Product SiteDocumentation Site

1.199. system-config-securitylevel

1.199.1. RHBA-2009:1656: bug fix update


This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1656
Updated system-config-securitylevel packages that fix several bugs are now available.
system-config-securitylevel is a graphical program for configuring firewall and SELinux settings.
These updated packages address the following bugs:
* when a new port is added to a firewall -- via the Firewall Options > Other ports > Add dialog box -- its service name is derived from the port number. Service names containing hyphens (eg iascontrol-oms, 1156/TCP, the Oracle Application Server control port) were incorrectly assumed to be port ranges. This caused them to be split, with the individual sections found to be invalid. Note: this validation failure did not prevent the port from being added to the firewall, as could be seen with the iptables-save command. The port was not listed in the "Other ports" list, however. With this update service names with hyphens are treated correctly, the added port is validated correctly and it is listed in "Other ports" as expected. (BZ#503588)
* system-config-securitylevel-tui, the text-based equivalent to system-config-securitylevel, relies on the setenforce command but did not have an explicit dependency on libselinux, the package that provides the setenforce command. With this update, the system-config-securitylevel spec file has been updated to require libselinux, ensuring system-config-securitylevel-tui always has the setenforce command available as needed. (BZ#532947)
* lokkit calls referenced setenforce without explicitly noting its path: /usr/sbin/setenforce. The default PATH for ordinary users on Red Hat Enterprise Linux does not include /usr/sbin/, however. If such users had sudo-based permission to run system-config-securitylevel-tui, attempting to run this application resulted in a "sh: setenforce: command not found" error. lokkit now references setenforce's path explicitly and ordinary users with appropriate permissions can run system-config-securitylevel-tui as expected. Note: /usr/sbin is in the default PATH of the root user on Red Hat Enterprise Linux. If system-config-securitylevel-tui was only run by the root user, this error did not present. (BZ#532948)
All users are advised to upgrade to these updated packages, which resolve these issues.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.