[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please unblock policycoreutils/1.32-2


        This is a release that prevents running setfiles with no file
 path (the file path is a required argument to setfiles) if no
 writeable SELinux capable filesystems exist on the target
 machine. This came up when someone tried to install SELinux o0n a
 machine with just reiserfs filesystems, and reiserfs does not support
 the xattr functionality SELinux uses for setting security labels on
 filesystem object. The fix is just a check to see if any fileststems
 were found, and issueing a diagnostic  if not; this is just a shell
 if()  conditional.

        This upload also changes diagnostic messages (no valid FS),
 changes an audit2allow error message to not mention "rpm" packages,
 updates a man page, and is wholly low risk.

        This does not impact the debian installer.


policycoreutils (1.32-2) unstable; urgency=low

  * Bug fix: "policycoreutils: fixfiles should warn if no suitable fs
    found", thanks to David Härdeman. This was a missing simple check --
    now fixfiles does not attempt to run setfiles on an empty set if it
    did not find a valid directory. Low risk, simple test. (Closes: #397198).
  * Bug fix: "policycoreutils: audit2allow line 135 should refer to debian
    package", thanks to Russell Coker. It now asks the users to install
    the checkpolicy package, not the chckpolicy rpm package. 
                                                           (Closes: #401369).
  * Bug fix: "policycoreutils: patch for semanage.8", thanks to Russell
    Coker. This adds some options that had been missing from the man page.
                                                           (Closes: #406702).
  * Bug fix: "policycoreutils: fixfiles excludes reiserfs", thanks to
    David Härdeman. Actually, it should: Support for atomic inode labeling
    has not been implemented in reiserfs, so there is no SELinux support
    for it.  This is documented in selinux-doc.  Reiser just won't label
    files when they are created making it basically worthless for xattr
    labeling.                                              (Closes: #397196). 

 -- Manoj Srivastava <srivasta@debian.org>  Sun,  4 Mar 2007 00:06:37 -0600

"One can measure the importance of a scientific work by the number of
earlier publications rendered superfluous by it." - David Gilbert%% I
judge a religion as being good or bad based on whether its adherents
become better people as a result of practicing it.- Joe Mullally,
computer salesman
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: