[El-errata] ELBA-2017-0084 Oracle Linux 7 selinux-policy bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jan 18 04:34:39 PST 2017
Oracle Linux Bug Fix Advisory ELBA-2017-0084
http://linux.oracle.com/errata/ELBA-2017-0084.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
selinux-policy-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-devel-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-doc-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-minimum-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-mls-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-sandbox-3.13.1-102.0.2.el7_3.13.noarch.rpm
selinux-policy-targeted-3.13.1-102.0.2.el7_3.13.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/selinux-policy-3.13.1-102.0.2.el7_3.13.src.rpm
Description of changes:
[3.13.1-102.0.2.13]
- selinux-policy includes updated docker selinux policy [Orabug
24697785] (thomas.tanaka)
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type.
[3.13.1-102.13]
- Allow systemd container to read/write usermodehelperstate
Resolves: rhbz#1408126
- Allow glusterd_t to bind on glusterd_port_t udp ports.
Resolves: rhbz#1408128
[3.13.1-102.12]
- Allow glusterd_t to bind on glusterd_port_t udp ports.
Resolves: rhbz#1408128
- Allow glusterd_t send signals to userdomain. Label new glusterd
binaries as glusterd_exec_t
Resolves: rhbz#1408128
- Fixes for containers
- Allow containers to attempt to write to unix_sysctls.
- Allow cotainers to use the FD's leaked to them from parent processes.
Resolves: rhbz#1408126
- Allow systemd to stop glusterd_t domains.
Resolves: rhbz#1408125
[3.13.1-102.11]
- Update ctdbd_t policy to reflect all changes.
Resolves: rhbz#1403266
[3.13.1-102.10]
- Allow ctdbd_t domain transition to rpcd_t
Resolves:rhbz#1403266
[3.13.1-102.9]
- Make working CTDB:NFS: CTDB failover from selinux-policy POV
Resolves: rhbz#1403266
[3.13.1-102.8]
- Allow puppetagent_t to access timedated dbus. Use the
systemd_dbus_chat_timedated interface to allow puppetagent_t the access.
Resolves: rhbz#1400505
More information about the El-errata
mailing list