#1657 Please update SELinux policy for F11 to selinux-policy-3.6.12-21.fc11
Closed: Fixed None Opened 14 years ago by dwalsh.

These are the fixes that have been added since the last release for F11.

Major fixes for libvirt. Also lots of fixes for removing unconfined.pp domain. Allowing nfs to share removable media, is also a big fix.

Biggest risk is that we were not running readahead in a confined domain before since it moved from /usr/sbin/readahead to /sbin/readahead. I have had three testers running with updated policy and we believe we have fixed all the problems with readahead.

  • Allow confined users to manace virt_content_t, since this is home dir content
  • Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection
  • Fix labeling on /var/lib/misc/prelink*
  • Allow xserver to rw_shm_perms with all x_clients
  • Allow prelink to execute files in the users home directory
  • Allow initrc_t to delete dev_null
  • Allow readahead to configure auditing
  • Fix milter policy
  • Add /var/lib/readahead
  • Update to latest milter code from Paul Howarth
  • Additional perms for readahead
  • Allow pulseaudio to acquire_svc on session bus
  • Fix readahead labeling
  • Allow sysadm_t to run rpm directly
  • libvirt needs fowner
  • Allow sshd to read var_lib symlinks for freenx
  • Allow nsplugin unix_read and write on users shm and sem
  • Allow sysadm_t to execute su
  • Dontaudit attempts to getattr user_tmpfs_t by lvm
  • Allow nfs to share removable media

Hold off on this, we have just found an upgrade problem. Which might exist in the -9 policy package also.

selinux-policy-3.6.12-23.fc11
Has fixed the problem. So can we get this package updated.

Without this package F9,F10 updates will fail I believe.

As well as updates of the Beta

Metadata Update from @dwalsh:
- Issue set to the milestone: Fedora 11 Final

7 years ago

Login to comment on this ticket.

Metadata