Fedora 8 Update: selinux-policy-3.0.8-72.fc8

Fri Dec 28 17:13:51 UTC 2007

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4768
2007-12-28 16:44:15
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 8
Version     : 3.0.8
Release     : 72.fc8
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2393.

--------------------------------------------------------------------------------
ChangeLog:

* Sat Dec 22 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-72
- Fixes to make confined mozilla work better
* Fri Dec 21 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-71
- add file context for nspluginwrapper
* Fri Dec 21 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-70
- Allow mount.crypto to work
- Allow fsck to read file_t
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-69
- Allow ssh to read sym links in homedirs
* Mon Dec 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-68
- Allow ldconfig to manage files in the homedir
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-67
- Allow kdm to transition to bootloader_t through grub
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-66
- Allow depmod to read tmp files from rpm
- Dontaudit pam_timestamp_check access to ~.xsessions
- Allow postfix_local to transition to dovecot_deliver
- Allow postgrey to read postfix_spool
* Tue Dec  4 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-65
- Allow httpd_sys_script_t to search users homedirs
* Sun Dec  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories
* Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Set vmware to unconfiend domain, since policy is very good yet.
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-62
- Allow xend to create xend_var_log_t directories
- dontaudit setfiles relabel of /proc /sys caused by named-chroot
- Add rules for pam_keyinit (setkeycreate, ipc_lock)
- Allow mount to read unlabeled directorys for reiserfs
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes.  Allows kiosk users to 
- copy to usb media
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Allow system_mail_t to write to exim_log_t
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
      xguest_mount_media
      xguest_connect_network
      xguest_use_bluetooth
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
* Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
- Allow spamd to manage razor files
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-52
- Allow apache to read unconfined users content
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication
* Fri Nov  9 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-50
- Allow login programs to delete user temp files
* Thu Nov  8 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-49
- Separate xguest from guest
- Allow confined domains to output to rpm pipes
* Wed Nov  7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-48
- Add obsoletes selinux-policy-strict
- Run inetd unconfined
- dontaudit loadkeys looking at homedir
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
* Fri Nov  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-45
- Allow system_mail_t to domtrans to exim_t
--------------------------------------------------------------------------------
Updated packages:

faf92b95ad59bce2f07bc8de5203fa2b30dc6e52 selinux-policy-devel-3.0.8-72.fc8.noarch.rpm
05f0cc935e678cf6c37c1026ccc6835612d62032 selinux-policy-targeted-3.0.8-72.fc8.noarch.rpm
deb89442f0acabde5253c6343365ce35db97302c selinux-policy-mls-3.0.8-72.fc8.noarch.rpm
293b5980cc4b1dfa7c76cec63038371ff61e415f selinux-policy-3.0.8-72.fc8.noarch.rpm
441dc39ed209de93a000ec027ef4edb326247d08 selinux-policy-3.0.8-72.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------