Fedora 16 Update: policycoreutils-2.1.4-13.fc16

updates at fedoraproject.org updates at fedoraproject.org
Sat Dec 31 20:26:34 UTC 2011

Fedora Update Notification
2011-12-23 21:53:30

Name        : policycoreutils
Product     : Fedora 16
Version     : 2.1.4
Release     : 13.fc16
URL         : http://www.selinuxproject.org
Summary     : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper

Update Information:

sandbox is leaving mount points after running.  It is actually modifying the root namespace when it runs by mounting /var/tmp on /var/tmp and /tmp on /tmp,  Sometimes it does not clean this up.

This package fixes this.

* Fri Dec 23 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-13
- Fix the handling of namespaces in seunshare/sandbox.
- Currently mounting of directories within sandbox is propogating to the 
- parent namesspace.
* Tue Nov 29 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-12
- Fix dpi handling in sandbox 
- Make sure semanage fcontext -l -C prints if only local equiv have changed
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-9
- Update to latest sepolgen
- Allow ~ as a valid part of a filename in sepolgen
* Fri Nov 11 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-8
- sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough
- Allow DPI to be passed into the sandbox
* Mon Oct 31 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-7
- Backport fixes from restorecond to handle being run within a terminal session
- Add ~/.local/share/* to restorecond_users.conf
- Fix semodule man page
- Fix a couple of problems found by coverity
* Mon Oct 24 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-6
- Include the patch this time to fix sandbox.init
* Mon Oct 24 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-5
- Fix sandbox.init script

  [ 1 ] Bug #770113 - Running sandboxes keeps adding new mount entries

This update can be installed with the "yum" update program.  Use 
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list