Fedora Core 4: SELinux Policy Configuration Enhancements Security Advisory

Security-enhanced Linux is a patch of the Linux® kernel and a number

of utilities with enhanced security functionality designed to add

mandatory access controls to Linux. The Security-enhanced Linux

kernel contains new architectural components originally developed to

improve the security of the Flask operating system. These

architectural components provide general support for the enforcement

of many kinds of mandatory access control policies, including those

based on the concepts of Type Enforcement®, Role-based Access

Control, and Multi-level Security.

This package contains the SELinux example policy configuration along

with the Flask configuration information and the application

configuration files.

- Bump for FC4

* Thu Aug 25 2005 Dan Walsh 1.25.4-9

- Allow i18n_input to read homedirs

- Remove i18n_input from targeted

* Mon Aug 22 2005 Dan Walsh 1.25.4-8

- Apply russell's cleanups

* Mon Aug 22 2005 Dan Walsh 1.25.4-7

- Bump for FC-4

* Mon Aug 22 2005 Dan Walsh 1.25.4-6

- Fix /var/lib/yp/* file_context

* Mon Aug 22 2005 Dan Walsh 1.25.4-5

- Add capifs

- Add roundup policy

- fix gdm

* Wed Aug 17 2005 Dan Walsh 1.25.4-4.1

- Trying out postfix.te

* Wed Aug 17 2005 Dan Walsh 1.25.4-4

- Add more access for amanda

- Allow dovecot to create files in mail_spool_t

* Tue Aug 16 2005 Dan Walsh 1.25.4-3

- add can_access_pty macro

- Add nsswitch_macro for lots of ldap fixes

* Sun Aug 14 2005 Dan Walsh 1.25.4-2

- Support for policy.20 and policy.19

* Thu Aug 11 2005 Dan Walsh 1.25.4-1

-Update to latest from NSA

* Merged small patches from Russell Coker for the restorecon,

kudzu, lvm, radvd, and spamassasin policies.

* Added fs_use_trans rule for mqueue from Mark Gebhart to support

the work he has done on providing SELinux support for mqueue.

* Merged a patch from Dan Walsh. Removes the user_can_mount

tunable. Adds disable_evolution_trans and disable_thunderbird_trans

booleans. Adds the nscd_client_domain attribute to insmod_t.

Removes the user_ping boolean from targeted policy. Adds

hugetlbfs, inotifyfs, and mqueue filesystems to genfs_contexts.

Adds the isakmp_port for vpnc. Creates the pptp daemon domain.

Allows getty to run sbin_t for pppd. Allows initrc to write to

default_t for booting. Allows Hotplug_t sys_rawio for prism54

card at boot. Other minor fixes.

* Mon Aug 8 2005 Dan Walsh 1.25.3-15

- Bump for FC4

* Mon Aug 8 2005 Dan Walsh 1.25.3-14

- Allow passwd to read sysctl

- Fix fsadm for zip drives

* Fri Aug 5 2005 Dan Walsh 1.25.3-13

- Allow cvs to use kerberos

- Allow sasauthd to use mysql

da96c2699a3aa3adc1fc8b95e8f17e73 SRPMS/selinux-policy-targeted-1.25.4-10.src.rpm

24856d4b565a183fef5ef37c1f2e925f x86_64/selinux-policy-targeted-1.25.4-10.noarch.rpm

76bca90e7653efa77960c3bfd57b288d x86_64/selinux-policy-targeted-sources-1.25.4-10.noarch.rpm

24856d4b565a183fef5ef37c1f2e925f i386/selinux-policy-targeted-1.25.4-10.noarch.rpm

76bca90e7653efa77960c3bfd57b288d i386/selinux-policy-targeted-sources-1.25.4-10.noarch.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com