FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 03-22-2012, 06:28 PM
Sven Vermeulen
 
Default SELinux base policy rev 5 in hardened-dev

Hi guys,

I've pushed rev 5 of the base policy (and selinux-dhcp) to the hardened-dev
overlay. This one contains the following changes since rev 4:

<no bug> Do not audit getattr/search on user_home_dir_t stuff from within portage_fetch_t
<no bug> Do not audit getattr on udev netlink_kobject_uevent_sockets and unix_stream_sockets from within initrc (bootmisc)
<no bug> Allow init scripts (bootmisc) to clean up /tmp location
<no bug> Allow init scripts to delete stale syslog control sockets
<no bug> Allow bootmisc to mkdir/rmdir in /var/lib
<no bug> Allow mount to setsched on kernel_t
<no bug> Mark the selinuxfs mounts as mountpoints
<no bug> Do not audit searches by mount on unlabeled_t before it mounts on them
#389425 Update patch for DHCP regarding binding to generic UDP ports
<no bug> Support integrated run_init properly again
<no bug> Add in references to sysfs where SELinux access is used (dev_getattr_sysfs_fs)
<no bug> Mark /lib/rc/console as initrc_state_t to allow bootup to remove stale files in there
<no bug> Do not attempt to update base in selinux-base, wait for selinux-base-policy
<no bug> Allow nginx_t to list the content of its configuration directories
<no bug> Mark /var/lib/ip6tables as initrc_tmp_t to allow init script to save/restore

This is the first candidate for pushing to main tree (of the 20120215 policy
series). If there are no particular blockers in a few days, I'll do that
(and also do the last stabilization on the 20110726 series).

In the mean time, I'm going to start pushing out patches upstream so if
refpolicy wants some patches structured differently, I'll update them in our
tree as well.

Wkr,
Sven Vermeulen
 

Thread Tools




All times are GMT. The time now is 04:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org