Fedora 11 Update: selinux-policy-3.6.12-88.fc11

updates at fedoraproject.org updates at fedoraproject.org
Fri Nov 20 05:29:53 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11129
2009-11-06 23:59:08
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 11
Version     : 3.6.12
Release     : 88.fc11
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2945.

--------------------------------------------------------------------------------
Update Information:

- Allow hplip to bind to howl_port_t  - Allow consolekit to manage
/var/run/console directory  - Fixed sssd policy  - Allow iptables to work with
shorewall  - Add libADM* libs to textrel_shlib_t
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-88
- Allow hplip to bind to howl_port_t
* Fri Oct 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-87
- Allow consolekit to manage /var/run/console directory
- Fixed sssd policy
- Allow iptables to work with shorewall
- Add libADM* libs to textrel_shlib_t
* Fri Oct 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-86
- Allow xdm to unlink xauth_home_t
* Wed Sep 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-85
- dovecot needs setcap/getcap
- Fix up sssd policy
* Tue Sep 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-84
- Allow sshd to create .ssh directory and content
* Wed Sep 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-83
- Add wordpress/wp-content/uploads label
- Add /var/lib/libvirt/qemu label
- Allow tzdata to getattr of all persistent filesystems
* Wed Sep  2 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-82
- Allow gssd to send signals to users
- Allow fsdaemon_t setpcap capability
* Thu Aug 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-81
- Turn back on unconfineduser and unconfined domains
* Mon Aug 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-80
- Allow pptp dac_override capability
* Thu Aug 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-79
- Fixes for racoon 
- Fixes for ptchown
- Fixes for openvpn
* Fri Aug 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-78
- Add ptchown policy from Dan Walsh
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-77
- Allow fprintd_t to getattr of all persistent filesystems
* Thu Aug 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-76
- Allow hald_t to list net_conf_t directory
* Tue Aug 11 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-75
- Allow polkit_auth_t to getattr of all persistent filesystems
* Wed Aug  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-74
- Allow svirt images to create sock_file in svirt_var_run_t
* Tue Aug  4 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-73
- Allow svirt_t to stream_connect to virtd_t
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-72
- Add postfix and dovecot fixes from dwalsh
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-71
- Allow lircd read/write input event devices
* Tue Jul 28 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-70
- Dontaudit logrotate sys_ptrace capability
- Allow mrtg to transition to ping_t
* Mon Jul 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-69
- Allow sshd getsched capability
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-68
- Fixes for hald_dccm
* Fri Jul 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-67
- Allow hal to dbus chat with polkit
* Wed Jul 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-66
- Allow dhcpc to read users files
* Wed Jul  8 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-65
- Fixes for xguest
* Tue Jul  7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-64
- Fixes for kpropd
- Fix up kismet policy
* Fri Jul  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-63
- Allow ftpd to create shm
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-62
- Allow sshd to manage gitosis var/lib files
* Mon Jun 29 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-61
- Allow avahi net_admin capability
* Thu Jun 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-60
- Fix up gpsd policy
* Wed Jun 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-59
- Fix up xguest policy
* Tue Jun 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-58
- Allow kpropd to create tmp files
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-57
- Allow mysqld_safe to manage db files
- Allow udev_t to read/write anon_inodefs
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-56
- Add gitosis policy
* Fri Jun 19 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-55
- Add boolean to allow svirt to use usb devices
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-53
- Allow ftp to create xferlog_t files in an xferlog_t directory
- Fix svirt separation on chr_file, and blk_file
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-52
- Allow kpropd to create krb5_lock_t files in krb5_conf_t directory
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-51
- Remove some privs from svirt to tighten the policy
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-50
- Allow udev to transition to bluetooth
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-49
- Add labeling for midori shared libraries
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate
* Thu Jun  4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-47
- Allow fprintd to read /proc
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-46
- Allow domains to check if the /selinux is mounted and search the directory
- Dontaudit rules are blocking audit events
* Tue Jun  2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-45
- Add proper labeling for shorewall
* Mon Jun  1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-44
- Add fish as a shell_exec_t
- Allow consolekit to search mountpoints
- Allow xdm_t to delete user_home_t
* Wed May 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-43
- Allow fprintd to list usbfs_t
- Add listing of mailman_data_t
- Allow hald to manage fusefs_t directories
- Allow groupadd to read usr_t symlinks
* Tue May 26 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-42
- New log file for vmware
- Allow xdm to setattr on user_tmp_t
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-41
- Allow sysadm_t to connect to virt stream
* Thu May 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-40
- Add context for /root/.spamassassin
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list