Fedora 8 Update: selinux-policy-3.0.8-64.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Dec 11 00:49:07 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4224
2007-12-10 20:42:53
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 8
Version     : 3.0.8
Release     : 64.fc8
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2393.

--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories
* Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Set vmware to unconfiend domain, since policy is very good yet.
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-62
- Allow xend to create xend_var_log_t directories
- dontaudit setfiles relabel of /proc /sys caused by named-chroot
- Add rules for pam_keyinit (setkeycreate, ipc_lock)
- Allow mount to read unlabeled directorys for reiserfs
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes.  Allows kiosk users to 
- copy to usb media
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Allow system_mail_t to write to exim_log_t
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
      xguest_mount_media
      xguest_connect_network
      xguest_use_bluetooth
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
* Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
- Allow spamd to manage razor files
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-52
- Allow apache to read unconfined users content
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication
* Fri Nov  9 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-50
- Allow login programs to delete user temp files
* Thu Nov  8 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-49
- Separate xguest from guest
- Allow confined domains to output to rpm pipes
* Wed Nov  7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-48
- Add obsoletes selinux-policy-strict
- Run inetd unconfined
- dontaudit loadkeys looking at homedir
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
* Fri Nov  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-45
- Allow system_mail_t to domtrans to exim_t
--------------------------------------------------------------------------------
Updated packages:

ca7324455e9ebafa4074f8c7d45faecbad65c335 selinux-policy-targeted-3.0.8-64.fc8.noarch.rpm
aa32ff615a0fb2fd6bf172e8e5f6fb3cb933b4c1 selinux-policy-devel-3.0.8-64.fc8.noarch.rpm
5fd0989c73447299efc96cb838e3343743ff419f selinux-policy-3.0.8-64.fc8.noarch.rpm
87850be2744f5f662a5e59c3d180534bb8bd5531 selinux-policy-mls-3.0.8-64.fc8.noarch.rpm
27cc90817004cc0405228b78c6b75ac833f2b0b7 selinux-policy-3.0.8-64.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list