FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 12-30-2011, 07:02 PM
Sven Vermeulen
Default SELinux base policy rev 10 in hardened-dev

Hi guys,

Assuming you don't kill me for not using hexadecimal notations, rev 10 is
now out right after rev 9. Revision 10 of selinux-base-policy comes with
fixes for the following:

- <bug #389577> Fix fail2ban issues
- <bug #396331> Allow mkhomedir_helper to work
- <bug #396241> Add a bacula policy
- <no bug> Fix postfix startup issue (can't create files when started immediately in enforcing mode)
- <no bug> Dont audit unix_stream_socket stuff for sending mails

The push comes with sec-policy/selinux-bacula and sec-policy/selinux-oddjob.
Once these are in the Portage tree, the necessary dependencies will be added
as well (can't do that as long as they're not in of course).

With this push, I also brought out policycoreutils-2.1.0-r2.

I would **really** appreciated people telling me when they have upgraded
their policycoreutils package and seen anything (or nothing). The package
updates the newrole issue we had earlier (bug #375475) but also adds the
IUSE="pam audit" parameters to support bug #393401.

As long as you USE="pam" all should be okay. Dropping this will cause issues
with the current policy as applications now suddenly need access to shadow_t
and such (whereas this was previously nicely shielded off through the PAM
helpers). I don't know how to handle this case yet. I can definitely start
updating the policies so they work without PAM, but I'd first like to know
if there are people using SELinux without PAM...

Sven Vermeulen

Thread Tools

All times are GMT. The time now is 12:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org