Fedora 17 Update: policycoreutils-2.1.13-27.3.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Sat Jun 1 02:27:27 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-2163
2013-02-09 10:43:55
--------------------------------------------------------------------------------
Name : policycoreutils
Product : Fedora 17
Version : 2.1.13
Release : 27.3.fc17
URL : http://www.selinuxproject.org
Summary : SELinux policy core utilities
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.
--------------------------------------------------------------------------------
Update Information:
Remove boolean_name sub code
Fix problem in post install
Make auditallow -b work on all systems.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 24 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27.2
- Fix post install scripts to not use systemd macros
* Wed Nov 7 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27.1
- Fix audit2allow -b to work in all timezones
* Wed Nov 7 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27
- Only report restorecon warning for missing default label, if not running
recusively
- Update translations
* Mon Nov 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-26
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
* Mon Nov 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-25
- Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
* Sat Nov 3 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Nov 1 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-23
- Fix some build problems in sepolicy manpage and sepolicy transition
* Tue Oct 30 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-22
- Add alias man pages to sepolicy manpage
* Mon Oct 29 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-21
- Redesign sepolicy to only read the policy file once, not for every call
* Mon Oct 29 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-20
- Fixes to sepolicy transition, allow it to list all transitions from a domain
* Sat Oct 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-19
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
* Fri Oct 26 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-18
- Allow sepolicy to specify the policy to generate content from
* Thu Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-17
- Fix semanage boolean -F to handle boolean subs
* Thu Oct 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-16
- Add Miroslav Grepl patch to generate html man pages
- Update Translations
- Add option to sandbox to shred files before deleting
* Mon Oct 22 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-15
- Add Requires(post) PKGNAME to sepolicy generate /usr/bin/pkg
* Fri Oct 19 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-14
- Add role_allow to sepolicy.search python bindings, this allows us to remove last requirement for setools-cmdline in gui tools.
- Fix man page generator.
* Wed Oct 17 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-13
- Remove dwalsh at redhat.com from man pages
- Fix spec file for sepolicy generate
* Wed Oct 17 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-12
- Add missing spec.py from templates directory needed for sepolicy generate
- Add /var/tmp as collection point for sandbox apps.
* Tue Oct 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-11
- Handle audit2allow -b in foreign locales
* Tue Oct 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-10
- Update sepolicy generate with patch to create spec file and man page.
- Patch initiated by Miroslav Grepl
* Wed Oct 10 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-9
- Fix semanage to verify that types are appropriate for commands.
* Patch initiated by mgrepl
* Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port
* Tue Oct 9 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-8
- Fix typo in preunstall line for restorecond
- Add mgrepl patch to consolidate file context generated by sepolicy generate
* Mon Oct 8 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-7
- Fix manpage generation, missing import
- Add equiv_dict to get samba booleans into smbd_selinux
- Add proper translations for booleans and remove selinux.tbl
* Sat Oct 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-6
- Fix system-config-selinux to use sepolicy.generate instead of sepolgen
* Thu Oct 4 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-5
- Add sepolicy commands, and change tools to use them.
* Tue Sep 25 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-4
- Rebuild without bogus prebuild 64 bit seunshare app
* Sun Sep 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-3
- Allow fixfiles to specify -v, so they can get verbosity rather then progress.
- Fix load_file Makefile to use SBINDIR rather then real OS.
- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.
* Sun Sep 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-2
- Use systemd post install scriptlets
* Thu Sep 13 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-1
- Update to upstream
* genhomedircon: manual page improvements
* setfiles/restorecon minor improvements
* run_init: If open_init_pty is not available then just use exec
* newrole: do not drop capabilities when newrole is run as
* restorecon: only update type by default
* scripts: Don't syslog setfiles changes on a fixfiles restore
* setfiles: do not syslog if no changes
* Disable user restorecond by default
* Make restorecon return 0 when a file has changed context
* setfiles: Fix process_glob error handling
* semanage: allow enable/disable under -m
* add .tx to gitignore
* translations: commit translations from Fedora community
* po: silence build process
* gui: Checking in policy to support polgengui and sepolgen.
