Fedora 8 Update: selinux-policy-3.0.8-68.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Dec 20 20:14:32 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4436
2007-12-20 00:54:16
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 8
Version     : 3.0.8
Release     : 68.fc8
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2393.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-68
- Allow ldconfig to manage files in the homedir
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-67
- Allow kdm to transition to bootloader_t through grub
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-66
- Allow depmod to read tmp files from rpm
- Dontaudit pam_timestamp_check access to ~.xsessions
- Allow postfix_local to transition to dovecot_deliver
- Allow postgrey to read postfix_spool
* Tue Dec  4 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-65
- Allow httpd_sys_script_t to search users homedirs
* Sun Dec  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories
* Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Set vmware to unconfiend domain, since policy is very good yet.
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-62
- Allow xend to create xend_var_log_t directories
- dontaudit setfiles relabel of /proc /sys caused by named-chroot
- Add rules for pam_keyinit (setkeycreate, ipc_lock)
- Allow mount to read unlabeled directorys for reiserfs
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes.  Allows kiosk users to 
- copy to usb media
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Allow system_mail_t to write to exim_log_t
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
      xguest_mount_media
      xguest_connect_network
      xguest_use_bluetooth
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
* Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
- Allow spamd to manage razor files
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-52
- Allow apache to read unconfined users content
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication
* Fri Nov  9 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-50
- Allow login programs to delete user temp files
* Thu Nov  8 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-49
- Separate xguest from guest
- Allow confined domains to output to rpm pipes
* Wed Nov  7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-48
- Add obsoletes selinux-policy-strict
- Run inetd unconfined
- dontaudit loadkeys looking at homedir
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
* Fri Nov  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-45
- Allow system_mail_t to domtrans to exim_t
--------------------------------------------------------------------------------
Updated packages:

d0288ec8641021cc4f491d018f5f5cebbebf996d selinux-policy-devel-3.0.8-68.fc8.noarch.rpm
1763066624ba2029639d517ee03bdc19c70ce97c selinux-policy-mls-3.0.8-68.fc8.noarch.rpm
f25d788224133b7ca36f997a291feffbd4689cb5 selinux-policy-3.0.8-68.fc8.noarch.rpm
b6f7c927f235136bee005e7062c35cd632f06b25 selinux-policy-targeted-3.0.8-68.fc8.noarch.rpm
9300245b3b2ae8730b992ed4b304ba4c427685dd selinux-policy-3.0.8-68.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list