--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-7758
2010-05-01 10:42:49
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 11
Version : 3.6.12
Release : 98.fc11
URL :
http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2945.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release of lirc, which has been stable for several
months now, and is required for full functionality of some lirc devices with the
2.6.32 kernel landing in f11 updates.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 27 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-98
- Fixes for lirc policy
* Fri Apr 23 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-97
- Add ldap_stream_connect_dirsrv interface
* Tue Mar 23 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-96
- Dontaudit fail2ban leaks
* Fri Feb 19 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-95
- Fixes for avahi policy
* Tue Jan 19 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-94
- Allow hotplug to transition to brctl domain
- Allow sendmail to read and write to an fail2ban unix stream socket
- Allow dovecot to read and write files stored on a NFS filesytem
- Allow locate to read all noxattrfs symbolic links
* Wed Jan 6 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-93
- Add labeling for /etc/NetworkManager directory
- Add home_cert type and appropriate labeling
- Allow virt_domain to read /dev/random
* Wed Dec 9 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-92
- Add labeling for /var/lib/NetworkManager directory
* Fri Nov 20 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-91
- Allow apmd to transition to vbetool domain
* Thu Nov 19 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-90
- Allow mysqld_safe_t to read generic kernel sysctls
- Dontaudit netutils sys_module capability
- Fix nfs_selinux man page
* Mon Nov 16 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-89
- Fix libADM* libs labeling
- More textrel_shlib_t file path fixes
* Thu Nov 5 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-88
- Allow hplip to bind to howl_port_t
* Fri Oct 30 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-87
- Allow consolekit to manage /var/run/console directory
- Fixed sssd policy
- Allow iptables to work with shorewall
- Add libADM* libs to textrel_shlib_t
* Fri Oct 16 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-86
- Allow xdm to unlink xauth_home_t
* Wed Sep 30 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-85
- dovecot needs setcap/getcap
- Fix up sssd policy
* Tue Sep 22 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-84
- Allow sshd to create .ssh directory and content
* Wed Sep 16 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-83
- Add wordpress/wp-content/uploads label
- Add /var/lib/libvirt/qemu label
- Allow tzdata to getattr of all persistent filesystems
* Wed Sep 2 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-82
- Allow gssd to send signals to users
- Allow fsdaemon_t setpcap capability
* Thu Aug 27 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-81
- Turn back on unconfineduser and unconfined domains
* Mon Aug 24 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-80
- Allow pptp dac_override capability
* Thu Aug 20 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-79
- Fixes for racoon
- Fixes for ptchown
- Fixes for openvpn
* Fri Aug 14 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-78
- Add ptchown policy from Dan Walsh
* Thu Aug 13 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-77
- Allow fprintd_t to getattr of all persistent filesystems
* Thu Aug 13 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-76
- Allow hald_t to list net_conf_t directory
* Tue Aug 11 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-75
- Allow polkit_auth_t to getattr of all persistent filesystems
* Wed Aug 5 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-74
- Allow svirt images to create sock_file in svirt_var_run_t
* Tue Aug 4 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-73
- Allow svirt_t to stream_connect to virtd_t
* Fri Jul 31 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-72
- Add postfix and dovecot fixes from dwalsh
* Fri Jul 31 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-71
- Allow lircd read/write input event devices
* Tue Jul 28 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-70
- Dontaudit logrotate sys_ptrace capability
- Allow mrtg to transition to ping_t
* Mon Jul 20 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-69
- Allow sshd getsched capability
* Fri Jul 17 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-68
- Fixes for hald_dccm
* Fri Jul 17 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-67
- Allow hal to dbus chat with polkit
* Wed Jul 15 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-66
- Allow dhcpc to read users files
* Wed Jul 8 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-65
- Fixes for xguest
* Tue Jul 7 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-64
- Fixes for kpropd
- Fix up kismet policy
* Fri Jul 3 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-63
- Allow ftpd to create shm
* Mon Jun 29 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-62
- Allow sshd to manage gitosis var/lib files
* Mon Jun 29 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-61
- Allow avahi net_admin capability
* Thu Jun 25 2009 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.12-60
- Fix up gpsd policy
* Wed Jun 24 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-59
- Fix up xguest policy
* Tue Jun 23 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-58
- Allow kpropd to create tmp files
* Sat Jun 20 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-57
- Allow mysqld_safe to manage db files
- Allow udev_t to read/write anon_inodefs
* Sat Jun 20 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-56
- Add gitosis policy
* Fri Jun 19 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-55
- Add boolean to allow svirt to use usb devices
* Mon Jun 15 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-53
- Allow ftp to create xferlog_t files in an xferlog_t directory
- Fix svirt separation on chr_file, and blk_file
* Mon Jun 15 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-52
- Allow kpropd to create krb5_lock_t files in krb5_conf_t directory
* Fri Jun 12 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-51
- Remove some privs from svirt to tighten the policy
* Fri Jun 12 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-50
- Allow udev to transition to bluetooth
* Thu Jun 4 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-49
- Add labeling for midori shared libraries
* Thu Jun 4 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate
* Thu Jun 4 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-47
- Allow fprintd to read /proc
* Tue Jun 2 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-46
- Allow domains to check if the /selinux is mounted and search the directory
- Dontaudit rules are blocking audit events
* Tue Jun 2 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-45
- Add proper labeling for shorewall
* Mon Jun 1 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-44
- Add fish as a shell_exec_t
- Allow consolekit to search mountpoints
- Allow xdm_t to delete user_home_t
* Wed May 27 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-43
- Allow fprintd to list usbfs_t
- Add listing of mailman_data_t
- Allow hald to manage fusefs_t directories
- Allow groupadd to read usr_t symlinks
* Tue May 26 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-42
- New log file for vmware
- Allow xdm to setattr on user_tmp_t
* Thu May 21 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-41
- Allow sysadm_t to connect to virt stream
* Thu May 21 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.12-40
- Add context for /root/.spamassassin
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #585459 - lircd service fails to start with lirc-0.8.6-1.fc11.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=585459
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------