--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4572
2007-12-27 00:45:13.573861
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 8
Version     : 3.0.8
Release     : 69.fc8
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2393.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-69
- Allow ssh to read sym links in homedirs
* Mon Dec 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-68
- Allow ldconfig to manage files in the homedir
* Thu Dec  6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-67
- Allow kdm to transition to bootloader_t through grub
* Thu Dec  6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-66
- Allow depmod to read tmp files from rpm
- Dontaudit pam_timestamp_check access to ~.xsessions
- Allow postfix_local to transition to dovecot_deliver
- Allow postgrey to read postfix_spool
* Tue Dec  4 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-65
- Allow httpd_sys_script_t to search users homedirs
* Sun Dec  2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-64
- Allow xdm to list all filesystem directories
* Wed Nov 28 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Set vmware to unconfiend domain, since policy is very good yet.
* Mon Nov 26 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-62
- Allow xend to create xend_var_log_t directories
- dontaudit setfiles relabel of /proc /sys caused by named-chroot
- Add rules for pam_keyinit (setkeycreate, ipc_lock)
- Allow mount to read unlabeled directorys for reiserfs
* Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes.  Allows kiosk users to 
- copy to usb media
* Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
* Tue Nov 20 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Allow system_mail_t to write to exim_log_t
* Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
      xguest_mount_media
      xguest_connect_network
      xguest_use_bluetooth
* Thu Nov 15 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
* Wed Nov 14 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-55
- Allow spamd to manage razor files
* Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
* Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
* Mon Nov 12 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-52
- Allow apache to read unconfined users content
* Sat Nov 10 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication
* Fri Nov  9 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-50
- Allow login programs to delete user temp files
* Thu Nov  8 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-49
- Separate xguest from guest
- Allow confined domains to output to rpm pipes
* Wed Nov  7 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-48
- Add obsoletes selinux-policy-strict
- Run inetd unconfined
- dontaudit loadkeys looking at homedir
* Tue Nov  6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
* Tue Nov  6 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
* Fri Nov  2 2007 Dan Walsh <[EMAIL PROTECTED]> 3.0.8-45
- Allow system_mail_t to domtrans to exim_t
--------------------------------------------------------------------------------
Updated packages:

7cda4c34febd072446f70fb21f1e0064d55af1e5 
selinux-policy-mls-3.0.8-69.fc8.noarch.rpm
eb2e19eae03d19296e85e506b9eea7ed481fcb95 
selinux-policy-targeted-3.0.8-69.fc8.noarch.rpm
281749261d7eea101a02fe9360e86b1076326822 
selinux-policy-devel-3.0.8-69.fc8.noarch.rpm
911ac5b50cd1947c634deeabcaa2972649e36973 selinux-policy-3.0.8-69.fc8.noarch.rpm
1b9156c94c76761edb230185aee34903fa1c64f6 selinux-policy-3.0.8-69.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Reply via email to