-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-4572 2007-12-27 00:45:13.573861 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 8 Version : 3.0.8 Release : 69.fc8 URL : http://serefpolicy.sourceforge.net Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2393. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-69 - Allow ssh to read sym links in homedirs * Mon Dec 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-68 - Allow ldconfig to manage files in the homedir * Thu Dec 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-67 - Allow kdm to transition to bootloader_t through grub * Thu Dec 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-66 - Allow depmod to read tmp files from rpm - Dontaudit pam_timestamp_check access to ~.xsessions - Allow postfix_local to transition to dovecot_deliver - Allow postgrey to read postfix_spool * Tue Dec 4 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-65 - Allow httpd_sys_script_t to search users homedirs * Sun Dec 2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-64 - Allow xdm to list all filesystem directories * Wed Nov 28 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-63 - Change labeling on hpijs - Fix unconfined_u defintion - Set vmware to unconfiend domain, since policy is very good yet. * Mon Nov 26 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-62 - Allow xend to create xend_var_log_t directories - dontaudit setfiles relabel of /proc /sys caused by named-chroot - Add rules for pam_keyinit (setkeycreate, ipc_lock) - Allow mount to read unlabeled directorys for reiserfs * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-61 - Allow xguest to mount hal devices and read/write file systems - that do not support extended attributes. Allows kiosk users to - copy to usb media * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-60 - Allow cupsd to sigkill hplip_t - Allow automount to create fifo files * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-59 - Allow logwatch to search all directories - Allow sendmail to use sasl - Allow system_mail_t to write to exim_log_t * Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-58 - Allow nmbd to list inotifyfs_t - Dontaudit consolekit access to user homedir - dontaudit nscd getserv and shmemserv - Allow rsync_t dac overrides - Allow xfs_t to listen to sockets * Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-57 - Allow lvm to search mnt - Add booleans for xguest account xguest_mount_media xguest_connect_network xguest_use_bluetooth * Thu Nov 15 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-56 - Remove /usr/sbin/gdm label - Label gstreamer codecs in homedir as textrel_shlib_t * Wed Nov 14 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-55 - Allow spamd to manage razor files * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-54 - Allow cyrus to authenticate via sasl - Allow sshd to work in tunnel mode - Allow sshd to use -R - Allow ssh to read user homedirs - Add /var/lib/tftp to tftp.fc - Add labels for /dev/dmmdi and /dev/admmdi - Allow postmap to be run by unconfined_t - Allow dictd to write pid file - Allow bluetooth to connectto unix_stream_sockets * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-53 - Allow bugzilla policy to connect to postgresql and mysql on other machines * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-52 - Allow apache to read unconfined users content * Sat Nov 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-51 - Allow login programs to run mount - Dontaudit writes to user_home_t for semanage - Allow sendmail to write to cyrus_stream - Define /dev/dmmidi1 as a sound_device_t - Allow saslauthd to use nis_authentication * Fri Nov 9 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-50 - Allow login programs to delete user temp files * Thu Nov 8 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-49 - Separate xguest from guest - Allow confined domains to output to rpm pipes * Wed Nov 7 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-48 - Add obsoletes selinux-policy-strict - Run inetd unconfined - dontaudit loadkeys looking at homedir * Tue Nov 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-47 - Allow all dns_resolves to use avahi stream - Don't transition from unconfined_t to ping_t * Tue Nov 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-46 - Allow sendmail to interact with winbind - Allow dovecot to write log files * Fri Nov 2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-45 - Allow system_mail_t to domtrans to exim_t -------------------------------------------------------------------------------- Updated packages: 7cda4c34febd072446f70fb21f1e0064d55af1e5 selinux-policy-mls-3.0.8-69.fc8.noarch.rpm eb2e19eae03d19296e85e506b9eea7ed481fcb95 selinux-policy-targeted-3.0.8-69.fc8.noarch.rpm 281749261d7eea101a02fe9360e86b1076326822 selinux-policy-devel-3.0.8-69.fc8.noarch.rpm 911ac5b50cd1947c634deeabcaa2972649e36973 selinux-policy-3.0.8-69.fc8.noarch.rpm 1b9156c94c76761edb230185aee34903fa1c64f6 selinux-policy-3.0.8-69.fc8.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce