Fedora 16 Update: libsepol-2.1.3-2.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Thu Nov 10 17:43:40 UTC 2011
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15209
2011-11-01 01:22:25
---------------------------------------------------------------------------=
-----
Name : libsepol
Product : Fedora 16
Version : 2.1.3
Release : 2.fc16
URL : http://www.selinuxproject.org
Summary : SELinux binary policy manipulation library
Description :
Security-enhanced Linux is a feature of the Linux=C2=AE kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement=C2=AE, Role-based Access
Control, and Multi-level Security.
libsepol provides an API for the manipulation of SELinux binary policies.
It is used by checkpolicy (the policy compiler) and similar tools, as well
as by programs like load_policy that need to perform specific transformatio=
ns
on binary policies such as customizing policy boolean settings.
---------------------------------------------------------------------------=
-----
Update Information:
Added rules to allow us to use filetrans_content on all unconfined_domains.
---------------------------------------------------------------------------=
-----
ChangeLog:
* Mon Oct 31 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-2
-The filename_trans code had a bug where duplicate detection was being
done between the unmapped type value of a new rule and the type value of
rules already in policy. This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem. It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
* Mon Sep 19 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1
-Update to upstream
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
* Wed Sep 14 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.2-3
- Add patch to handle preserving tunables
* Thu Sep 1 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.2-2
- export expand_module_avrules
* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.2-0
- Update to upstream =
* Only call role_fix_callback for base.p_roles during expansion.
* use mapped role number instead of module role number
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update libsepol' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
More information about the package-announce
mailing list