Fedora Linux 8772 Published by

A selinux-policy security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: selinux-policy-3.14.6-25.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-8f3381648b
2020-09-02 15:41:58.309847
--------------------------------------------------------------------------------

Name : selinux-policy
Product : Fedora 33
Version : 3.14.6
Release : 25.fc33
URL :   https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117

--------------------------------------------------------------------------------
Update Information:

New F33 selinux-policy build.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 27 2020 Zdenek Pytela - 3.14.6-25
- Allow certmonger fowner capability
- The nfsdcld service is now confined by SELinux
- Change transitions for ~/.config/Yubico
- Allow all users to connect to systemd-userdbd with a unix socket
- Add file context for ~/.config/Yubico
- Allow syslogd_t domain to read/write tmpfs systemd-bootchart files
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Revert "Allow passwd to get attributes in proc_t"
- Revert "Allow login_pgm attribute to get attributes in proc_t"
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Allow traceroute_t and ping_t to bind generic nodes.
- Create macro corenet_icmp_bind_generic_node()
- Allow unconfined_t to node_bind icmp_sockets in node_t domain
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1848929 - ping causes AVC
  https://bugzilla.redhat.com/show_bug.cgi?id=1848929
[ 2 ] Bug #1853730 - Multiple "denied { getattr } for pid=856 comm="login" name="/" dev="proc"" AVCs with Fedora-Rawhide-20200703.n.0
  https://bugzilla.redhat.com/show_bug.cgi?id=1853730
[ 3 ] Bug #1865748 - SELinux prevents systemd-nspawn from launching a machine
  https://bugzilla.redhat.com/show_bug.cgi?id=1865748
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-8f3381648b' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys