1 |
Hi guys, |
2 |
|
3 |
In the hardened-dev overlay you can now find the SELinux policy revision 9 |
4 |
(and its affiliated modules). The included changes are: |
5 |
|
6 |
- <bug #330767> Include virtualization files & update policy to allow |
7 |
libvirtd to work in Gentoo |
8 |
- <bug #394315> Allow direct command execution from sudo (requires the |
9 |
latest sudo with SELinux support though) |
10 |
- <no bug> Update skype policy (allow writing to xdg_config_home_t & |
11 |
reading network state) |
12 |
- <no bug> Drop compatibility for older baselayout (openrc fully stable) |
13 |
- <no bug> Have dontaudit for Xserver reading /proc/* (PIDs) |
14 |
|
15 |
All in all a small set of changes. There are a few bugs still open that I'm |
16 |
having difficulties with getting the right information or getting it |
17 |
reproduced. Especially those that are mostly based on running in permissive |
18 |
mode, since it is very hard then to find out what would be happening if the |
19 |
system was running in enforcing. |
20 |
|
21 |
On a side-note, I've moved the SELinux module documentation to the Gentoo |
22 |
Wiki @ http://wiki.gentoo.org/wiki/SELinux and I've also copied quite a few |
23 |
entries from our FAQ into the Knowledge Base |
24 |
(http://wiki.gentoo.org/wiki/Knowledge_Base:Main_Page) |
25 |
|
26 |
Wkr, |
27 |
Sven Vermeulen |