Fedora 9 Update: selinux-policy-3.3.1-111.fc9

updates at fedoraproject.org updates at fedoraproject.org
Wed Dec 3 01:26:17 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9846
None
--------------------------------------------------------------------------------

Name        : selinux-policy
Product     : Fedora 9
Version     : 3.3.1
Release     : 111.fc9
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2624.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-111
- Fix cyphesis policy
* Thu Nov 13 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-110
- Allow openvpn to create /etc/openvpn/ipp.txt
* Wed Nov  5 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-108
- Add label to /dev/mspblk.*
* Mon Nov  3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-107
- Allow kismet to send signals to itself
- Allow NetworkManager to transition to dnsmasq
* Tue Oct 28 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-105
- Allow spamd to manage exim spool
* Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-104
- Remove mod_fcgid-selinux package
* Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-103
- More fixes for new netoworkmanager
- Fixes for MLS initrc scripts
* Wed Oct 15 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-102
- Fix gutenburg press, google apps using wine
* Wed Oct  8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-101
- Add openconnect to vpn policy
* Mon Oct  6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-100
- Allow rsync to fownee and fsetid
* Mon Oct  6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-99
- Fix file contexts
* Fri Oct  3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-98
- Allow NetworkManager to transition to avahi and iptables
* Mon Sep 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-97
- Define cupsd_interface_t
* Mon Sep 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-96
- Add postgresql patch from KaiGai Kohei
* Thu Sep 25 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-95
- Allow kismet to bind to port 2501
* Tue Sep 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-94
- Update to latest policy for NetworkManager
* Mon Sep 22 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-93
- Add /dev/msp* support
- Update prewikka support
* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-92
- Dontaudit attempts to write user_tmp_t by gssd_t
* Mon Sep 15 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-91
- Allow nsplugin_cong dac capabilities.
* Tue Sep  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-90
- Add rpcbind to mls policy
- Fix up policy so permissive domains will work
* Tue Sep  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-89
- Fix init script paths
* Tue Sep  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-88
- Allow sendmail to transition to postfix_postdrop_t
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-87
- Allow crontab to work for unconfined users
- Allow courier_authdaemon_t to create sock_file in courier_spool directories
* Thu Aug 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-86
- Allow prewika to write log files
* Wed Aug  6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-85
- Allow clamscan to connect to the clamd_port over tcp
* Fri Aug  1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-84
- Stop confinement of tmpreaper
* Fri Aug  1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-83
- Add 9051 to tor ports
- Add textrel_shlib_t for bad novel library
* Wed Jul 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-82
- Change mail_spool to be a files_mountpoint
* Tue Jul 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-81
- Add boolean httpd_execmem
- Add dontaudit for leaky pam_nssldap 
- Dontaudit ptrace of domains for staff_t
* Thu Jul 24 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-80
- Allow system_crond_t to restart init scripts
- Allow dnsmasq to bind to any udp port
- Change dhclient to be able to red networkmanager_var_run
* Thu Jul 17 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-79
- Allow xguest to communicate with hal
- allow mozilla to communicate with networkmanager
- Add kpropd policy
* Tue Jul  8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-78
- Allow unconfined_t to setfcap
- Allow spamassassin to read razor lib files
* Mon Jul  7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-77
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow prelude_ausisp to signal audisp_t 
- Add support for netware file systems
* Thu Jul  3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-76
- Allow ypbind apps to net_bind_service
* Wed Jul  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-75
- Fix transition from unconfined_t to dhcpc_t
- Allow all system domains and application domains to append to any log file
- allow sendmail to use courier_spool fifo files
* Tue Jul  1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-74
- Make virtd an unconfined domain
* Sun Jun 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-73
- Allow exim to use system_cron pipes
- Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files
- Allow login programs to write to /var/run/pam directory (Encrypted directories)
- Fixes for courier domain
- Add courier domain to mls policy
* Mon Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-72
- Fix file context of real player
* Mon Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-71
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server
* Mon Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-70
- Apply unconfined_execmem_exec_t to haskell programs
* Sun Jun 22 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-69
- Fix prelude file context
* Sun Jun 22 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-68
- Allow virt to getsched and setsched on qemu 
- Allow networkmanager to getattr on fixed disk
* Wed Jun  4 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-66
- Add slattach policy for eparis testing
* Mon Jun  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-65
- Allow bootloader to run mount in the users role
* Mon Jun  2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-64
- Allow policykit_resolve to ptrace all levels
* Fri May 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-63
- Allow policykit_resolve to ptrace user processes
* Fri May 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-61
- Allow policykit_resolve to read users process table
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-60
- Allow policykit_resolve to read polkit_var_lib
- Other policykit fixes
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-59
- Allow oddjob to change roles
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-58
- Allow policykit_resolve to getattr hal
- Allow pyzor_t manage files user_pyzor_home_t
* Wed May 28 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-57
- Allow dhcpc sys_nice
- Allow handling of /var/run/video.rom
- Allow policykit_resolve to use dbus
* Wed May 21 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-56
- Fix vncserver transition to work properly in unconfined environment.
- Allow virsh to run
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-55
- More fixes for spamassassin
* Tue May 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-54
- Allow spamassassin_t to be run by system_r
* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-53
- Add mono_exec to podsleuth
* Fri May 16 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-52
- Allow httpd_suexec_t to use cgi scripts in home dir
- Allow httpd_syexec_t to connect to mysql
- Allow sasl to communicate with kerberos rhost cache
- Fix vncserver to work again
- Allow procmail to ioctl spamasssin_exec_t
* Tue May 13 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-51
- Dontaudit dhcpc_t reading of domains state
* Mon May 12 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-50
- Add sys_nice for audispd
* Thu May  8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-49
- Allow libvirtd sys_nice
- Fixes for policykit
- Allow dovecot getattr all filesystem directories
* Wed May  7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-48
- Allow amanada to create data files
* Wed May  7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-47
- Fix initial install, semanage setup
* Tue May  6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-46
- Allow system_r for httpd_unconfined_script_t
* Wed Apr 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-45
- Remove dmesg boolean
- Allow user domains to read/write game data
* Mon Apr 28 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-44
- Change unconfined_t to transition to unconfined_mono_t when running mono
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work
* Mon Apr 28 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-43
- Remove old booleans from targeted-booleans.conf file
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list