Fedora 16 Update: policycoreutils-2.1.4-10.fc16

Mon Nov 21 22:53:35 UTC 2011

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-16077
2011-11-19 05:15:26
--------------------------------------------------------------------------------

Name        : policycoreutils
Product     : Fedora 16
Version     : 2.1.4
Release     : 10.fc16
URL         : http://www.selinuxproject.org
Summary     : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

--------------------------------------------------------------------------------
Update Information:

- Update to latest sepolgen
- Allow ~ as a valid part of a filename in sepolgen

semanage fcontext 

should take into account equivalence labelling, and stop the user from adding a label that equivalence will never see.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-9
- Update to latest sepolgen
- Allow ~ as a valid part of a filename in sepolgen
* Fri Nov 11 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-8
- sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough
- Allow DPI to be passed into the sandbox
* Mon Oct 31 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-7
- Backport fixes from restorecond to handle being run within a terminal session
- Add ~/.local/share/* to restorecond_users.conf
- Fix semodule man page
- Fix a couple of problems found by coverity
* Mon Oct 24 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-6
- Include the patch this time to fix sandbox.init
* Mon Oct 24 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-5
- Fix sandbox.init script
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #753907 - 'local' file contexts seemingly no longer override defaults
        https://bugzilla.redhat.com/show_bug.cgi?id=753907
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------