-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7877 2008-09-16 04:19:56 --------------------------------------------------------------------------------
Name : selinux-policy Product : Fedora 8 Version : 3.0.8 Release : 115.fc8 URL : http://serefpolicy.sourceforge.net Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2393. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 26 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-115 - Remove definition for /var/run/mod_fcgid(/.*)? * Tue Aug 12 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-114 - Allow bluetooth to read hwdate * Tue Aug 5 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-113 - dontaudit semanage config_tty - Allow samba to share fusefs * Thu Jul 24 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-112 - Change dhclient to be able to red networkmanager_var_run * Wed Jul 2 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-111 - Handle updated NetworkManager * Wed Jun 18 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-110 - Add cxoffice homedir context * Thu May 29 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-109 - Remove extra context for dbus * Tue May 20 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-106 - More fixes for network manager * Tue May 20 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-105 - Fixes for new network - Logs of fixes for networkmanager * Mon May 19 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-104 - Dontaudit reading of nfs by consolekit * Tue May 13 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-103 Fix labeling on /var/spool/fax and /var/spool/voice * Wed May 7 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-102 - Allow pam_console to setattr on cpu_device_t - Dontaudit pam_t writing homedir - Add sys_nice for audispd * Thu Apr 17 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-101 - Allow nfs to look at all filesystem directories * Tue Apr 15 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-100 - Dontaudit validating context when using kerberos libraries - Allow postfix_virtual write access to postfix_private sockets * Tue Apr 8 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-99 - Allow privoxy to write to /etc/privoxy/default\.action * Fri Apr 4 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-98 - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set - Allow fetchmail to manage sendmail_log * Fri Mar 28 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-97 - Allow stunnel apps to r/w the stunnel socket * Fri Mar 28 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-96 - Allow munin-node to bind to socket * Tue Mar 18 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-95 - Allow rythmbox to talk to avahi - Add prewikka policy * Mon Mar 17 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-94 - Correct labeling on /var/run/dmevent.* - Allow pam_t to read wtmp file - Allow squid to run chkpwd - Allow postfix_local to exec clamscan - Allow munin to listen on munin_port - Label /var/lib/cups-pdf correctly - Allow fail2ban to read etc_runtime files and to connectto itself - Label lustrefs and panfs as nfs_t - Allow kismet to talk to the terminal * Tue Mar 11 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-93 - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap * Tue Mar 4 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-92 - Fix openoffice policy to allow it to run from firefox on xguest * Tue Mar 4 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-92 - Fix openoffice policy to allow it to run from firefox on xguest * Tue Mar 4 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-91 - Allow rpc.mountd to write to lvm_control_t chr_file * Tue Mar 4 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-90 - Allow mozilla to auth_use_nsswitch - Change location of mock - Fix context on /usr/sbin/validate - allow vbetool to map low kernel memory - Allow fail2ban to connect to whois port - Allow bitlbee to read locale files - Allow clamd to execute shell - dontaudit setroubleshoot reading cifs and nfs files * Thu Feb 21 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-89 - Add jkubin changes for nx and groupadd - Add isns port * Wed Feb 20 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-88 - Add policy for /dev/autofs * Mon Feb 18 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-87 - Allow apmd to talk to consolekit via dbus * Fri Feb 15 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-86 - Add prelude/audisp policy * Tue Feb 12 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-85 - Fix cups executables labeling * Fri Feb 1 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-84 - Allow fail2ban to create sock_files in /var/run * Tue Jan 22 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-83 - Make oddjob_mkhomedir work with confined login domains * Tue Jan 22 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-82 - Allow xdm to sys_ptrace * Tue Jan 22 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-81 - Allow zebra to listen on port 521 * Thu Jan 17 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-79 - Add procmail_log support - Lots of fixes for munin - fixes for dnsmasq - Allow tmpreaper to delete aqmavis spool files * Wed Jan 16 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-78 - Allow procmal to signal pyzor * Tue Jan 15 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-77 - Allow daemons to write to cron fifo_files * Mon Jan 14 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-76 - Fix filecontext for networkmanagerlog files - Allow mount to read samba config - Fix label of /var/lib/tftpboot - Fix label of /usr/lib(64)?