-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-19179 2010-12-22 19:33:10 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 14 Version : 3.9.7 Release : 19.fc14 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: - Fixes for passenger policy - Allow staff user to execute mysql -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 22 2010 Miroslav Grepl <[email protected]> 3.9.7-19 - Fixes for passenger policy - Allow staff user to execute mysql * Thu Dec 16 2010 Miroslav Grepl <[email protected]> 3.9.7-18 - Other fixes for munin plugins policy * Wed Dec 15 2010 Miroslav Grepl <[email protected]> 3.9.7-17 - Fixes for sandbox policy - Add setuid capability for vpnc - Allow sandbox to run on nfs partitions - Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t * Fri Dec 10 2010 Miroslav Grepl <[email protected]> 3.9.7-16 - Allow boinc-project to read mtab - Fixes for clamscan * Mon Dec 6 2010 Miroslav Grepl <[email protected]> 3.9.7-15 - Allow mount fowner capability - Fix the label for wicd log - Allow avahi to request the kernel to load a module - Allow mpd to read alsa config * Wed Dec 1 2010 Miroslav Grepl <[email protected]> 3.9.7-14 - Allow clear dac overrides - Fix dirsrv.te to talk to rpcbind - certmonger needs to manage dirsrv data - Allow posftfix-smtpd to connect to dovecot unix domain stream socket - Allow ssh_keygen to generate files in /root/.ssh * Mon Nov 22 2010 Miroslav Grepl <[email protected]> 3.9.7-13 - Allow ddclient to fix file mode bits of ddclient conf file - Add labels for /etc/lirc directory - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0 * Thu Nov 18 2010 Miroslav Grepl <[email protected]> 3.9.7-12 - Add xdm_exec_bootloader boolean - Allow cgconfig fsetid capability - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Patch for Stephen Beahm for ulogd policy - Turn on pyzor policy * Mon Nov 15 2010 Miroslav Grepl <[email protected]> 3.9.7-11 - Allow mysqld-safe to send system log messages - Fix label for lxdm.sock - Fixes for ddclient policy - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Add label for acroread - Add dirsrv and dirsrv-admin policy - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp * Wed Nov 10 2010 Miroslav Grepl <[email protected]> 3.9.7-10 - Turn on ddclient policy - Allow mount to set the attributes of all mount points - Allow bitlbee setsched - Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Fixes for puppetmaster * Mon Nov 8 2010 Miroslav Grepl <[email protected]> 3.9.7-9 - Fixes for corosync policy - Add initial drbd policy - Allow mpd to be able to read samba/nfs files * Mon Nov 1 2010 Dan Walsh <[email protected]> 3.9.7-8 - Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon * Thu Oct 28 2010 Dan Walsh <[email protected]> 3.9.7-7 - Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/* * Fri Oct 22 2010 Dan Walsh <[email protected]> 3.9.7-6 - Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot * Tue Oct 19 2010 Dan Walsh <[email protected]> 3.9.7-5 - Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images -------------------------------------------------------------------------------- References: [ 1 ] Bug #664049 - KDE: kdepim (akonadi) 4.6 currently doesn't work w. confined domains https://bugzilla.redhat.com/show_bug.cgi?id=664049 [ 2 ] Bug #664122 - SELinux powstrzymuje smokeping.cgi przed używaniem plików z potencjalnie błędnymi etykietami /var/cache/fontconfig. https://bugzilla.redhat.com/show_bug.cgi?id=664122 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
