A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com. This release reflects the git repository restructuring for core/contrib modules[1].
The complete change log for this release follows at the end of the email.
For people interested in helping Reference Policy development, the X desktop and role separation needs testing, in addition to general testing.
[1] http://oss.tresys.com/pipermail/refpolicy/2011-September/004619.html
* Wed Feb 15 2012 Chris PeBenito <[email protected]> - 2.20120215
- Sshd usage of mkhomedir_helper via oddjob, from Sven Vermeulen.
- Add slim and lxdm file contexts to xserver, from Sven Vermeulen.
- Add userdom interfaces for user application domains, user tmp files,
and user tmpfs files.
- Asterisk administration fixes from Sven Vermeulen.
- Fix makefiles to install files with the correct DAC permissions if the
umask is not 022.
- Remove deprecated support macros.
- Remove rolemap and per-role template support.
- Change corenetwork port declaration to apply the reserved port type
attribute only, when the type has ports above and below 1024.
- Change secure_mode_policyload to disable only toggling of this Boolean
rather than disabling all Boolean toggling permissions.
- Use role attributes to assist with domain transitions in interactive
programs.
- Milter ports patch from Paul Howarth.
- Separate portage fetch rules out of portage_run() and portage_domtrans()
from Sven Vermeulen.
- Enhance corenetwork network_port() macro to support ports that do not have
a well defined port number, such as stunnel.
- Opendkim support in dkim module from Paul Howarth.
- Wireshark updates from Sven Vermeulen.
- Change secure_mode_insmod to control sys_module capability rather than
controlling domain transitions to insmod.
- Openrc and portage updates from Sven Vermeulen.
- Allow user and role changes on dynamic transitions with the same
constraints as regular transitions.
- New git service features from Dominick Grift.
- Corenetwork policy size optimization from Dan Walsh.
- Silence spurious udp_socket listen denials.
- Fix unexpanded MLS/MCS fields in monolithic seusers file.
- Type transition fix in Postgresql database objects from KaiGai Kohei.
- Support for file context path substitutions (file_contexts.subs).
- Added contrib modules:
glance (Dan Walsh)
rhsmcertd (Dan Walsh)
sanlock (Dan Walsh)
sblim (Dan Walsh)
uuidd (Dan Walsh)
vdagent (Dan Walsh)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com