#1657: Please update SELinux policy for F11 to selinux-policy-3.6.12-21.fc11

Fedora Release Engineering rel-eng at fedoraproject.org
Mon Apr 27 19:28:48 UTC 2009 

#1657: Please update SELinux policy for F11 to selinux-policy-3.6.12-21.fc11
--------------------+-------------------------------------------------------
 Reporter:  dwalsh  |       Owner:  rel-eng at lists.fedoraproject.org
     Type:  task    |      Status:  new                            
Milestone:          |   Component:  koji                           
 Keywords:          |  
--------------------+-------------------------------------------------------
 These are the fixes that have been added since the last release for F11.

 Major fixes for libvirt.  Also lots of fixes for removing unconfined.pp
 domain.  Allowing nfs to share removable media, is also a big fix.

 Biggest risk is that we were not running readahead in a confined domain
 before since it moved from /usr/sbin/readahead to /sbin/readahead.  I have
 had three testers running with updated policy and we believe we have fixed
 all the problems with readahead.

 - Allow confined users to manace virt_content_t, since this is home dir
 content
 - Allow all domains to read rpm_script_tmp_t which is what shell creates
 on redirection
 - Fix labeling on /var/lib/misc/prelink*
 - Allow xserver to rw_shm_perms with all x_clients
 - Allow prelink to execute files in the users home directory
 - Allow initrc_t to delete dev_null
 - Allow readahead to configure auditing
 - Fix milter policy
 - Add /var/lib/readahead
 - Update to latest milter code from Paul Howarth
 - Additional perms for readahead
 - Allow pulseaudio to acquire_svc on session bus
 - Fix readahead labeling
 - Allow sysadm_t to run rpm directly
 - libvirt needs fowner
 - Allow sshd to read var_lib symlinks for freenx
 - Allow nsplugin unix_read and write on users shm and sem
 - Allow sysadm_t to execute su
 - Dontaudit attempts to getattr user_tmpfs_t by lvm
 - Allow nfs to share removable media

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/1657>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project

More information about the rel-eng mailing list