Fedora 11 Update: selinux-policy-3.6.12-95.fc11

updates at fedoraproject.org updates at fedoraproject.org
Tue Mar 23 23:28:40 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-2591
2010-02-23 04:10:31
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 11
Version     : 3.6.12
Release     : 95.fc11
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2945.

--------------------------------------------------------------------------------
Update Information:

* Fri Feb 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-95   - Fixes for
avahi policy
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-95
- Fixes for avahi policy
* Tue Jan 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-94
- Allow hotplug to transition to brctl domain
- Allow sendmail to read and write to an fail2ban unix stream socket
- Allow dovecot to read and write files stored on a NFS filesytem
- Allow locate to read all noxattrfs symbolic links
* Wed Jan  6 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-93
- Add labeling for /etc/NetworkManager directory
- Add home_cert type and appropriate labeling
- Allow virt_domain to read /dev/random
* Wed Dec  9 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-92
- Add labeling for /var/lib/NetworkManager directory
* Fri Nov 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-91
- Allow apmd to transition to vbetool domain
* Thu Nov 19 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-90
- Allow mysqld_safe_t to read generic kernel sysctls
- Dontaudit netutils sys_module capability
- Fix nfs_selinux man page
* Mon Nov 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-89
- Fix libADM* libs labeling
- More textrel_shlib_t file path fixes
* Thu Nov  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-88
- Allow hplip to bind to howl_port_t
* Fri Oct 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-87
- Allow consolekit to manage /var/run/console directory
- Fixed sssd policy
- Allow iptables to work with shorewall
- Add libADM* libs to textrel_shlib_t
* Fri Oct 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-86
- Allow xdm to unlink xauth_home_t
* Wed Sep 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-85
- dovecot needs setcap/getcap
- Fix up sssd policy
* Tue Sep 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-84
- Allow sshd to create .ssh directory and content
* Wed Sep 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-83
- Add wordpress/wp-content/uploads label
- Add /var/lib/libvirt/qemu label
- Allow tzdata to getattr of all persistent filesystems
* Wed Sep  2 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-82
- Allow gssd to send signals to users
- Allow fsdaemon_t setpcap capability
* Thu Aug 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-81
- Turn back on unconfineduser and unconfined domains
* Mon Aug 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-80
- Allow pptp dac_override capability
* Thu Aug 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-79
- Fixes for racoon 
- Fixes for ptchown
- Fixes for openvpn
* Fri Aug 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-78
- Add ptchown policy from Dan Walsh
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-77
- Allow fprintd_t to getattr of all persistent filesystems
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-76
- Allow hald_t to list net_conf_t directory
* Tue Aug 11 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-75
- Allow polkit_auth_t to getattr of all persistent filesystems
* Wed Aug  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-74
- Allow svirt images to create sock_file in svirt_var_run_t
* Tue Aug  4 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-73
- Allow svirt_t to stream_connect to virtd_t
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-72
- Add postfix and dovecot fixes from dwalsh
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-71
- Allow lircd read/write input event devices
* Tue Jul 28 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-70
- Dontaudit logrotate sys_ptrace capability
- Allow mrtg to transition to ping_t
* Mon Jul 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-69
- Allow sshd getsched capability
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-68
- Fixes for hald_dccm
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-67
- Allow hal to dbus chat with polkit
* Wed Jul 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-66
- Allow dhcpc to read users files
* Wed Jul  8 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-65
- Fixes for xguest
* Tue Jul  7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-64
- Fixes for kpropd
- Fix up kismet policy
* Fri Jul  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-63
- Allow ftpd to create shm
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-62
- Allow sshd to manage gitosis var/lib files
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-61
- Allow avahi net_admin capability
* Thu Jun 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-60
- Fix up gpsd policy
* Wed Jun 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-59
- Fix up xguest policy
* Tue Jun 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-58
- Allow kpropd to create tmp files
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-57
- Allow mysqld_safe to manage db files
- Allow udev_t to read/write anon_inodefs
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-56
- Add gitosis policy
* Fri Jun 19 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-55
- Add boolean to allow svirt to use usb devices
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-53
- Allow ftp to create xferlog_t files in an xferlog_t directory
- Fix svirt separation on chr_file, and blk_file
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-52
- Allow kpropd to create krb5_lock_t files in krb5_conf_t directory
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-51
- Remove some privs from svirt to tighten the policy
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-50
- Allow udev to transition to bluetooth
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-49
- Add labeling for midori shared libraries
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-47
- Allow fprintd to read /proc
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-46
- Allow domains to check if the /selinux is mounted and search the directory
- Dontaudit rules are blocking audit events
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-45
- Add proper labeling for shorewall
* Mon Jun  1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-44
- Add fish as a shell_exec_t
- Allow consolekit to search mountpoints
- Allow xdm_t to delete user_home_t
* Wed May 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-43
- Allow fprintd to list usbfs_t
- Add listing of mailman_data_t
- Allow hald to manage fusefs_t directories
- Allow groupadd to read usr_t symlinks
* Tue May 26 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-42
- New log file for vmware
- Allow xdm to setattr on user_tmp_t
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-41
- Allow sysadm_t to connect to virt stream
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-40
- Add context for /root/.spamassassin
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #564455 - SELinux is preventing umount (mount_t) "read write" automount_t.
        https://bugzilla.redhat.com/show_bug.cgi?id=564455
  [ 2 ] Bug #560246 - SELinux is preventing iptables (iptables_t) "read write" initrc_t.
        https://bugzilla.redhat.com/show_bug.cgi?id=560246
  [ 3 ] Bug #562133 - SELinux is preventing avahi-autoipd (avahi_t) "create" avahi_t.
        https://bugzilla.redhat.com/show_bug.cgi?id=562133
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list