| 1 |
Hi guys, |
| 2 |
|
| 3 |
I haven't merged hardened-development overlay with the main tree yet because |
| 4 |
I had to make sure that the changes in the policycoreutils wouldn't break |
| 5 |
(m)any systems. Since I'm now pushing out rev 11, I'm going to skip merging |
| 6 |
rev 10 and focus on the rev 11 instead in a few days. |
| 7 |
|
| 8 |
So yes, the updated policies are now available and include the following |
| 9 |
fixes: |
| 10 |
|
| 11 |
bug #397535: Add policy for working with dracut (creating initramfs) |
| 12 |
bug #396241: Updates for bacula policy |
| 13 |
(no bug): Introduce aggregated types for Apache (needed later to support phpfpm) |
| 14 |
(no bug): Additional dontaudit statements for dbus, mozilla, networkmanager, wpa_cli, hostname, sysnetwork |
| 15 |
(no bug): Do not use java* wildcard in file contexts as it hits java-config as well then |
| 16 |
|
| 17 |
I'm currently putting most work in getting an initramfs with full SELinux |
| 18 |
support (not by forcing unconfined domains or switching to permissive first) |
| 19 |
working (through dracut for the moment). Hopefully that'll work in the near |
| 20 |
future :-( |
| 21 |
|
| 22 |
Wkr, |
| 23 |
Sven Vermeulen |
Archives