudit ifconfig writing inhertited /var/log/pluto.log.
Resolves:#1205580
- Update init_rw_tcp_sockets() interface to use getopt and setopt.

[3.13.1-23.el7_7.2]
- Use enable_mls instead of enabled_mls in userdomain.if
Resolves:#1204778

[3.13.1-23.el7_7.1]
- Allow a user to login with different security level via ssh.
Resolves:#1204778

More information about the El-errata mailing list