Fedora 11 Update: selinux-policy-3.6.12-98.fc11

updates at fedoraproject.org updates at fedoraproject.org
Mon May 3 16:11:48 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-7758
2010-05-01 10:42:49
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 11
Version     : 3.6.12
Release     : 98.fc11
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2945.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release of lirc, which has been stable for several
months now, and is required for full functionality of some lirc devices with the
2.6.32 kernel landing in f11 updates.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 27 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-98
- Fixes for lirc policy
* Fri Apr 23 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-97
- Add ldap_stream_connect_dirsrv interface
* Tue Mar 23 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-96
- Dontaudit fail2ban leaks
* Fri Feb 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-95
- Fixes for avahi policy
* Tue Jan 19 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-94
- Allow hotplug to transition to brctl domain
- Allow sendmail to read and write to an fail2ban unix stream socket
- Allow dovecot to read and write files stored on a NFS filesytem
- Allow locate to read all noxattrfs symbolic links
* Wed Jan  6 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-93
- Add labeling for /etc/NetworkManager directory
- Add home_cert type and appropriate labeling
- Allow virt_domain to read /dev/random
* Wed Dec  9 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-92
- Add labeling for /var/lib/NetworkManager directory
* Fri Nov 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-91
- Allow apmd to transition to vbetool domain
* Thu Nov 19 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-90
- Allow mysqld_safe_t to read generic kernel sysctls
- Dontaudit netutils sys_module capability
- Fix nfs_selinux man page
* Mon Nov 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-89
- Fix libADM* libs labeling
- More textrel_shlib_t file path fixes
* Thu Nov  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-88
- Allow hplip to bind to howl_port_t
* Fri Oct 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-87
- Allow consolekit to manage /var/run/console directory
- Fixed sssd policy
- Allow iptables to work with shorewall
- Add libADM* libs to textrel_shlib_t
* Fri Oct 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-86
- Allow xdm to unlink xauth_home_t
* Wed Sep 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-85
- dovecot needs setcap/getcap
- Fix up sssd policy
* Tue Sep 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-84
- Allow sshd to create .ssh directory and content
* Wed Sep 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-83
- Add wordpress/wp-content/uploads label
- Add /var/lib/libvirt/qemu label
- Allow tzdata to getattr of all persistent filesystems
* Wed Sep  2 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-82
- Allow gssd to send signals to users
- Allow fsdaemon_t setpcap capability
* Thu Aug 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-81
- Turn back on unconfineduser and unconfined domains
* Mon Aug 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-80
- Allow pptp dac_override capability
* Thu Aug 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-79
- Fixes for racoon 
- Fixes for ptchown
- Fixes for openvpn
* Fri Aug 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-78
- Add ptchown policy from Dan Walsh
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-77
- Allow fprintd_t to getattr of all persistent filesystems
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-76
- Allow hald_t to list net_conf_t directory
* Tue Aug 11 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-75
- Allow polkit_auth_t to getattr of all persistent filesystems
* Wed Aug  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-74
- Allow svirt images to create sock_file in svirt_var_run_t
* Tue Aug  4 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-73
- Allow svirt_t to stream_connect to virtd_t
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-72
- Add postfix and dovecot fixes from dwalsh
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-71
- Allow lircd read/write input event devices
* Tue Jul 28 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-70
- Dontaudit logrotate sys_ptrace capability
- Allow mrtg to transition to ping_t
* Mon Jul 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-69
- Allow sshd getsched capability
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-68
- Fixes for hald_dccm
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-67
- Allow hal to dbus chat with polkit
* Wed Jul 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-66
- Allow dhcpc to read users files
* Wed Jul  8 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-65
- Fixes for xguest
* Tue Jul  7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-64
- Fixes for kpropd
- Fix up kismet policy
* Fri Jul  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-63
- Allow ftpd to create shm
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-62
- Allow sshd to manage gitosis var/lib files
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-61
- Allow avahi net_admin capability
* Thu Jun 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-60
- Fix up gpsd policy
* Wed Jun 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-59
- Fix up xguest policy
* Tue Jun 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-58
- Allow kpropd to create tmp files
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-57
- Allow mysqld_safe to manage db files
- Allow udev_t to read/write anon_inodefs
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-56
- Add gitosis policy
* Fri Jun 19 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-55
- Add boolean to allow svirt to use usb devices
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-53
- Allow ftp to create xferlog_t files in an xferlog_t directory
- Fix svirt separation on chr_file, and blk_file
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-52
- Allow kpropd to create krb5_lock_t files in krb5_conf_t directory
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-51
- Remove some privs from svirt to tighten the policy
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-50
- Allow udev to transition to bluetooth
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-49
- Add labeling for midori shared libraries
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-47
- Allow fprintd to read /proc
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-46
- Allow domains to check if the /selinux is mounted and search the directory
- Dontaudit rules are blocking audit events
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-45
- Add proper labeling for shorewall
* Mon Jun  1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-44
- Add fish as a shell_exec_t
- Allow consolekit to search mountpoints
- Allow xdm_t to delete user_home_t
* Wed May 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-43
- Allow fprintd to list usbfs_t
- Add listing of mailman_data_t
- Allow hald to manage fusefs_t directories
- Allow groupadd to read usr_t symlinks
* Tue May 26 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-42
- New log file for vmware
- Allow xdm to setattr on user_tmp_t
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-41
- Allow sysadm_t to connect to virt stream
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-40
- Add context for /root/.spamassassin
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #585459 - lircd service fails to start with lirc-0.8.6-1.fc11.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=585459
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list