[refpolicy] ANN: Reference Policy Release

Christopher J. PeBenito cpebenito at tresys.com
Wed Feb 15 14:19:20 CST 2012


A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com.  This release reflects the git repository restructuring for core/contrib modules[1].

The complete change log for this release follows at the end of the email.

For people interested in helping Reference Policy development, the X desktop and role separation needs testing, in addition to general testing.

[1] http://oss.tresys.com/pipermail/refpolicy/2011-September/004619.html

* Wed Feb 15 2012 Chris PeBenito <selinux at tresys.com> - 2.20120215
- Sshd usage of mkhomedir_helper via oddjob, from Sven Vermeulen.
- Add slim and lxdm file contexts to xserver, from Sven Vermeulen.
- Add userdom interfaces for user application domains, user tmp files,
  and user tmpfs files.
- Asterisk administration fixes from Sven Vermeulen.
- Fix makefiles to install files with the correct DAC permissions if the
  umask is not 022.
- Remove deprecated support macros.
- Remove rolemap and per-role template support.
- Change corenetwork port declaration to apply the reserved port type
  attribute only, when the type has ports above and below 1024.
- Change secure_mode_policyload to disable only toggling of this Boolean
  rather than disabling all Boolean toggling permissions.
- Use role attributes to assist with domain transitions in interactive
  programs.
- Milter ports patch from Paul Howarth.
- Separate portage fetch rules out of portage_run() and portage_domtrans()
  from Sven Vermeulen.
- Enhance corenetwork network_port() macro to support ports that do not have
  a well defined port number, such as stunnel.
- Opendkim support in dkim module from Paul Howarth.
- Wireshark updates from Sven Vermeulen.
- Change secure_mode_insmod to control sys_module capability rather than
  controlling domain transitions to insmod.
- Openrc and portage updates from Sven Vermeulen.
- Allow user and role changes on dynamic transitions with the same
  constraints as regular transitions.
- New git service features from Dominick Grift.
- Corenetwork policy size optimization from Dan Walsh.
- Silence spurious udp_socket listen denials.
- Fix unexpanded MLS/MCS fields in monolithic seusers file.
- Type transition fix in Postgresql database objects from KaiGai Kohei.
- Support for file context path substitutions (file_contexts.subs).
- Added contrib modules:
        glance (Dan Walsh)
        rhsmcertd (Dan Walsh)
        sanlock (Dan Walsh)
        sblim (Dan Walsh)
        uuidd (Dan Walsh)
        vdagent (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com



More information about the refpolicy mailing list