From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 15 Feb 2012 15:19:20 -0500 Subject: [refpolicy] ANN: Reference Policy Release Message-ID: <4F3C1348.4090003@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com. This release reflects the git repository restructuring for core/contrib modules[1]. The complete change log for this release follows at the end of the email. For people interested in helping Reference Policy development, the X desktop and role separation needs testing, in addition to general testing. [1] http://oss.tresys.com/pipermail/refpolicy/2011-September/004619.html * Wed Feb 15 2012 Chris PeBenito - 2.20120215 - Sshd usage of mkhomedir_helper via oddjob, from Sven Vermeulen. - Add slim and lxdm file contexts to xserver, from Sven Vermeulen. - Add userdom interfaces for user application domains, user tmp files, and user tmpfs files. - Asterisk administration fixes from Sven Vermeulen. - Fix makefiles to install files with the correct DAC permissions if the umask is not 022. - Remove deprecated support macros. - Remove rolemap and per-role template support. - Change corenetwork port declaration to apply the reserved port type attribute only, when the type has ports above and below 1024. - Change secure_mode_policyload to disable only toggling of this Boolean rather than disabling all Boolean toggling permissions. - Use role attributes to assist with domain transitions in interactive programs. - Milter ports patch from Paul Howarth. - Separate portage fetch rules out of portage_run() and portage_domtrans() from Sven Vermeulen. - Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel. - Opendkim support in dkim module from Paul Howarth. - Wireshark updates from Sven Vermeulen. - Change secure_mode_insmod to control sys_module capability rather than controlling domain transitions to insmod. - Openrc and portage updates from Sven Vermeulen. - Allow user and role changes on dynamic transitions with the same constraints as regular transitions. - New git service features from Dominick Grift. - Corenetwork policy size optimization from Dan Walsh. - Silence spurious udp_socket listen denials. - Fix unexpanded MLS/MCS fields in monolithic seusers file. - Type transition fix in Postgresql database objects from KaiGai Kohei. - Support for file context path substitutions (file_contexts.subs). - Added contrib modules: glance (Dan Walsh) rhsmcertd (Dan Walsh) sanlock (Dan Walsh) sblim (Dan Walsh) uuidd (Dan Walsh) vdagent (Dan Walsh) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com