--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-17417
2011-12-23 21:53:30
--------------------------------------------------------------------------------
Name : policycoreutils
Product : Fedora 16
Version : 2.1.4
Release : 13.fc16
URL :
http://www.selinuxproject.org
Summary : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.
--------------------------------------------------------------------------------
Update Information:
sandbox is leaving mount points after running. It is actually modifying the root
namespace when it runs by mounting /var/tmp on /var/tmp and /tmp on /tmp, Sometimes it
does not clean this up.
This package fixes this.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-13
- Fix the handling of namespaces in seunshare/sandbox.
- Currently mounting of directories within sandbox is propogating to the
- parent namesspace.
* Tue Nov 29 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-12
- Fix dpi handling in sandbox
- Make sure semanage fcontext -l -C prints if only local equiv have changed
* Wed Nov 16 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-10
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be
masked by an equivalence
* Wed Nov 16 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-9
- Update to latest sepolgen
- Allow ~ as a valid part of a filename in sepolgen
* Fri Nov 11 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-8
- sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough
- Allow DPI to be passed into the sandbox
* Mon Oct 31 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-7
- Backport fixes from restorecond to handle being run within a terminal session
- Add ~/.local/share/* to restorecond_users.conf
- Fix semodule man page
- Fix a couple of problems found by coverity
* Mon Oct 24 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-6
- Include the patch this time to fix sandbox.init
* Mon Oct 24 2011 Dan Walsh <dwalsh(a)redhat.com> - 2.1.4-5
- Fix sandbox.init script
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #770113 - Running sandboxes keeps adding new mount entries
https://bugzilla.redhat.com/show_bug.cgi?id=770113
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------