-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a79a6bdd37 2023-08-12 04:19:56.585852 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 38 Version : 38.24 Release : 1.fc38 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux core policy package. Originally based off of reference policy, the policy has been adjusted to provide support for Fedora. -------------------------------------------------------------------------------- Update Information: New F38 selinux-policy build -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 4 2023 Zdenek Pytela <zpytela@xxxxxxxxxx> - 38.24-1 - Allow rhsmcertd dbus chat with policykit - Allow polkitd execute pkla-check-authorization with nnp transition - Allow user_u and staff_u get attributes of non-security dirs - Allow unconfined user filetrans chrome_sandbox_home_t - Allow svnserve execute postdrop with a transition - Do not make postfix_postdrop_t type an MTA executable file - Allow samba-dcerpc service manage samba tmp files - Add use_nfs_home_dirs boolean for mozilla_plugin - Fix labeling for no-stub-resolv.conf * Wed Aug 2 2023 Zdenek Pytela <zpytela@xxxxxxxxxx> - 38.23-1 - Revert "Allow winbind-rpcd use its private tmp files" - Allow upsmon execute upsmon via a helper script - Allow openconnect vpn read/write inherited vhost net device - Allow winbind-rpcd use its private tmp files - Update samba-dcerpc policy for printing - Allow gpsd,oddjob,oddjob_mkhomedir rw user domain pty - Allow nscd watch system db dirs - Allow qatlib to read sssd public files - Allow fedora-third-party read /sys and proc - Allow systemd-gpt-generator mount a tmpfs filesystem - Allow journald write to cgroup files - Allow rpc.mountd read network sysctls - Allow blueman read the contents of the sysfs filesystem - Allow logrotate_t to map generic files in /etc - Boolean: Allow virt_qemu_ga create ssh directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #2221507 - SELinux is preventing openconnect from read, write access on the chr_file vhost-net. https://bugzilla.redhat.com/show_bug.cgi?id=2221507 [ 2 ] Bug #2223218 - SELinux is preventing systemd-journal from 'write' accesses on the file memory.pressure. https://bugzilla.redhat.com/show_bug.cgi?id=2223218 [ 3 ] Bug #2224461 - SELinux is preventing blueman-mechani from 'read' accesses on the file possible. https://bugzilla.redhat.com/show_bug.cgi?id=2224461 [ 4 ] Bug #2224776 - SELinux is preventing rpc.mountd from 'search' accesses on the directory net. https://bugzilla.redhat.com/show_bug.cgi?id=2224776 [ 5 ] Bug #2228245 - Missing execute_no_trans policy for nut stack: upsmon -> upssched -> script > upsmon https://bugzilla.redhat.com/show_bug.cgi?id=2228245 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a79a6bdd37' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue