1 |
Hi guys, |
2 |
|
3 |
I just pushed rev 8 of selinux-base-policy (and the various policy modules |
4 |
that have changes in them since rev 7). The included changes are: |
5 |
|
6 |
- <bug #390881> dontaudit statements for portage (netlink_route_socket) |
7 |
- <bug #393315> update file contexts to support slim and lxdm |
8 |
- <bug #393443> fix syntax issue with mutt |
9 |
- <bug #389577> initial set of fixes for fail2ban (more to come though) |
10 |
- <no bug> update on gorg policy |
11 |
- <no bug> update on XDG definitions (mozilla) |
12 |
- <no bug> dontaudit on mount_t write/setattr on mountpoints |
13 |
- <no bug> dontaudit creation of socket by qemu |
14 |
- <no bug> dontaudit sudo searching in home dirs |
15 |
- <no bug> dontaudit vde searching in home dirs |
16 |
- <no bug> mark portage_ebuild_t as a mountpoint |
17 |
- <no bug> have selinux-telnet depend on selinux-remotelogin |
18 |
|
19 |
There are also a couple of module packages who referred to a non-existing |
20 |
module. These have been updated to properly depend on the correct module |
21 |
package. |
22 |
|
23 |
For the SELinux fans, the SELinux FAQ and SELinux Handbook have also seen a |
24 |
few updates, not in the least about supporting non-hardened profiles with |
25 |
SELinux. The SELinux bug reporting guide has also been uploaded. |
26 |
|
27 |
http://hardened.gentoo.org/selinux |
28 |
|
29 |
I'm also adding the proper dependencies on the packages towards the |
30 |
sec-policy/selinux-<module> as mentioned on gentoo-dev@g.o. I'm doing that |
31 |
as I see them pass by currently, but will probably do a larger bump later. |
32 |
|
33 |
Also, there's a bug open for the base-system to have sudo built with |
34 |
--with-selinux to enable SELinux support in sudo (out-of-the-box). |
35 |
|
36 |
Wkr, |
37 |
Sven Vermeulen |