Gentoo Archives: gentoo-hardened

From: Sven Vermeulen <swift@g.o>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] SELinux base policy rev 11 in hardened-dev overlay
Date: Sun, 20 Jan 2013 11:55:59
Message-Id: 20130120115555.GA5304@gentoo.org
1 Hi guys,
2
3 I've pushed out another set of ebuilds for the SELinux policies, containing
4 83 changes as reported by git. Needless to say, some testing is appreciated ;-)
5
6 Short changelog below.
7
8 Wkr,
9 Sven Vermeulen
10
11 9f242f6 Module version bumps for file context fixes in various policy modules by Laurent Bigonville
12 c9b7346 Label /usr/bin/kvm as qemu_exec_t
13 19cdd44 ptchown.fc: Properly label pt_chown executable in Debian
14 f3b0af1 gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian
15 6de9099 Fix typo in mcelog_admin (missing bracket)
16 e507015 Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-refpolicy
17 9b69c1f updating udev-197 udevd location for gentoo bug 451128
18 65c069f Google talk plugin searches through devices
19 a5c9b3e Remove calls that are merged (were in distro_gentoo blocks but not needed anymore)
20 59251ce Module version bump for fixes from Dominick Grift.
21 6969d25 NSCD related changes in various policy modules
22 de5aa80 Changes to the userdomain policy module
23 120c8be Changes to the init policy module
24 d7b373a Module version bump for misc updates from Sven Vermeulen.
25 80a0782 Introduce exec-check interfaces for passwd binaries and useradd binaries
26 c98a726 Allow initrc_t to read stunnel configuration
27 545015a Allow syslogger to manage cron log files (v2)
28 c6dbdc8 lvscan creates the /run/lock/lvm directory if nonexisting (v2)
29 c2097b3 Postgresql 9.2 connects to its unix stream socket
30 b97379a Module version bumps for fixes in various policy module by Sven Vermeulen
31 60829a7 Changes to the puppet policy module
32 284c7ca Changes to the virt policy module
33 631f92e Puppet runs statfs against selinuxfs
34 2e349e9 Puppet initscript creates /run/puppet
35 fc536df Support netlink_route_socket creation for puppet
36 6faf8db Puppet module helper scripts are puppet_var_lib_t
37 c01b451 Grant sys_admin capability to puppet
38 d1c0e94 Allow rpc admin to run exportfs
39 3e5f315 Changes to puppet domain
40 f283916 Move mta call (coding style)
41 ee6f07d Mark make.profile entry as portage_conf_t (v2)
42 ca9488d More .maildir fixes
43 775f39d Allow staff and regular user the googletalk plugin domains
44 800aca7 Support using googletalk
45 33ef617 Introduce googletalk policy
46 a1d8e9e Support mozilla_dontaudit_use_fds and mozilla_send_dgram_plugin interfaces
47 72d8966 Introduce xdg_search_config_home_dirs interface
48 291da0d Fix typo, needed to call the argument, not sysadm_t
49 2e34d4e Create filetransition for ld.so.cache~
50 535015c Mozilla plugin to read profile info
51 c0a7407 Move gentoo specifics downwards
52 e81132e Udev init script writes to /proc/sys/kernel/hotplug
53 d7a74e2 Use udev_rules_t for /run/udev/rules.d
54 16b663c Support a file transition from udev_var_run_t to udev_rules_t
55 dd062fb Move majority of gentoo specifics downwards
56 a642219 Add file transition for /dev/.lvm created by lvm_t
57 cb6cc4d Move Gentoo specifics downwards
58 8b82a9a Mark /run/udev/rules.d as udev_rules_t
59 22c79cd Move gentoo specifics down
60 94f9528 Fix specification collision
61 30716f7 Allow qemu to create TCP sockets (VNC support)
62 a52c5eb Move distro_gentoo stuff towards the end of the file (easier upstream patching)
63 1d5cee4 Allow restorecon/setfiles to read all symlinks
64 3733985 Puppet runs statfs against selinuxfs
65 4a0681d Puppet initscript creates /run/puppet
66 08e4126 Support netlink_route_socket creation for puppet
67 a21e705 Puppet module helper scripts are puppet_var_lib_t
68 8317266 Grant sys_admin capability to puppet
69 1ff5050 Mark sysadm as rpc_admin
70 acc84cf Allow rpc admin to run exportfs
71 f990dd9 Allow sysadmin to call rpcinfo
72 6e18623 Remove redundant net_bind_service capabilities in various modules
73 aa3d987 Changes to the apcupsd policy module
74 2689d76 Changes to the dbus policy module
75 3ed388d Changes to the cups policy module
76 05cc79c Module version bumps for fixes in various policy modules by Laurent Bigonville
77 0608e67 Allow cupsd_t to read cupsd_log_t
78 768a51c Allow virsh_t context to read sysctl_crypto_t
79 0d6cad3 Allow networkmanager_t to read crypto_sysctl_t
80 f155aab Allow pcscd the fsetid capability
81 319156b cups.fc: Properly label cups-pk-helper-mechanism on Debian
82 9f4c32e policykit.fc: Properly label polkit-agent-helper-1 on Debian
83 9831e61 Changes to the dbus policy module
84 bdfa170 Properly label nm-dispatcher.action on Debian
85 04c3a35 Changes to the nscd policy module and relevant dependencies
86 4348e22 Changes to the wdmd policy module and relevant dependencies
87 6b6e45c Changes to the logwatch policy module
88 75f29a2 Changes to the userhelper policy module
89 ff3ed95 Changes to the cobbler policy module
90 975a174 Changes to the dovecot policy module
91 0b82370 Changes to the munin policy module
92 cd61d48 Changes to the virt policy module
93 ec537ce Changes to the dkim policy module