[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

new SE Linux policy for Lenny

The changes allow Postfix to be almost entirely functional (I'm testing 
another update for the Postfix package postinst script).  It allows Postfix 
to work with SpamAssassin, allows dictd to work, makes installation faster 
(an issue of complaint on Debian-devel), fixed the labelling for udev (needed 
for a "strict" configuration to boot), and fixed some minor problems with 
courier and Apache.

While this will hopefully not be the last update before Lenny gets entirely 
frozen (unless I run out of time), it's a significant improvement and it 
would be good to get it approved now.

refpolicy (2:0.0.20080702-8) unstable; urgency=low

  * Made the postinst faster on machines with small amounts of memory.  5%
    improvement on AMD64 with 64M of RAM.  Not sure how much benefit it might
    give for a NSLUG.
  * Allowed dictd to create pid file.
  * Allowed mcstransd to getcap.
  * Revert part of the change from 2:0.0.20080702-7, we don't want /etc/init.d
    scripts running as run_init_t.
    Closes: #498965
  * Makes Postfix work correctly.
    Closes: #473043
  * Allow $1_mail_t to read proc_t:file (for Postfix).

 -- Russell Coker <russell@coker.com.au>  Fri, 12 Sep 2008 10:51:01 +1000

refpolicy (2:0.0.20080702-7) unstable; urgency=low

  * Polish updates, added labelling for /lib/udev/create_static_nodes,
    /var/log/prelink.log, and corrected labelling for /var/run/kdm
  * Made Postfix work with unconfined_t.
  * Made spamass-milter run in the spamd_t domain, and allow postfix_smtpd_t
    to talk to it.
  * Labelled /var/cache/sqwebmail and allowed courier_sqwebmail_t to access 
    Also allowed courier_sqwebmail_t to access /dev/urandom.
  * Allowed courier-pop and apache to access unconfined home directories.
  * Changed the policy for /var/cache/ldconfig to match upstream.
  * Allowed unconfined_t to run run_init.

Reply to: