SELinux не торт

> для Ъ не получится... не помещается.

Многобукв? Тем более нет стимула давить на ссылку!

Manhunt ★★★★★
(02.12.09 15:45:22 MSK)

Ссылка

selinux-policy-3.6.32-49.fc12 bugfix update
Release: Fedora 12
Update ID: FEDORA-2009-12131
Builds: selinux-policy-3.6.32-49.fc12 (logs)
Date Released: 2009-11-25 13:36:30
Status: stable
Submitter: dwalsh
Karma: 4

Details

Fixes many bugs including

- Abrt connect to any port
- Dontaudit chrome-sandbox trying to getattr on all processes
- Allow passwd to execute gnome-keyring
- Allow chrome_sandbox_t to read home content inherited from the parent
- Fix eclipse labeling
- Allow mozilla to connect to flash port
- Allow pulseaudio to connect to unix_streams
- Allow sambagui to read secrets file
- Allow mount to mount unlabeled files
- ALlow abrt to use ypbind, send kill signals
- Allow arpwatch to create socket class
- Allow asterisk to read urand
- Allow corosync to communicate with user tmpfs
- Allow devicedisk to read virt images block devices
- Allow gpsd to sys_tty_config
- Fix nagios interfaces
- Policy for nagios plugins
- Fixes for nx
- Allow rtkit_daemon to read locale file
- Allow snort to create socket
- Additional perms for xauth
- lots of textrel_lib_t file context

~~linux4ever~~
(02.12.09 15:51:49 MSK)

Ссылка

538237 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox access to a leaked /dev/tty1 file descriptor.
538262 - SELinux is preventing /usr/bin/python «create» access on rpmfusion-free-debuginfo.
538310 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser «read» access on chromium.
538369 - SELinux is preventing /opt/ibm/lotus/notes/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.1.20090925-1604/linux/x86/notes2 from making the program stack executable.
538389 - SELinux is preventing /bin/bash «getattr» access on /bin/uname.
538390 - SELinux is preventing /sbin/consoletype access to a leaked /tmp/.webmin/727338_1_start.cgi file descriptor.
538396 - SELinux is preventing /bin/bash «getattr» access on /var/run/mysqld/mysqld.pid.
538397 - SELinux is preventing /bin/rm «write» access on /var/run/mysqld.
538427 - SELinux is preventing /usr/Aptana Studio 2.0/AptanaStudio from making the program stack executable.
538461 - SELinux is preventing /usr/sbin/avahi-autoipd «create» access.
538494 - setkey_t fails to request module load for af_key
538569 - SELinux is preventing /usr/bin/xauth «read» access on /proc/<pid>/status.
538581 - SELinux is preventing /usr/libexec/rtkit-daemon (deleted) «setsched» access.
538582 - SELinux is preventing /usr/libexec/rtkit-daemon (deleted) «setsched» access.
538587 - SELinux is preventing nautilus (xguest_t) «getattr» proc_mdstat_t.
538641 - SELinux is preventing /usr/lib/thunderbird-3.0b4/thunderbird-bin from loading /home/suresh/.thunderbird/q6va9077.default/extensions/{340c2bbc-ce74-4362-90b5-7c26312808ef}/platform/Linux_x86-gcc3/components/WeaveCrypto.so which requires text relocation.
538661 - SELinux is preventing /usr/bin/python «search» access on 16049.
538664 - racoon_t needs to load ipsec modules
538666 - SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/bin/java from loading /home/liveuser/.juniper_networks/network_connect/libncui.so which requires text relocation.
538667 - SELinux is preventing /bin/mount «mount» access on /.
538672 - SELinux prevented mount from mounting on the file or directory «/mnt/live» (type «iso9660_t»).
538708 - SELinux is preventing /usr/sbin/arpwatch «create» access.
538728 - SELinux is preventing /home/lonnie/Programs/Songbird/songbird-bin from loading /home/lonnie/Programs/Songbird/components/sbMediacoreManager.so which requires text relocation.
538811 - SELinux is preventing /usr/sbin/named access to a leaked /tmp/.webmin/305863_1_start.cgi file descriptor.
538843 - SELinux is preventing /usr/bin/gdb «read» access on nppdf.so.
538992 - SELinux prevented abrtd from using NIS (yp).
538998 - SELinux is preventing /usr/sbin/abrtd «name_bind» access.
539295 - SELinux is preventing /usr/sbin/NetworkManager «read» access on /var/lib/NetworkManager/NetworkManager.state.
539399 - SELinux is preventing /usr/sbin/NetworkManager «read» access on /var/lib/NetworkManager/NetworkManager.state.
539415 - SELinux is preventing /usr/bin/nautilus (deleted) «setattr» access on mounts.
539519 - SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files /var/run/pcscd.pub.
539549 - SELinux is preventing /usr/bin/xauth «write» access on /var/lib/nxserver/home.
539581 - SELinux is preventing /usr/bin/abrt-pyhook-helper «write» access on /var/cache/abrt.
539603 - SELinux is preventing /usr/libexec/pk-gstreamer-install from loading /usr/lib64/gstreamer-0.10/libgstffmpeg.so which requires text relocation.
539619 - SELinux is preventing /usr/bin/xauth «getattr» access on /home.
539630 - SELinux is preventing /usr/bin/abrt-pyhook-helper «write» access on /var/run/nscd/socket.
539707 - SELinux is preventing /usr/lib64/nagios/plugins/check_disk «getattr» access on /dev/sdb1.
539708 - SELinux is preventing /usr/bin/xauth «getattr» access on /tmp.
539750 - SELinux is preventing the /usr/lib/chromium-browser/chromium-browser from using potentially mislabeled files (/home/akshay/.config/chromium/Dictionaries/en-US-1-2.bdic).

