| 1 |
Hi guys, |
| 2 |
|
| 3 |
In the hardened-dev overlay you can now find the SELinux policy revision 9 |
| 4 |
(and its affiliated modules). The included changes are: |
| 5 |
|
| 6 |
- <bug #330767> Include virtualization files & update policy to allow |
| 7 |
libvirtd to work in Gentoo |
| 8 |
- <bug #394315> Allow direct command execution from sudo (requires the |
| 9 |
latest sudo with SELinux support though) |
| 10 |
- <no bug> Update skype policy (allow writing to xdg_config_home_t & |
| 11 |
reading network state) |
| 12 |
- <no bug> Drop compatibility for older baselayout (openrc fully stable) |
| 13 |
- <no bug> Have dontaudit for Xserver reading /proc/* (PIDs) |
| 14 |
|
| 15 |
All in all a small set of changes. There are a few bugs still open that I'm |
| 16 |
having difficulties with getting the right information or getting it |
| 17 |
reproduced. Especially those that are mostly based on running in permissive |
| 18 |
mode, since it is very hard then to find out what would be happening if the |
| 19 |
system was running in enforcing. |
| 20 |
|
| 21 |
On a side-note, I've moved the SELinux module documentation to the Gentoo |
| 22 |
Wiki @ http://wiki.gentoo.org/wiki/SELinux and I've also copied quite a few |
| 23 |
entries from our FAQ into the Knowledge Base |
| 24 |
(http://wiki.gentoo.org/wiki/Knowledge_Base:Main_Page) |
| 25 |
|
| 26 |
Wkr, |
| 27 |
Sven Vermeulen |
Archives