On Fri, 2005-07-01 at 16:07 -0400, David Jones wrote: > --------------------------------------------------------------------- > Fedora Test Update Notification > FEDORA-2005-512 > 2005-07-01 > --------------------------------------------------------------------- > > Product : Fedora Core 3 > Name : kernel > Version : 2.6.12 > Release : 1.1369_FC3 > Summary : The Linux kernel (the core of the Linux operating system) > Description : > The kernel package contains the Linux kernel (vmlinuz), the core of any > Linux operating system. The kernel handles the basic functions > of the operating system: memory allocation, process allocation, device > input and output, etc. > > This rebase to 2.6.12.2 touches a *lot* of code, so needs quite a bit > of testing before I'm comfortable to push this out as an official FC3 > update. However at the same time, FC3 has been deprived of updates for > a while, so this shouldn't languish in -testing longer than necessary. > > Of particular interest to look out for in this test kernel are any > SELinux/audit warnings that appear. The latest policy updates for FC3 > seem to be safe from my limited testing so far, but it could be that > there's something missing that made it into the FC4 branch only. > > Have fun.. With regard to SELinux, I'd expect the following changes in behavior in 2.6.12: - name_connect permission checks on outbound TCP connections. Likely needs to be added to the FC3 policy. - kernel binary policy format version updated to 19. /sbin/init should correctly fall back to the policy.18 file when it sees that policy.19 does not exist in FC3, but the policy spec file and Makefile may need updating to likewise not just use /selinux/policyvers. - migration of task pid/exe logging from SELinux avc to the audit framework, motivated by the dcache deadlock on exe logging. Means that we may need to tell people to enable syscall auditing via auditctl -e 1 or booting their kernel with audit=1 to recapture that information for avc denials when they report them. There were also some changes to the netlink-related checking and audit checking, but I doubt that will have an impact on FC3. -- Stephen Smalley National Security Agency -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list