* gui: polgen: search for systemd subpackage when generating policy
* gui: for exploring booleans
* gui: system-config-selinux gui
* Add Makefiles to support new gui code
* gui: remove lockdown wizard
* return equivalency records in fcontext customized
* semanage: option to not load new policy into kernel after
* sandbox: manpage update to describe standard types
* setsebool: -N should not reload policy on changes
* semodule: Add -N qualifier to no reload kernel policy
* gui: polgen: sort selinux types of user controls
* gui: polgen: follow symlinks and get the real path to
* gui: Fix missing error function
* setfiles: return errors when bad paths are given
* fixfiles: tell restorecon to ignore missing paths
* setsebool: error when setting multiple options
* semanage: use boolean subs.
* sandbox: Make sure Xephyr never listens on tcp ports
* sepolgen: return and output constraint violation information
* semanage: skip comments while reading external configuration files
* restorecond: relabel all mount runtime files in the restorecond example
* genhomedircon: dynamically create genhomedircon
* Allow returning of bastard matches
* sepolgen: return and output constraint violation information
* audit2allow: one role/type pair per line
* Wed Aug 8 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-6
- Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl
* Fri Jul 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-5
- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
* Thu Jul 19 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-4
- Fix restorecon to generate a better percentage of completion on restorecon -R /.
- Have audit2allow look at the constaint violation and tell the user whether it
- is because of user,role or level
* Wed Jul 11 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-3
- userapps is generating sandbox code in polgengui
* Thu Jul 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-2
- Remove load_policy symbolic link on usrmove systems this breaks the system
* Wed Jul 4 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-1
- Update to upstream
- policycoreutils
* restorecond: wrong options should exit with non-zero error code
* restorecond: Add -h option to get usage command
* resorecond: user: fix fd leak
* mcstrans: add -f to run in foreground
* semanage: fix man page range and level defaults
* semanage: bash completion for modules should include -a,-m, -d
* semanage: manpage update for -e
* semanage: dontaudit off should work
* semanage: locallist option does not take an argument
* sepolgen: Make use of setools optional within sepolgen
- sepolgen
* Make use of setools optional within sepolgen
* We need to support files that have a + in them
* Thu May 24 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-18
- Make restorecon exit with an error on a bad path
* Thu May 24 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-17
- Fix setsebool command, handling of = broken.
- Add missing error option in booleansPage
* Sun May 20 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-16
- Fix sepolgen to use realpath on executables handed to it. - Brian Bickford
* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-15
- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel
- Update translations
- Fix semanage dontaudit off/on exception
* Tue May 8 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-12
- Add -N qualifier to semanage, setsebool and semodule to allow you to update
- policy without reloading it into the kernel.
* Thu May 3 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-11
- add some definition to the standard types available for sandboxes
* Tue May 1 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-10
- Remove lockdown wizard
* Mon Apr 30 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-9
- Fix semanage fcontext -E to extract the equivalance customizations.
* Thu Apr 26 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-8
- Add mgrepl patch to have sepolgen search for -systemd rpm packages
* Tue Apr 24 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-7
- Apply Stef Walter patch for semanage man page
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908773 - python: seobject - Cannot modify selinux bool
https://bugzilla.redhat.com/show_bug.cgi?id=908773
[ 2 ] Bug #866296 - semanage: not possible to feed multiple commands from stdin
https://bugzilla.redhat.com/show_bug.cgi?id=866296
[ 3 ] Bug #889508 - Non-fatal POSTIN scriptlet failure in rpm package policycoreutils-restorecond-2.1.13-27.1.fc17.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=889508
[ 4 ] Bug #855483 - allow2audit doesn't parse boot date correctly in all locales
https://bugzilla.redhat.com/show_bug.cgi?id=855483
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update policycoreutils' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list