/xorg/modules/glesx.so - Fix label on /etc/NetworkManager/dispatcher.d/* - Allow httpd to send dbus messages * Thu Jan 3 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-75 - Alow postgrey to read postfix_etc_t - Lots of fixes to get javaplugin to run under xguest * Thu Jan 3 2008 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-74 - Allow updatedb to getatt on fifo_files * Mon Dec 31 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-73 - Fix specification for clamav and clamd log files * Sat Dec 22 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-72 - Fixes to make confined mozilla work better - Allow procmail to transition to spamd * Fri Dec 21 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-71 - add file context for nspluginwrapper * Fri Dec 21 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-70 - Allow mount.crypto to work - Allow fsck to read file_t * Wed Dec 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-69 - Allow ssh to read sym links in homedirs * Mon Dec 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-68 - Allow ldconfig to manage files in the homedir * Thu Dec 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-67 - Allow kdm to transition to bootloader_t through grub * Thu Dec 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-66 - Allow depmod to read tmp files from rpm - Dontaudit pam_timestamp_check access to ~.xsessions - Allow postfix_local to transition to dovecot_deliver - Allow postgrey to read postfix_spool * Tue Dec 4 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-65 - Allow httpd_sys_script_t to search users homedirs * Sun Dec 2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-64 - Allow xdm to list all filesystem directories * Wed Nov 28 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-63 - Change labeling on hpijs - Fix unconfined_u defintion - Set vmware to unconfiend domain, since policy is very good yet. * Mon Nov 26 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-62 - Allow xend to create xend_var_log_t directories - dontaudit setfiles relabel of /proc /sys caused by named-chroot - Add rules for pam_keyinit (setkeycreate, ipc_lock) - Allow mount to read unlabeled directorys for reiserfs * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-61 - Allow xguest to mount hal devices and read/write file systems - that do not support extended attributes. Allows kiosk users to - copy to usb media * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-60 - Allow cupsd to sigkill hplip_t - Allow automount to create fifo files * Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-59 - Allow logwatch to search all directories - Allow sendmail to use sasl - Allow system_mail_t to write to exim_log_t * Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-58 - Allow nmbd to list inotifyfs_t - Dontaudit consolekit access to user homedir - dontaudit nscd getserv and shmemserv - Allow rsync_t dac overrides - Allow xfs_t to listen to sockets * Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-57 - Allow lvm to search mnt - Add booleans for xguest account xguest_mount_media xguest_connect_network xguest_use_bluetooth * Thu Nov 15 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-56 - Remove /usr/sbin/gdm label - Label gstreamer codecs in homedir as textrel_shlib_t * Wed Nov 14 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-55 - Allow spamd to manage razor files * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-54 - Allow cyrus to authenticate via sasl - Allow sshd to work in tunnel mode - Allow sshd to use -R - Allow ssh to read user homedirs - Add /var/lib/tftp to tftp.fc - Add labels for /dev/dmmdi and /dev/admmdi - Allow postmap to be run by unconfined_t - Allow dictd to write pid file - Allow bluetooth to connectto unix_stream_sockets * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-53 - Allow bugzilla policy to connect to postgresql and mysql on other machines * Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-52 - Allow apache to read unconfined users content * Sat Nov 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-51 - Allow login programs to run mount - Dontaudit writes to user_home_t for semanage - Allow sendmail to write to cyrus_stream - Define /dev/dmmidi1 as a sound_device_t - Allow saslauthd to use nis_authentication * Fri Nov 9 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-50 - Allow login programs to delete user temp files * Thu Nov 8 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-49 - Separate xguest from guest - Allow confined domains to output to rpm pipes * Wed Nov 7 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-48 - Add obsoletes selinux-policy-strict - Run inetd unconfined - dontaudit loadkeys looking at homedir * Tue Nov 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-47 - Allow all dns_resolves to use avahi stream - Don't transition from unconfined_t to ping_t * Tue Nov 6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-46 - Allow sendmail to interact with winbind - Allow dovecot to write log files * Fri Nov 2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-45 - Allow system_mail_t to domtrans to exim_t -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce