Back again with the spamming "SELinux base policy rev ## in hardened-dev"
mails, but now for the 2.20120215 policies.
Changes since rev 2:
<no bug> Allow sysadm to call qemu directly to launch virtual guests from commandline
<no bug> Allow su to get the security file system attributes, needed for su calls
#401857 Set /usr/share/GNUstep/Makefiles/*.sh (and mkinstalldirs) as #bin_t t allow building gnustep-base
#403143 Add TCP 3128 as http_cache_port_t (default port for squid cache)
<no bug> Update usermanage/selinux util role attributes to include the proper types
<no bug> Allow mount to get the security file system attributes, needed for rootcontext mounts
There is still an issue that amade on #gentoo-hardened reported, that is
that our integrated run_init support in the init scripts is suddenly not
working anymore. I'm too tired to look at that right now, so that'll be for
Point is, I *think* we need to have a role transition between run_init_t and
initrc_t, but it shouldn't be automated (SELinux supports automated role
transitions, but then we would switch roles the moment we touch /sbin/rc,
which is also the case when we run rc-config and the like, in many cases
where we need to remain in the current role).
Or, in the notation @@ = execute, --> = transition: