Hi Everybody,
I'll push builds with updated SELinux security policy into Rawhide soon,
this build will remove unnecessary dac_override capability in domains
where it's not needed. Because of this change, we're able to remove a
lot of unnecessary rules allowing dac_override, which means tightened
security in whole Fedora from SELinux POV.
This change will be part of build: selinux-policy-3.13.1-288.fc28.noarch
Tracker bug is here:
https://bugzilla.redhat.com/show_bug.cgi?id=1494520
This may result in some AVCs related to missing DAC_OVERRIDE capability.
Feel free to create a bugzilla or add AVCs to this issue on github:
https://github.com/fedora-selinux/selinux-policy/issues/200
I'll be lurking around fedora rawhide bugs very often and I'm ready to
fix all these bugs asap also with new builds.
Feel free to use selinux-policy nightly builds to get fixes ASAP:
https://copr.fedorainfracloud.org/coprs/lvrabec/selinux-policy-nightly/
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx