From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RZjmZ-0005R2-HZ for garchives@archives.gentoo.org; Sun, 11 Dec 2011 13:49:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D39CF21C067; Sun, 11 Dec 2011 13:49:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CFE0621C03F for ; Sun, 11 Dec 2011 13:48:38 +0000 (UTC) Received: by smtp.gentoo.org (Postfix, from userid 617) id 6816B1B4010; Sun, 11 Dec 2011 13:48:38 +0000 (UTC) Date: Sun, 11 Dec 2011 13:48:38 +0000 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] SELinux base policy rev 8 in hardened-dev Message-ID: <20111211134838.GA29285@gentoo.org> Mail-Followup-To: gentoo-hardened@gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 51cfaeeb-e2ad-46b5-9602-72d9ff432579 X-Archives-Hash: b11ef32142076034abd0616e373361da Hi guys, I just pushed rev 8 of selinux-base-policy (and the various policy modules that have changes in them since rev 7). The included changes are: - dontaudit statements for portage (netlink_route_socket) - update file contexts to support slim and lxdm - fix syntax issue with mutt - initial set of fixes for fail2ban (more to come though) - update on gorg policy - update on XDG definitions (mozilla) - dontaudit on mount_t write/setattr on mountpoints - dontaudit creation of socket by qemu - dontaudit sudo searching in home dirs - dontaudit vde searching in home dirs - mark portage_ebuild_t as a mountpoint - have selinux-telnet depend on selinux-remotelogin There are also a couple of module packages who referred to a non-existing module. These have been updated to properly depend on the correct module package. For the SELinux fans, the SELinux FAQ and SELinux Handbook have also seen a few updates, not in the least about supporting non-hardened profiles with SELinux. The SELinux bug reporting guide has also been uploaded. http://hardened.gentoo.org/selinux I'm also adding the proper dependencies on the packages towards the sec-policy/selinux- as mentioned on gentoo-dev@g.o. I'm doing that as I see them pass by currently, but will probably do a larger bump later. Also, there's a bug open for the base-system to have sudo built with --with-selinux to enable SELinux support in sudo (out-of-the-box). Wkr, Sven Vermeulen