Gentoo Archives: gentoo-hardened

From: Sven Vermeulen <swift@g.o>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] SELinux base policy rev 8 in hardened-dev
Date: Sun, 11 Dec 2011 13:49:35
Message-Id: 20111211134838.GA29285@gentoo.org
1 Hi guys,
2
3 I just pushed rev 8 of selinux-base-policy (and the various policy modules
4 that have changes in them since rev 7). The included changes are:
5
6 - <bug #390881> dontaudit statements for portage (netlink_route_socket)
7 - <bug #393315> update file contexts to support slim and lxdm
8 - <bug #393443> fix syntax issue with mutt
9 - <bug #389577> initial set of fixes for fail2ban (more to come though)
10 - <no bug> update on gorg policy
11 - <no bug> update on XDG definitions (mozilla)
12 - <no bug> dontaudit on mount_t write/setattr on mountpoints
13 - <no bug> dontaudit creation of socket by qemu
14 - <no bug> dontaudit sudo searching in home dirs
15 - <no bug> dontaudit vde searching in home dirs
16 - <no bug> mark portage_ebuild_t as a mountpoint
17 - <no bug> have selinux-telnet depend on selinux-remotelogin
18
19 There are also a couple of module packages who referred to a non-existing
20 module. These have been updated to properly depend on the correct module
21 package.
22
23 For the SELinux fans, the SELinux FAQ and SELinux Handbook have also seen a
24 few updates, not in the least about supporting non-hardened profiles with
25 SELinux. The SELinux bug reporting guide has also been uploaded.
26
27 http://hardened.gentoo.org/selinux
28
29 I'm also adding the proper dependencies on the packages towards the
30 sec-policy/selinux-<module> as mentioned on gentoo-dev@g.o. I'm doing that
31 as I see them pass by currently, but will probably do a larger bump later.
32
33 Also, there's a bug open for the base-system to have sudo built with
34 --with-selinux to enable SELinux support in sudo (out-of-the-box).
35
36 Wkr,
37 Sven Vermeulen