Fedora 10 Update: selinux-policy-3.5.13-72.fc10

updates at fedoraproject.org updates at fedoraproject.org
Wed Oct 14 01:35:02 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9808
2009-09-24 04:13:28
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 10
Version     : 3.5.13
Release     : 72.fc10
URL         : http://oss.tresys.com/repos/refpolicy/
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision  2837.

--------------------------------------------------------------------------------
Update Information:

- Allow spamd to read spamd_var_lib_t symlinks
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-72
- Allow spamd to read spamd_var_lib_t symlinks
* Thu Sep  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-71
- Allow postgresql to send audit messages
* Fri Aug 21 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-70
- Allow gpsd fsetid capability
* Fri Aug 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-69
- Add ptchown policy from Dan Walsh
* Fri Jul 31 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-68
- Allow lircd read/write input event devices
* Mon Jul 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-67
- Allow setroubleshootd to read all symlinks
* Fri Jul  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-66
- Allow ftpd to create shm
* Wed Jun 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-65
- Dontaudit dhcpc to access sys_ptrace
* Thu Jun 11 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-64
- Allow rpcd to send signals to automount
* Wed Jun  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-63
- Allow sendmail to transition to postfix_postqueue domain
* Wed Jun  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-62
- Allow hald to manage fusefs_t directories
* Fri May 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-61
- Allow hald to gettattr on all files
* Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-60
- Fixes for kpropd
- Add /usr/share/selinux/packages
* Thu May  7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-59
- Fix /sbin/ip6tables-save context
- Fix milter policy
* Fri Apr 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-58
- Allow nfs to share removable media
* Thu Apr 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-57
- Fix iptables labeling
* Tue Apr 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-56
- Fix fail2ban policy
- Allow sendmail to read fail2ban_var_lib_t
- Fix iptables labeling
* Tue Apr  7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-55
- Allow swat_t domtrans to smbd_t
* Mon Mar 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-54
- Allow bitlbee_t to read /proc/meminfo
- Fix lircd policy
- Allow logrotate to manage BIND cache files
* Wed Mar 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-53
- Add labeling for new devices
- Fix devices policy
* Wed Mar 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-52
- Allow hald_t to read ppp config
* Mon Mar 23 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-51
- Add LIRC policy
- Xenner fixes
* Fri Mar 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-50
- Add gitosis policy
- Allow mdadm to read/write mls override
* Fri Mar 13 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-49
- Add gpsd policy
- Fix razor policy
- Fix sysnet/net_conf_t
* Fri Mar  6 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-48
- Fix pcscd policy
- Allow alsa to read hardware state information
* Thu Feb 26 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-47
- Allow ktalkd to write to terminals
- Fix qemu labeling
- Fix mysqld_safe policy
* Thu Feb 19 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-46
- Fix squidGuard labeling
- Allow ftpd to list inotifyfs
* Thu Feb 12 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-45
- Fix qemu policy
- Fix nfs_selinux man page
- Do transitions outside of the booleans
- Fix mysql policy
- Add ftpd_connect_db boolean
* Thu Feb  5 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-44
- Allow prelude-manager to read etc_runtime_t
* Wed Feb  4 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-43
- Add milter policy
* Tue Feb  3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-42
- Fixes for wicd daemon
- Add nsplugin_can_network boolean
* Tue Jan 27 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-41
- Add psad policy
- Allow certwatch read httpd config files
- Allow ntpd, spamd, mailman (qrunner) to list inotify
- Fix wine labeling
* Mon Jan 19 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-40
- Allow kismet read generic files in /usr
- Add execstack for Podsleuth policy  
- Allow qemu use generic ptys and ptmx
* Mon Jan 12 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-39
- Allow cups_pdf_t mananage nfs files/dirs
- Add read_lnk_files to postfix_domain_template
- Fix hald_acl_t to be able to getattr/setattr on fixed disk device nodes
- Allow prelude_audisp_t to signal itself
* Sun Jan  4 2009 Dan Walsh <dwalsh at redhat.com> 3.5.13-38
- Allow sendmail to list inotifyfs
* Sat Dec 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-37
- Allow sshd to use inotify
* Fri Dec 19 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-36
- Add hal_dccm policy
* Tue Dec  9 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-35
- Allow staff_t to execute at jobs
* Tue Dec  9 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-34
- Allow semanage to send signals to itself
* Fri Dec  5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-33
- Allow nsplugin to manage sock files and fifo_files in nsplugin_home_t
* Thu Dec  4 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-32
- Turn off nsplugin transition, by default
- Allow httpd_sys_script_t to communicate with postgresql
* Tue Dec  2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-30
- Allow nsplugin to list gconf_home_t directory
* Tue Dec  2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-29
- Allow spamc to communicate with spamd via sock file
* Tue Dec  2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-28
- Allow kismet to kill itself
* Thu Nov 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-27
- Allow iptables dac permissions
- Allow awstates to use inotify
* Tue Nov 25 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-26
- Allow dhcpc to read ypbind.pid
* Tue Nov 25 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-25
- Allow postfix_smtpd to getattr on directories and file systems
* Mon Nov 24 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-24
- Fix certwatch creating cache
* Mon Nov 24 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-23
- Add afs_client port definition
* Tue Nov 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-22
- Allow ftp to search fusefs
* Fri Nov 14 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-21
- Allow sambagui to use nsswitch
* Mon Nov 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-20
- Change default boolean settings for xguest
- Allow mount to r/w image files
- Fix labes for several libraries that need textrel_shlib_t
- portreserve needs to be able to sendrecv unlabeled_t
- Fix Kerberos labeling
- Fix cups printing on hp printers
- Allow relabeling on blk devices on the homedir
- Allow nslpugin to r/w inodefs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #523408 - SELinux is preventing spamd (spamd_t) "read" to identity (spamd_var_lib_t).
        https://bugzilla.redhat.com/show_bug.cgi?id=523408
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list