-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-1409 2009-02-06 04:16:56 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 9 Version : 3.3.1 Release : 121.fc9 URL : http://serefpolicy.sourceforge.net Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2624. -------------------------------------------------------------------------------- Update Information: - Fixes in libraries.fc - Add milter policy -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2009 Miroslav Grepl <mgr...@redhat.com> 3.3.1-121 - Add milter policy * Fri Jan 30 2009 Miroslav Grepl <mgr...@redhat.com> 3.3.1-120 - Fixes in libraries.fc * Wed Jan 21 2009 Miroslav Grepl <mgr...@redhat.com> 3.3.1-119 - Add execstack for Podsleuth policy - Allow ssh read generic symbolic links in /var/lib * Tue Jan 13 2009 Miroslav Grepl <mgr...@redhat.com> 3.3.1-118 - Allow kismet read generic files in /usr - Lots of fixes for munin * Mon Jan 5 2009 Miroslav Grepl <mgr...@redhat.com> 3.3.1-117 - Add label to /var/run/mod_.* - Add label to /var/turboprint(/.*)? - Add radvd net_admin capability - Add 4321 to whois ports * Mon Dec 15 2008 Miroslav Grepl <mgr...@redhat.com> 3.3.1-116 - Allow uux to read mail queue files - Allow hplip to manage cupsd_tmp_t files - Allow spamc to read/write on anon_inodefs file systems - Allow spamc to read/write postfix_local pipes - Fix declaration of pki_ocsp port - Add temporarily label for dazukofs as nfs_t * Tue Dec 9 2008 Miroslav Grepl <mgr...@redhat.com> 3.3.1-115 - Allow rpcbind setgid capability - Allow NetworkManager send message to unpriv users * Mon Nov 24 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-114 - Add minimum policy - Split out doc package * Mon Nov 24 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-113 - Allow logwatch to report on network information * Thu Nov 20 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-112 - Allow automount to read nfs * Wed Nov 19 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-111 - Fix cyphesis policy * Thu Nov 13 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-110 - Allow openvpn to create /etc/openvpn/ipp.txt * Wed Nov 5 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-108 - Add label to /dev/mspblk.* * Mon Nov 3 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-107 - Allow kismet to send signals to itself - Allow NetworkManager to transition to dnsmasq * Tue Oct 28 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-105 - Allow spamd to manage exim spool * Mon Oct 20 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-104 - Remove mod_fcgid-selinux package * Mon Oct 20 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-103 - More fixes for new netoworkmanager - Fixes for MLS initrc scripts * Wed Oct 15 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-102 - Fix gutenburg press, google apps using wine * Wed Oct 8 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-101 - Add openconnect to vpn policy * Mon Oct 6 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-100 - Allow rsync to fownee and fsetid * Mon Oct 6 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-99 - Fix file contexts * Fri Oct 3 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-98 - Allow NetworkManager to transition to avahi and iptables * Mon Sep 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-97 - Define cupsd_interface_t * Mon Sep 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-96 - Add postgresql patch from KaiGai Kohei * Thu Sep 25 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-95 - Allow kismet to bind to port 2501 * Tue Sep 23 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-94 - Update to latest policy for NetworkManager * Mon Sep 22 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-93 - Add /dev/msp* support - Update prewikka support * Thu Sep 18 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-92 - Dontaudit attempts to write user_tmp_t by gssd_t * Mon Sep 15 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-91 - Allow nsplugin_cong dac capabilities. * Tue Sep 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-90 - Add rpcbind to mls policy - Fix up policy so permissive domains will work * Tue Sep 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-89 - Fix init script paths * Tue Sep 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-88 - Allow sendmail to transition to postfix_postdrop_t * Tue Aug 26 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-87 - Allow crontab to work for unconfined users - Allow courier_authdaemon_t to create sock_file in courier_spool directories * Thu Aug 14 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-86 - Allow prewika to write log files * Wed Aug 6 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-85 - Allow clamscan to connect to the clamd_port over tcp * Fri Aug 1 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-84 - Stop confinement of tmpreaper * Fri Aug 1 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-83 - Add 9051 to tor ports - Add textrel_shlib_t for bad novel library * Wed Jul 30 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-82 - Change mail_spool to be a files_mountpoint * Tue Jul 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-81 - Add boolean httpd_execmem - Add dontaudit