[El-errata] ELBA-2026-3475 Oracle Linux 10 selinux-policy bug fix and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Mar 9 13:55:36 UTC 2026 

Oracle Linux Bug Fix Advisory ELBA-2026-3475

http://linux.oracle.com/errata/ELBA-2026-3475.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
selinux-policy-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-devel-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-doc-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-mls-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-mls-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-sandbox-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-targeted-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-targeted-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm

aarch64:
selinux-policy-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-devel-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-doc-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-mls-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-mls-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-sandbox-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-targeted-42.1.7-1.0.2.el10_1.1.noarch.rpm
selinux-policy-targeted-extra-42.1.7-1.0.2.el10_1.1.noarch.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/selinux-policy-42.1.7-1.0.2.el10_1.1.src.rpm



Description of changes:

[42.1.7-1.0.2.el10_1.1]
- Fix specfile triggers for fapolicyd and usbguard DSP modules [Orabug: 38681740] [Orabug: 38579739]
- Allow systemd_fstab_generator_t to read udev pid files [Orabug: 37139639]
- Allow systemd_fstab_generator_t to read sysfs filesystem [Orabug: 37139639]
- Allow systemd_fstab_generator_t to get attributs of fixed_disk_device_t and
  removable_device_t [Orabug: 37139639]
- Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
- Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
- Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make lsmd and rngd work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

[42.1.7-1.1]
- Allow nfsd_t domain setuid and setgid capability for rpc.mountd
Resolves: RHEL-148248

More information about the El-errata mailing list