Fedora 8 Update: selinux-policy-3.0.8-113.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Aug 12 18:23:25 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-7069
2008-08-12 16:07:50
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 8
Version     : 3.0.8
Release     : 113.fc8
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2393.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  5 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-113
- dontaudit semanage config_tty
- Allow samba to share fusefs
* Thu Jul 24 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-112
- Change dhclient to be able to red networkmanager_var_run
* Wed Jul  2 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-111
- Handle updated NetworkManager
* Wed Jun 18 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-110
- Add cxoffice homedir context
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-109
- Remove extra context for dbus
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-106
- More fixes for network manager
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-105
- Fixes for new network 
- Logs of fixes for networkmanager
* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-104
- Dontaudit reading of nfs by consolekit
* Tue May 13 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-103
Fix labeling on /var/spool/fax and /var/spool/voice
* Wed May  7 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-102
- Allow pam_console to setattr on cpu_device_t
- Dontaudit pam_t writing homedir 
- Add sys_nice for audispd
* Thu Apr 17 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-101
- Allow nfs to look at all filesystem directories
* Tue Apr 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-100
- Dontaudit validating context when using kerberos libraries
- Allow postfix_virtual write access to postfix_private sockets
* Tue Apr  8 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-99
- Allow privoxy to write to /etc/privoxy/default\.action
* Fri Apr  4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-98
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home 
dirs if the boolean is set
- Allow fetchmail to manage sendmail_log
* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-97
- Allow stunnel apps to r/w the stunnel socket
* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-96
- Allow munin-node to bind to socket
* Tue Mar 18 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-95
- Allow rythmbox to talk to avahi
- Add prewikka policy
* Mon Mar 17 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-94
- Correct labeling on /var/run/dmevent.*
- Allow pam_t to read wtmp file
- Allow squid to run chkpwd
- Allow postfix_local to exec clamscan
- Allow munin to listen on munin_port
- Label /var/lib/cups-pdf correctly
- Allow fail2ban to read etc_runtime files and to connectto itself
- Label lustrefs and panfs as nfs_t
- Allow kismet to talk to the terminal
* Tue Mar 11 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-93
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
* Tue Mar  4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-92
- Fix openoffice policy to allow it to run from firefox on xguest
* Tue Mar  4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-92
- Fix openoffice policy to allow it to run from firefox on xguest
* Tue Mar  4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-91
- Allow rpc.mountd to write to lvm_control_t chr_file
* Tue Mar  4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-90
- Allow mozilla to auth_use_nsswitch
- Change location of mock
- Fix context on /usr/sbin/validate
- allow vbetool to map low kernel memory
- Allow fail2ban to connect to whois port
- Allow bitlbee to read locale files
- Allow clamd to execute shell
- dontaudit setroubleshoot reading cifs and nfs files
* Thu Feb 21 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-89
- Add jkubin changes for nx and groupadd
- Add isns port
* Wed Feb 20 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-88
- Add policy for /dev/autofs
* Mon Feb 18 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-87
- Allow apmd to talk to consolekit via dbus
* Fri Feb 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-86
- Add prelude/audisp policy
* Tue Feb 12 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-85
- Fix cups executables labeling
* Fri Feb  1 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-84
- Allow fail2ban to create sock_files in /var/run
* Tue Jan 22 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-83
- Make oddjob_mkhomedir work with confined login domains
* Tue Jan 22 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-82
- Allow xdm to sys_ptrace
* Tue Jan 22 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-81
- Allow zebra to listen on port 521
* Thu Jan 17 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-79
- Add procmail_log support
- Lots of fixes for munin
- fixes for dnsmasq
- Allow tmpreaper to delete aqmavis spool files
* Wed Jan 16 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-78
- Allow procmal to signal pyzor
* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-77
- Allow daemons to write to cron fifo_files
* Mon Jan 14 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-76
- Fix filecontext for networkmanagerlog files
- Allow mount to read samba config
- Fix label of /var/lib/tftpboot 
- Fix label of /usr/lib(64)?/xorg/modules/glesx.so
- Fix label on /etc/NetworkManager/dispatcher.d/*
- Allow httpd to send dbus messages
* Thu Jan  3 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-75
- Alow postgrey to read postfix_etc_t
- Lots of fixes to get javaplugin to run under xguest
* Thu Jan  3 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-74
- Allow updatedb to getatt on fifo_files
* Mon Dec 31 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-73
- Fix specification for clamav and clamd log files
* Sat Dec 22 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-72
- Fixes to make confined mozilla work better
- Allow procmail to transition to spamd
* Fri Dec 21 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-71
- add file context for nspluginwrapper
* Fri Dec 21 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-70
- Allow mount.crypto to work
- Allow fsck to read file_t
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-69
- Allow ssh to read sym links in homedirs
* Mon Dec 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-68
- Allow ldconfig to manage files in the homedir
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-67
- Allow kdm to transition to bootloader_t through grub
* Thu Dec  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-66
- Allow depmod to read tmp files from rpm
- Dontaudit pam_timestamp_check access to ~.xsessions
- Allow postfix_local to transition to dovecot_deliver
- Allow postgrey to read postfix_spool
* Tue Dec  4 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-65
- Allow httpd_sys_script_t to search users homedirs
* Sun Dec  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories
* Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Set vmware to unconfiend domain, since policy is very good yet.
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-62
- Allow xend to create xend_var_log_t directories
- dontaudit setfiles relabel of /proc /sys caused by named-chroot
- Add rules for pam_keyinit (setkeycreate, ipc_lock)
- Allow mount to read unlabeled directorys for reiserfs
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes.  Allows kiosk users to 
- copy to usb media
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Allow system_mail_t to write to exim_log_t
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
      xguest_mount_media
      xguest_connect_network
      xguest_use_bluetooth
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
* Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
- Allow spamd to manage razor files
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-52
- Allow apache to read unconfined users content
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication
* Fri Nov  9 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-50
- Allow login programs to delete user temp files
* Thu Nov  8 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-49
- Separate xguest from guest
- Allow confined domains to output to rpm pipes
* Wed Nov  7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-48
- Add obsoletes selinux-policy-strict
- Run inetd unconfined
- dontaudit loadkeys looking at homedir
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
* Tue Nov  6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
* Fri Nov  2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-45
- Allow system_mail_t to domtrans to exim_t
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list