[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    [gentoo-hardened] SELinux base policy rev 5 in hardened-dev
From:       Sven Vermeulen <swift () gentoo ! org>
Date:       2012-03-22 19:28:26
Message-ID: 20120322192826.GA31442 () gentoo ! org
[Download RAW message or body]

Hi guys,

I've pushed rev 5 of the base policy (and selinux-dhcp) to the hardened-dev
overlay. This one contains the following changes since rev 4:

<no bug>        Do not audit getattr/search on user_home_dir_t stuff from within \
portage_fetch_t <no bug>        Do not audit getattr on udev \
netlink_kobject_uevent_sockets and unix_stream_sockets from within initrc (bootmisc) \
<no bug>        Allow init scripts (bootmisc) to clean up /tmp location <no bug>      \
Allow init scripts to delete stale syslog control sockets <no bug>        Allow \
bootmisc to mkdir/rmdir in /var/lib <no bug>        Allow mount to setsched on \
kernel_t <no bug>        Mark the selinuxfs mounts as mountpoints
<no bug>        Do not audit searches by mount on unlabeled_t before it mounts on \
them #389425         Update patch for DHCP regarding binding to generic UDP ports
<no bug>        Support integrated run_init properly again
<no bug>        Add in references to sysfs where SELinux access is used \
(dev_getattr_sysfs_fs) <no bug>        Mark /lib/rc/console as initrc_state_t to \
allow bootup to remove stale files in there <no bug>        Do not attempt to update \
base in selinux-base, wait for selinux-base-policy <no bug>        Allow nginx_t to \
list the content of its configuration directories <no bug>        Mark \
/var/lib/ip6tables as initrc_tmp_t to allow init script to save/restore

This is the first candidate for pushing to main tree (of the 20120215 policy
series). If there are no particular blockers in a few days, I'll do that
(and also do the last stabilization on the 20110726 series).

In the mean time, I'm going to start pushing out patches upstream so if
refpolicy wants some patches structured differently, I'll update them in our
tree as well.

Wkr,
	Sven Vermeulen


[prev in list] [next in list] [prev in thread] [next in thread]