Fedora 9 SELinux Policy Update: 2008-5808 Moderate Security Advisory

SELinux Reference Policy - modular.

Based off of reference policy: Checked out revision 2624.

* Mon Jun 23 2008 Dan Walsh 3.3.1-72

- Fix file context of real player

* Mon Jun 23 2008 Dan Walsh 3.3.1-71

- Allow system_mail_t to exec other mail clients

- Label mogrel_rails as an apache server

* Mon Jun 23 2008 Dan Walsh 3.3.1-70

- Apply unconfined_execmem_exec_t to haskell programs

* Sun Jun 22 2008 Dan Walsh 3.3.1-69

- Fix prelude file context

* Sun Jun 22 2008 Dan Walsh 3.3.1-68

- Allow virt to getsched and setsched on qemu

- Allow networkmanager to getattr on fixed disk

* Wed Jun 4 2008 Dan Walsh 3.3.1-66

- Add slattach policy for eparis testing

* Mon Jun 2 2008 Dan Walsh 3.3.1-65

- Allow bootloader to run mount in the users role

* Mon Jun 2 2008 Dan Walsh 3.3.1-64

- Allow policykit_resolve to ptrace all levels

* Fri May 30 2008 Dan Walsh 3.3.1-63

- Allow policykit_resolve to ptrace user processes

* Fri May 30 2008 Dan Walsh 3.3.1-61

- Allow policykit_resolve to read users process table

* Thu May 29 2008 Dan Walsh 3.3.1-60

- Allow policykit_resolve to read polkit_var_lib

- Other policykit fixes

* Thu May 29 2008 Dan Walsh 3.3.1-59

- Allow oddjob to change roles

* Thu May 29 2008 Dan Walsh 3.3.1-58

- Allow policykit_resolve to getattr hal

- Allow pyzor_t manage files user_pyzor_home_t

* Wed May 28 2008 Dan Walsh 3.3.1-57

- Allow dhcpc sys_nice

- Allow handling of /var/run/video.rom

- Allow policykit_resolve to use dbus

* Wed May 21 2008 Dan Walsh 3.3.1-56

- Fix vncserver transition to work properly in unconfined environment.

- Allow virsh to run

* Tue May 20 2008 Dan Walsh 3.3.1-55

- More fixes for spamassassin

* Tue May 20 2008 Dan Walsh 3.3.1-54

- Allow spamassassin_t to be run by system_r

* Mon May 19 2008 Dan Walsh 3.3.1-53

- Add mono_exec to podsleuth

* Fri May 16 2008 Dan Walsh 3.3.1-52

- Allow httpd_suexec_t to use cgi scripts in home dir

- Allow httpd_syexec_t to connect to mysql

- Allow sasl to communicate with kerberos rhost cache

- Fix vncserver to work again

- Allow procmail to ioctl spamasssin_exec_t

* Tue May 13 2008 Dan Walsh 3.3.1-51

- Dontaudit dhcpc_t reading of domains state

* Mon May 12 2008 Dan Walsh 3.3.1-50

- Add sys_nice for audispd

* Thu May 8 2008 Dan Walsh 3.3.1-49

- Allow libvirtd sys_nice

- Fixes for policykit

- Allow dovecot getattr all filesystem directories

* Wed May 7 2008 Dan Walsh 3.3.1-48

- Allow amanada to create data files

* Wed May 7 2008 Dan Walsh 3.3.1-47

- Fix initial install, semanage setup

* Tue May 6 2008 Dan Walsh 3.3.1-46

- Allow system_r for httpd_unconfined_script_t

* Wed Apr 30 2008 Dan Walsh 3.3.1-45

- Remove dmesg boolean

- Allow user domains to read/write game data

* Mon Apr 28 2008 Dan Walsh 3.3.1-44

- Change unconfined_t to transition to unconfined_mono_t when running mono

- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work

* Mon Apr 28 2008 Dan Walsh 3.3.1-43

- Remove old booleans from targeted-booleans.conf file

su -c 'yum update selinux-policy' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/