* [gentoo-hardened] SELinux base policy rev 6 in hardened-dev
@ 2011-11-12 21:25 Sven Vermeulen
0 siblings, 0 replies; 2+ messages in thread
From: Sven Vermeulen @ 2011-11-12 21:25 UTC (permalink / raw
To: gentoo-hardened
Hi all,
I have pushed out an update on the SELinux policies in hardened-dev. The
changes include:
- #389579 (Mismatch on amavisd.conf context)
- #389917 (Allow resource management from within inetd -> pam_limits
support)
- #388875 (bootmisc init script test-writes directories in /var/log)
- #389569 (nagios updates, such as raid checking & mounted dir attributes)
- <no bug> (Added selinux-uwimap build as requested on mailinglist)
- <no bug> (gcc-config needs to manage etc_runtime_t files)
- <no bug> (gcc-config needs access to nfs_t if Portage tree is on NFS)
- <upstream> (Updated VDE patch to match upstream style)
I have also cleaned out our previous policies in the main portage tree
(those before 2.20110627) which was quite some work (removal itself doesn't
take that much time, but verifying that one isn't going to break systems is)
but I'm glad that is now done.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 2+ messages in thread
* [gentoo-hardened] SELinux base policy rev 6 in hardened-dev
@ 2012-03-29 18:36 Sven Vermeulen
0 siblings, 0 replies; 2+ messages in thread
From: Sven Vermeulen @ 2012-03-29 18:36 UTC (permalink / raw
To: gentoo-hardened
Hiya folks
I just pushed a small update to the SELinux policies to hardened-dev
overlay. This includes the following fixes on top of rev 5:
#405425 Allow syslog-ng to getsched capability (needed for its new threading implementation)
<no bug> Do not audit sys_admin capability for dhcpc (in sysnetwork)
<no bug> Allow sys_admin capability for init scripts (modify sysctl settings)
If there are no vital issues on this the next day or so, I'll start moving
stuff to the main tree (~arch'ed) in the course of this weekend.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-03-29 18:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-12 21:25 [gentoo-hardened] SELinux base policy rev 6 in hardened-dev Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2012-03-29 18:36 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox