[UCI-Linux] Fedora Core 3 Update: selinux-policy-strict-1.19.10-2

Mike Iglesias IGLESIAS at uci.edu
Thu Dec 2 13:37:44 PST 2004


From: Daniel J Walsh <dwalsh at redhat.com>
To: fedora-announce-list at redhat.com
Date: Thu, 02 Dec 2004 15:52:21 -0500
Subject: Fedora Core 3 Update: selinux-policy-strict-1.19.10-2

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-502
2004-12-02
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : selinux-policy-strict
Version     : 1.19.10
Release     : 2
Summary     : SELinux strict policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.

---------------------------------------------------------------------
Update Information:

Update to latest version in rawhide, since this is what is being used by 
the SELinux community for strict policy
---------------------------------------------------------------------
* Thu Dec 02 2004 Dan Walsh <dwalsh at redhat.com> 1.19-10-2

- Bump for FC3

* Thu Dec 02 2004 Dan Walsh <dwalsh at redhat.com> 1.19-10-1

- Update to latest from NSA
- Fix tty devices from IBM Platforms

* Thu Dec 02 2004 Dan Walsh <dwalsh at redhat.com> 1.19-9-1

- Update to add execmem and execmod

* Wed Dec 01 2004 Dan Walsh <dwalsh at redhat.com> 1.19-8-4

- Allow boolloader to can_exec_any

* Wed Dec 01 2004 Dan Walsh <dwalsh at redhat.com> 1.19-8-3

- Add ipx support
- Fix portmap

* Tue Nov 30 2004 Dan Walsh <dwalsh at redhat.com> 1.19-8-2

- Make htdig work

* Tue Nov 30 2004 Dan Walsh <dwalsh at redhat.com> 1.19-8-1

- Cleanup several network_client calls
- Update from upstream

* Tue Nov 30 2004 Dan Walsh <dwalsh at redhat.com> 1.19-7-2

- Remove root_dir_type, fix hotplug

* Tue Nov 30 2004 Dan Walsh <dwalsh at redhat.com> 1.19-7-1

- Update to Upstream

* Mon Nov 29 2004 Dan Walsh <dwalsh at redhat.com> 1.19-6-1

- Update to Upstream

* Wed Nov 24 2004 Dan Walsh <dwalsh at redhat.com> 1.19-5-1

- Update to Upstream
- Convert to new network_macros.te

* Tue Nov 23 2004 Dan Walsh <dwalsh at redhat.com> 1.19-4-4

- Add proc_net for unconfined_t

* Mon Nov 22 2004 Dan Walsh <dwalsh at redhat.com> 1.19-4-3

- Fix location of selinuxenabled

* Mon Nov 22 2004 Dan Walsh <dwalsh at redhat.com> 1.19-4-2

- Add some rules to allow httpd_sys_content_t to access to httpdcontent 
if httpd_unified is set

o* Sun Nov 21 2004 Dan Walsh <dwalsh at redhat.com> 1.19-4-1
- Upgrade to match upstream
- Require policycoreutils

* Fri Nov 19 2004 Dan Walsh <dwalsh at redhat.com> 1.19-3-1

- Upgrade to upstream
- Add fixes for postgres and apache

* Thu Nov 18 2004 Dan Walsh <dwalsh at redhat.com> 1.19-2-1

- Upgrade to upstream

* Wed Nov 17 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-14

Add back in zebra

* Wed Nov 17 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-13

- don't transition from sysadm_t (unconfined_t) to system_mail_t when
executing sendmail in targeted policy

* Wed Nov 17 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-12

- Fixes for crond fifo file, httpd_unified, and cups

* Tue Nov 16 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-11

- Fixed for /dev/pmu and printconf

* Tue Nov 16 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-10

- Add boolean to allow httpd to communicate with tty

* Sat Nov 13 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-9

- Minor fixes
- Add postgresql.te to targeted

* Fri Nov 12 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-8

- tighten security on squirrelmail

* Fri Nov 12 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-7

- Fixes to get squirrelmail working in targeted policy

* Thu Nov 11 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-6

- Remove unwanted te files to make policy smaller

* Thu Nov 11 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-5

- Add allow_kerberos for targeted policy and fix ntpd for targetd

* Wed Nov 10 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-4

- Fix mysql.te

* Wed Nov 10 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-3

- Cleanup of Dovecot and squirrelmail

* Wed Nov 10 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-2

- Allow httpd to read bin_t lnk_files

* Tue Nov 09 2004 Dan Walsh <dwalsh at redhat.com> 1.19-1-1

- Update from NSA

* Mon Nov 08 2004 Dan Walsh <dwalsh at redhat.com> 1.18.2-4

- Add /dev/pmu and privoxy fixes

* Mon Nov 08 2004 Dan Walsh <dwalsh at redhat.com> 1.18.2-3

- Complete lockdev and test with mincom

* Sat Nov 06 2004 Dan Walsh <dwalsh at redhat.com> 1.18.2-2

- Add preliminary lockdev defs

* Sat Nov 06 2004 Dan Walsh <dwalsh at redhat.com> 1.18.2-1

- Allow gpg to read/write user homedir files

* Sat Nov 06 2004 Dan Walsh <dwalsh at redhat.com> 1.18.2-1

- Merge with upstream
- Allow users to read xdm pid files
- Allow sysadm_t to communicate with xdm fifo file.

* Thu Nov 04 2004 Dan Walsh <dwalsh at redhat.com> 1.18.1-3

- ooffice is crashing because it needs to getattr on a dri device.

* Wed Nov 03 2004 Dan Walsh <dwalsh at redhat.com> 1.18.1-2

- Eliminate single user domain

* Tue Nov 02 2004 Dan Walsh <dwalsh at redhat.com> 1.18.1-1

- Update from NSA

* Tue Nov 02 2004 Dan Walsh <dwalsh at redhat.com> 1.17.37-2

- Many fixes for tighter can_network policy and nscd_client_domain

* Mon Nov 01 2004 Dan Walsh <dwalsh at redhat.com> 1.17.37-1

- Merge with upstream

* Fri Oct 29 2004 Dan Walsh <dwalsh at redhat.com> 1.17.36-3

- Eliminate ability to read tmp_t lnk_files

* Thu Oct 28 2004 Dan Walsh <dwalsh at redhat.com> 1.17.36-2

- Add ability to specify port to can_tcp_network

* Wed Oct 27 2004 Dan Walsh <dwalsh at redhat.com> 1.17.36-1

- Break out can_network in to can_tcp_network and can_udp_network
- Add lots of nscd_client_domain

* Tue Oct 26 2004 Dan Walsh <dwalsh at redhat.com> 1.17.35-2

- Add russells patch for ntpdate
- Add Colins batch for dbus_macro

* Tue Oct 26 2004 Dan Walsh <dwalsh at redhat.com> 1.17.35-1

- New fixes for fowner in setfiles and restorecon

* Mon Oct 25 2004 Dan Walsh <dwalsh at redhat.com> 1.17.34-2

- Fix spec file

* Mon Oct 25 2004 Dan Walsh <dwalsh at redhat.com> 1.17.34-1

- Update to latest from NSA

* Wed Oct 20 2004 Dan Walsh <dwalsh at redhat.com> 1.17.33-2

- Add some squid fixes and add disable_games boolean

* Tue Oct 19 2004 Dan Walsh <dwalsh at redhat.com> 1.17.33-1

- Update to latest from NSA
- Add apache unified patch

* Mon Oct 18 2004 Dan Walsh <dwalsh at redhat.com> 1.17.32-2

- fixes for nscd
- Fixes for /var/run file contexts

* Wed Oct 13 2004 Dan Walsh <dwalsh at redhat.com> 1.17.32-1

- Latest from NSA

* Wed Oct 13 2004 Dan Walsh <dwalsh at redhat.com> 1.17.31-2

- Begin fixing bugs when turning off unlimitedinitrc

* Wed Oct 13 2004 Dan Walsh <dwalsh at redhat.com> 1.17.31-1

- Small fixes to cleanup reboot
- FTP RLOGIN RSH
- Update with NSA


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

b79480b684832bb23f13e0d9095b57d0  
SRPMS/selinux-policy-strict-1.19.10-2.src.rpm
051665978baf976bf96675fcb178c286  
x86_64/selinux-policy-strict-1.19.10-2.noarch.rpm
9f6d91f1aec00ba2e5f6f02384fe2cd3  
x86_64/selinux-policy-strict-sources-1.19.10-2.noarch.rpm
051665978baf976bf96675fcb178c286  
i386/selinux-policy-strict-1.19.10-2.noarch.rpm
9f6d91f1aec00ba2e5f6f02384fe2cd3  
i386/selinux-policy-strict-sources-1.19.10-2.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list


More information about the UCI-Linux mailing list