---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-502
2004-12-02
---------------------------------------------------------------------
Product : Fedora Core 3
Name : selinux-policy-strict
Version : 1.19.10
Release : 2
Summary : SELinux strict policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.
---------------------------------------------------------------------
Update Information:
Update to latest version in rawhide, since this is what is being used by
the SELinux community for strict policy
---------------------------------------------------------------------
* Thu Dec 02 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-10-2
- Bump for FC3
* Thu Dec 02 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-10-1
- Update to latest from NSA
- Fix tty devices from IBM Platforms
* Thu Dec 02 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-9-1
- Update to add execmem and execmod
* Wed Dec 01 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-8-4
- Allow boolloader to can_exec_any
* Wed Dec 01 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-8-3
- Add ipx support
- Fix portmap
* Tue Nov 30 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-8-2
- Make htdig work
* Tue Nov 30 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-8-1
- Cleanup several network_client calls
- Update from upstream
* Tue Nov 30 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-7-2
- Remove root_dir_type, fix hotplug
* Tue Nov 30 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-7-1
- Update to Upstream
* Mon Nov 29 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-6-1
- Update to Upstream
* Wed Nov 24 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-5-1
- Update to Upstream
- Convert to new network_macros.te
* Tue Nov 23 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-4-4
- Add proc_net for unconfined_t
* Mon Nov 22 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-4-3
- Fix location of selinuxenabled
* Mon Nov 22 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-4-2
- Add some rules to allow httpd_sys_content_t to access to httpdcontent
if httpd_unified is set
o* Sun Nov 21 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-4-1
- Upgrade to match upstream
- Require policycoreutils
* Fri Nov 19 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-3-1
- Upgrade to upstream
- Add fixes for postgres and apache
* Thu Nov 18 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-2-1
- Upgrade to upstream
* Wed Nov 17 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-14
Add back in zebra
* Wed Nov 17 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-13
- don't transition from sysadm_t (unconfined_t) to system_mail_t when
executing sendmail in targeted policy
* Wed Nov 17 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-12
- Fixes for crond fifo file, httpd_unified, and cups
* Tue Nov 16 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-11
- Fixed for /dev/pmu and printconf
* Tue Nov 16 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-10
- Add boolean to allow httpd to communicate with tty
* Sat Nov 13 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-9
- Minor fixes
- Add postgresql.te to targeted
* Fri Nov 12 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-8
- tighten security on squirrelmail
* Fri Nov 12 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-7
- Fixes to get squirrelmail working in targeted policy
* Thu Nov 11 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-6
- Remove unwanted te files to make policy smaller
* Thu Nov 11 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-5
- Add allow_kerberos for targeted policy and fix ntpd for targetd
* Wed Nov 10 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-4
- Fix mysql.te
* Wed Nov 10 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-3
- Cleanup of Dovecot and squirrelmail
* Wed Nov 10 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-2
- Allow httpd to read bin_t lnk_files
* Tue Nov 09 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.19-1-1
- Update from NSA
* Mon Nov 08 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.2-4
- Add /dev/pmu and privoxy fixes
* Mon Nov 08 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.2-3
- Complete lockdev and test with mincom
* Sat Nov 06 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.2-2
- Add preliminary lockdev defs
* Sat Nov 06 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.2-1
- Allow gpg to read/write user homedir files
* Sat Nov 06 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.2-1
- Merge with upstream
- Allow users to read xdm pid files
- Allow sysadm_t to communicate with xdm fifo file.
* Thu Nov 04 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.1-3
- ooffice is crashing because it needs to getattr on a dri device.
* Wed Nov 03 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.1-2
- Eliminate single user domain
* Tue Nov 02 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.18.1-1
- Update from NSA
* Tue Nov 02 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.37-2
- Many fixes for tighter can_network policy and nscd_client_domain
* Mon Nov 01 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.37-1
- Merge with upstream
* Fri Oct 29 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.36-3
- Eliminate ability to read tmp_t lnk_files
* Thu Oct 28 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.36-2
- Add ability to specify port to can_tcp_network
* Wed Oct 27 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.36-1
- Break out can_network in to can_tcp_network and can_udp_network
- Add lots of nscd_client_domain
* Tue Oct 26 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.35-2
- Add russells patch for ntpdate
- Add Colins batch for dbus_macro
* Tue Oct 26 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.35-1
- New fixes for fowner in setfiles and restorecon
* Mon Oct 25 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.34-2
- Fix spec file
* Mon Oct 25 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.34-1
- Update to latest from NSA
* Wed Oct 20 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.33-2
- Add some squid fixes and add disable_games boolean
* Tue Oct 19 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.33-1
- Update to latest from NSA
- Add apache unified patch
* Mon Oct 18 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.32-2
- fixes for nscd
- Fixes for /var/run file contexts
* Wed Oct 13 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.32-1
- Latest from NSA
* Wed Oct 13 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.31-2
- Begin fixing bugs when turning off unlimitedinitrc
* Wed Oct 13 2004 Dan Walsh <dwalsh@xxxxxxxxxx> 1.17.31-1
- Small fixes to cleanup reboot
- FTP RLOGIN RSH
- Update with NSA
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
b79480b684832bb23f13e0d9095b57d0
SRPMS/selinux-policy-strict-1.19.10-2.src.rpm
051665978baf976bf96675fcb178c286
x86_64/selinux-policy-strict-1.19.10-2.noarch.rpm
9f6d91f1aec00ba2e5f6f02384fe2cd3
x86_64/selinux-policy-strict-sources-1.19.10-2.noarch.rpm
051665978baf976bf96675fcb178c286
i386/selinux-policy-strict-1.19.10-2.noarch.rpm
9f6d91f1aec00ba2e5f6f02384fe2cd3
i386/selinux-policy-strict-sources-1.19.10-2.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
