1 |
Hi guys, |
2 |
|
3 |
I've pushed rev 5 of the base policy (and selinux-dhcp) to the hardened-dev |
4 |
overlay. This one contains the following changes since rev 4: |
5 |
|
6 |
<no bug> Do not audit getattr/search on user_home_dir_t stuff from within portage_fetch_t |
7 |
<no bug> Do not audit getattr on udev netlink_kobject_uevent_sockets and unix_stream_sockets from within initrc (bootmisc) |
8 |
<no bug> Allow init scripts (bootmisc) to clean up /tmp location |
9 |
<no bug> Allow init scripts to delete stale syslog control sockets |
10 |
<no bug> Allow bootmisc to mkdir/rmdir in /var/lib |
11 |
<no bug> Allow mount to setsched on kernel_t |
12 |
<no bug> Mark the selinuxfs mounts as mountpoints |
13 |
<no bug> Do not audit searches by mount on unlabeled_t before it mounts on them |
14 |
#389425 Update patch for DHCP regarding binding to generic UDP ports |
15 |
<no bug> Support integrated run_init properly again |
16 |
<no bug> Add in references to sysfs where SELinux access is used (dev_getattr_sysfs_fs) |
17 |
<no bug> Mark /lib/rc/console as initrc_state_t to allow bootup to remove stale files in there |
18 |
<no bug> Do not attempt to update base in selinux-base, wait for selinux-base-policy |
19 |
<no bug> Allow nginx_t to list the content of its configuration directories |
20 |
<no bug> Mark /var/lib/ip6tables as initrc_tmp_t to allow init script to save/restore |
21 |
|
22 |
This is the first candidate for pushing to main tree (of the 20120215 policy |
23 |
series). If there are no particular blockers in a few days, I'll do that |
24 |
(and also do the last stabilization on the 20110726 series). |
25 |
|
26 |
In the mean time, I'm going to start pushing out patches upstream so if |
27 |
refpolicy wants some patches structured differently, I'll update them in our |
28 |
tree as well. |
29 |
|
30 |
Wkr, |
31 |
Sven Vermeulen |