for leaky pam_nssldap - Dontaudit ptrace of domains for staff_t * Thu Jul 24 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-80 - Allow system_crond_t to restart init scripts - Allow dnsmasq to bind to any udp port - Change dhclient to be able to red networkmanager_var_run * Thu Jul 17 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-79 - Allow xguest to communicate with hal - allow mozilla to communicate with networkmanager - Add kpropd policy * Tue Jul 8 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-78 - Allow unconfined_t to setfcap - Allow spamassassin to read razor lib files * Mon Jul 7 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-77 - Allow amanda to read tape - Allow prewikka cgi to use syslog, allow prelude_ausisp to signal audisp_t - Add support for netware file systems * Thu Jul 3 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-76 - Allow ypbind apps to net_bind_service * Wed Jul 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-75 - Fix transition from unconfined_t to dhcpc_t - Allow all system domains and application domains to append to any log file - allow sendmail to use courier_spool fifo files * Tue Jul 1 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-74 - Make virtd an unconfined domain * Sun Jun 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-73 - Allow exim to use system_cron pipes - Allow gdm to read rpm database - Allow nsplugin to read mplayer config files - Allow login programs to write to /var/run/pam directory (Encrypted directories) - Fixes for courier domain - Add courier domain to mls policy * Mon Jun 23 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-72 - Fix file context of real player * Mon Jun 23 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-71 - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server * Mon Jun 23 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-70 - Apply unconfined_execmem_exec_t to haskell programs * Sun Jun 22 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-69 - Fix prelude file context * Sun Jun 22 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-68 - Allow virt to getsched and setsched on qemu - Allow networkmanager to getattr on fixed disk * Wed Jun 4 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-66 - Add slattach policy for eparis testing * Mon Jun 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-65 - Allow bootloader to run mount in the users role * Mon Jun 2 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-64 - Allow policykit_resolve to ptrace all levels * Fri May 30 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-63 - Allow policykit_resolve to ptrace user processes * Fri May 30 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-61 - Allow policykit_resolve to read users process table * Thu May 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-60 - Allow policykit_resolve to read polkit_var_lib - Other policykit fixes * Thu May 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-59 - Allow oddjob to change roles * Thu May 29 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-58 - Allow policykit_resolve to getattr hal - Allow pyzor_t manage files user_pyzor_home_t * Wed May 28 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-57 - Allow dhcpc sys_nice - Allow handling of /var/run/video.rom - Allow policykit_resolve to use dbus * Wed May 21 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-56 - Fix vncserver transition to work properly in unconfined environment. - Allow virsh to run * Tue May 20 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-55 - More fixes for spamassassin * Tue May 20 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-54 - Allow spamassassin_t to be run by system_r * Mon May 19 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-53 - Add mono_exec to podsleuth * Fri May 16 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-52 - Allow httpd_suexec_t to use cgi scripts in home dir - Allow httpd_syexec_t to connect to mysql - Allow sasl to communicate with kerberos rhost cache - Fix vncserver to work again - Allow procmail to ioctl spamasssin_exec_t * Tue May 13 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-51 - Dontaudit dhcpc_t reading of domains state * Mon May 12 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-50 - Add sys_nice for audispd * Thu May 8 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-49 - Allow libvirtd sys_nice - Fixes for policykit - Allow dovecot getattr all filesystem directories * Wed May 7 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-48 - Allow amanada to create data files * Wed May 7 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-47 - Fix initial install, semanage setup * Tue May 6 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-46 - Allow system_r for httpd_unconfined_script_t * Wed Apr 30 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-45 - Remove dmesg boolean - Allow user domains to read/write game data * Mon Apr 28 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-44 - Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work * Mon Apr 28 2008 Dan Walsh <dwa...@redhat.com> 3.3.1-43 - Remove old booleans from targeted-booleans.conf file -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce