Gentoo Archives: gentoo-hardened

From: Sven Vermeulen <swift@g.o>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] SELinux base policy rev 8 in hardened-dev
Date: Sun, 11 Dec 2011 13:49:35
1 Hi guys,
3 I just pushed rev 8 of selinux-base-policy (and the various policy modules
4 that have changes in them since rev 7). The included changes are:
6 - <bug #390881> dontaudit statements for portage (netlink_route_socket)
7 - <bug #393315> update file contexts to support slim and lxdm
8 - <bug #393443> fix syntax issue with mutt
9 - <bug #389577> initial set of fixes for fail2ban (more to come though)
10 - <no bug> update on gorg policy
11 - <no bug> update on XDG definitions (mozilla)
12 - <no bug> dontaudit on mount_t write/setattr on mountpoints
13 - <no bug> dontaudit creation of socket by qemu
14 - <no bug> dontaudit sudo searching in home dirs
15 - <no bug> dontaudit vde searching in home dirs
16 - <no bug> mark portage_ebuild_t as a mountpoint
17 - <no bug> have selinux-telnet depend on selinux-remotelogin
19 There are also a couple of module packages who referred to a non-existing
20 module. These have been updated to properly depend on the correct module
21 package.
23 For the SELinux fans, the SELinux FAQ and SELinux Handbook have also seen a
24 few updates, not in the least about supporting non-hardened profiles with
25 SELinux. The SELinux bug reporting guide has also been uploaded.
29 I'm also adding the proper dependencies on the packages towards the
30 sec-policy/selinux-<module> as mentioned on gentoo-dev@g.o. I'm doing that
31 as I see them pass by currently, but will probably do a larger bump later.
33 Also, there's a bug open for the base-system to have sudo built with
34 --with-selinux to enable SELinux support in sudo (out-of-the-box).
36 Wkr,
37 Sven Vermeulen