~~linux4ever~~
(02.12.09 15:52:50 MSK)

Ссылка

539754 - SELinux is preventing /usr/lib/chromium-browser/chrome-sandbox «getattr» access on /proc/<pid>.
539810 - SELinux is preventing /usr/lib/vmware/bin/appLoader from loading /usr/lib/vmware/lib/libvmware-gksu.so/libvmware-gksu.so which requires text relocation.
539817 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox «read» access on /proc.
539822 - SELinux is preventing /opt/Komodo-Edit-5/lib/mozilla/komodo-bin from making the program stack executable.
539824 - SELinux is preventing /opt/Komodo-Edit-5/lib/mozilla/komodo-bin from loading /opt/Komodo-Edit-5/lib/python/lib/python2.6/lib-dynload/_ssl.so which requires text relocation.
539835 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox «read» access on /proc.
539888 - SELinux is preventing avidemux2_gtk from loading /usr/lib/ADM_plugins/videoFilter/libADM_vf_FluxSmooth.so which requires text relocation.
539958 - SELinux is preventing /usr/bin/python «create» access.
539959 - SELinux is preventing /usr/bin/python «connect» access.
539964 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox «read» access on 0.
539977 - SELinux is preventing the /usr/lib64/chromium-browser/chromium-browser from using potentially mislabeled files (/home/yankee/.config/chromium/Dictionaries/nl-NL-1-1.bdic).
539988 - SELinux is preventing /usr/sbin/snort-plain «create» access.
539998 - SELinux is preventing /usr/sbin/sshd «read» access on /usr/NX/home/nx/.ssh/authorized_keys2
540027 - SELinux prevented asterisk from reading from the urandom device.
540107 - SELinux is preventing /usr/bin/pdbedit «read write» access on passdb.tdb.
540112 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox «search» access on 66.
540173 - SELinux is preventing /usr/bin/python «name_connect» access.
540181 - SELinux is preventing /usr/bin/python «create» access.
540210 - SELinux is preventing firefox-bin from loading /usr/lib/firefox-2.0.20/extensions/talkback@mozilla.org/components/libqfaservices.so which requires text relocation.
540241 - SELinux is preventing /usr/bin/xauth access to a leaked console file descriptor.
540345 - SELinux is preventing /usr/lib64/chromium-browser/chrome-sandbox «open» access on /proc.
540346 - SELinux is preventing /usr/libexec/pk-gstreamer-install from loading /usr/lib/gstreamer-0.10/libgstflump3dec.so which requires text relocation.
540367 - SELinux is preventing /usr/bin/passwd «execute» access on /usr/bin/gnome-keyring-daemon.
540385 - SELinux is preventing /usr/sbin/gpsd «sys_tty_config» access.
540445 - SELinux is preventing /usr/libexec/rtkit-daemon «read» access on /etc/localtime.
540522 - SELinux is preventing /usr/bin/vlc from loading /usr/lib/libx264.so.68 which requires text relocation.
540564 - SELinux is preventing /usr/bin/python from loading /usr/lib/cedega/gddb_parser32_1013.so which requires text relocation.
540583 - SELinux is preventing /usr/sbin/abrtd (deleted) «kill» access.
540586 - SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/bin/java from loading /home/art/.jagex_cache_32/runescape/libjaggl_dri.so which requires text relocation.
540590 - SELinux is preventing /usr/bin/nautilus from loading /usr/lib/gstreamer-0.10/libgstflump3dec.so which requires text relocation.
533486 - SELinux is preventing /usr/lib64/nspluginwrapper/plugin-config from making the program stack executable.
533694 - SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files settings.php.
534001 - SELinux is preventing /usr/lib/firefox-3.5.4/firefox from loading /home/jlaska/.mozilla/firefox/fbf1b42a.default/extensions/lazarus@interclue.com/platform/Linux_x86-gcc3/components/WeaveCrypto.so which requires text relocation.
537816 - SELinux is preventing /usr/libexec/rtkit-daemon «setsched» access.
537963 - SELinux is preventing /usr/bin/mod_install from loading /usr/lib/libtfmessbsp.so which requires text relocation.
537967 - SELinux is preventing /usr/bin/avidemux2_gtk from loading /usr/lib/libADM5avcodec.so.52 which requires text relocation.
538060 - SELinux is preventing /usr/sbin/uuxqt «execute» access on /bin/bash.
538061 - SELinux is preventing /usr/sbin/uuxqt «execute» access on /usr/sbin/sendmail.postfix.
538162 - SELinux is preventing /usr/bin/python «lock» access on /sys/devices/platform/dcdbas/smi_request.
538195 - SELinux is preventing /opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins/com.ibm.rcp.base_6.2.0.20090525-1200/linux/x86/symphony from making the program stack executable.
538197 - SELinux is preventing /usr/bin/abrt-pyhook-helper «write» access on abrt.