Recommended update for selinux-policy

Announcement ID:	SUSE-RU-2024:0151-1
Rating:	moderate
References:	bsc#1215423 bsc#1216060
Affected Products:	openSUSE Leap Micro 5.3 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro for Rancher 5.3

An update that has two fixes can now be installed.

Description:

This update for selinux-policy fixes the following issues:

• Allow keepalived_t read+write kernel_t pipes (bsc#1216060)
• Support new PING_CHECK health checker in keepalived
• Allow init to run bpf programs. We do this during early startup (bsc#1215423)
• Allow sysadm_t run kernel bpf programs

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap Micro 5.3
  zypper in -t patch openSUSE-Leap-Micro-5.3-2024-151=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2024-151=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2024-151=1

Package List:

• openSUSE Leap Micro 5.3 (noarch)
  • selinux-policy-targeted-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-devel-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-20210716+git65.8c9b6599-150400.5.12.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
  • selinux-policy-targeted-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-devel-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-20210716+git65.8c9b6599-150400.5.12.1
• SUSE Linux Enterprise Micro 5.3 (noarch)
  • selinux-policy-targeted-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-devel-20210716+git65.8c9b6599-150400.5.12.1
  • selinux-policy-20210716+git65.8c9b6599-150400.5.12.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1215423
• https://bugzilla.suse.com/show_bug.cgi?id=1216060