Fedora 14 Update: policycoreutils-2.0.85-30.3.fc14

updates at fedoraproject.org updates at fedoraproject.org
Sun Nov 27 21:54:48 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8401
2011-06-21 16:08:50
--------------------------------------------------------------------------------

Name        : policycoreutils
Product     : Fedora 14
Version     : 2.0.85
Release     : 30.3.fc14
URL         : http://www.selinuxproject.org
Summary     : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

--------------------------------------------------------------------------------
Update Information:

Fixes for sandbox to cleanup processes, as well as back porting fixes from F15
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep  6 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-7.3
- Backport sandbox fixes from F16
* Thu Jul  7 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-7.2
- Change seunshare to send kill signals to the childs session. 
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
- Add -k qualifier to seunshare to have it attempt to kill all processes with 
the matching MCS label.
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise 
the bounding set will be dropped.
- Change --cgroups short name -c rather then -C for consistancy
- Fix memory and fd leaks in seunshare
* Fri Jun 17 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-30.1
- Backport lots of fixes from F15 including:
- Do not drop capability bounding set in seunshare, this allows sandbox to 
- run setuid apps.
- Cleanup policy generation template
- Pass dpi settings to sandbox
- Add .config/* to restorecond_users.conf
- Clean up some of the templates for sepolgen
- Apply patches from Christoph A.
  * fix sandbox title 
  * stop xephyr from li
- Also ignore errors on sandbox include of directory missing files
- Change fixfiles restore to delete unlabeled sockets in /tmp
* Mon Apr 11 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-30
- Add Elia Pinto patches to allow user to specify directories to ignore
* Tue Apr  5 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-29
- Fix policycoreutils-sandbox description
* Tue Mar 29 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-28
- rsynccmd should run outside of execcon
* Thu Mar 24 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-27
- Fix semange node handling of ipv6 addresses
* Wed Mar 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-26
- Fix sepolgen-ifgen call, add -p option
* Wed Mar 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-25
- Fix sepolgen-ifgen call
* Fri Mar 18 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-24
- Fix rsync command to work if the directory is old.
- Fix all tests
* Wed Mar 16 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-23
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
* Wed Mar 16 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-22
- Return to original seunshare man page
* Fri Mar 11 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-21
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
- This will allow default sandboxes to work on NFS homedirs without allowing 
  access to homedir data
* Fri Mar 11 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-20
- Change sepolgen-ifgen to search all available policy files
- Exit in restorecond if it can not find a UID in the passwd database
* Wed Mar  9 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-19
- Fix portspage in system-config-selinux to not crash
- More fixes for seunshare from Tomas Hoger
* Tue Mar  8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
- Fix rsync to maintain times
* Tue Mar  8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-17
- Use rewritten seunshare from thoger
* Mon Mar  7 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-16
- Require python-IPy for policycoreutils-python package
- Fixes for sepologen 
  - Usage statement needs -n name
  - Names with _ are being prevented
  - dbus apps should get _chat interface
* Thu Mar  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-15
- Fix error message in seunshare, check for tmpdir existance before unlink.
* Fri Feb 25 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-13
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
- Only allow names in polgengui that contain letters and numbers
- Fix up node handling in semanage command
- Update translations
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.85-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-11
- Fix sandbox policy creation with udp connect ports
* Thu Feb  3 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-10
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
- Cleanup chcat man page
* Wed Feb  2 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-9
- Report full errors on OSError on Sandbox
* Fri Jan 21 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-8
- Fix newrole hanlding of pcap
* Wed Jan 19 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-7
- Have restorecond watch more directories in homedir
* Fri Jan 14 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-6
- Add sandbox to sepolgen
* Thu Jan  6 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-4
- Fix proper handling of getopt errors
- Do not allow modules names to contain spaces
* Wed Jan  5 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-3
- Polgengui raises the wrong type of exception.  #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
* Wed Dec 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.85-2
- Fix restorecond watching utmp file for people logging in our out
* Tue Dec 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.85-1
- Update to upstream
* Thu Dec 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-5
- Change to allow sandbox to run on nfs homedirs, add start python script
* Wed Dec 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-4
- Move seunshare to sandbox package
* Mon Nov 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-3
- Fix sandbox to show correct types in  usage statement
* Mon Nov 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-2
- Stop fixfiles from complaining about missing dirs
* Mon Nov 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-1
- Update to upstream
- List types available for sandbox in usage statement
* Mon Nov 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-37
- Don't report error on load_policy when system is disabled.
* Mon Nov  8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-36
- Fix up problems pointed out by solar designer on dropping capabilities
* Mon Nov  1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-35
- Check if you have full privs and reset otherwise dont drop caps
* Mon Nov  1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-34
- Fix setools require line
* Fri Oct 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-33
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability  checking in sepolgen
* Mon Oct 25 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-32
- Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them
* Wed Sep 29 2010 jkeating - 2.0.83-31
- Rebuilt for gcc bug 634757
* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-30
- Move restorecond into its own subpackage
* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-29
- Fix semanage man page
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #714152 - sandbox leaves process running after closing the sandbox (/usr/bin/pulseaudio)
        https://bugzilla.redhat.com/show_bug.cgi?id=714152
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list