SELinux base policy 2.20120725 rev 1 in hardened-dev overlay
 

Hi girls & guys,

Revision 1 of the 2.20120725 policy is now in the hardened-dev overlay. It
contains the following fixes:

<no bug> Large update on browser support: alsa, java, introduce flash, xdg
<no bug> Merge of 2.20120726 (bumping of module versions and coding style updates)
<no bug> Backport: rename epollwakeup to block_suspend to match naming in Linux 3.5
<no bug> Backport changes for nslcd
#427750 Allow init to create /run/mysqld directoriy
<no bug> Add fifo_file access for mozilla_t to mozilla_tmp_t (needed for icedtea-appletviewer-to-plugin)
#412637 Add in policy for chromium

Wkr,
Sven Vermeulen

SELinux base policy 2.20120725 rev 1 in hardened-dev overlay
 

On 7/28/12 11:31 AM, Sven Vermeulen wrote:
> #412637 Add in policy for chromium

Just a note from one of chromium maintainers here: please give it a try
even if you don't use chromium as your main browser. Writing policies
for client-side software is not really easy, so the more systems this
can be tested on, the better (that includes users' expectations).

Thanks,
Paweł

SELinux base policy 2.20120725 rev 1 in hardened-dev overlay
 

On Tue, Jul 31, 2012 at 04:52:24PM +0200, "Paweł Hajdan, Jr." wrote:
> On 7/28/12 11:31 AM, Sven Vermeulen wrote:
> > #412637 Add in policy for chromium
>
> Just a note from one of chromium maintainers here: please give it a try
> even if you don't use chromium as your main browser. Writing policies
> for client-side software is not really easy, so the more systems this
> can be tested on, the better (that includes users' expectations).

For those interested, the current policy (the one that will be in rev 2 as
it contains a few minor changes still) can also be seen online at
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=blob;f=policy/modules/contrib/chromium.te

Wkr,
Sven Vermeulen