Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Hardened
SELinux base policy 2.20120725 rev 8 in hardened-dev overlay
swift at gentoo
Nov 23, 2012, 1:50 PM
Post #1 of 3 (1071 views)
Permalink
Hi all,

Another week has passed, another release of the policies. Again with one
that I find important enough not to have r7 marked as stable (build error on
xguest and rtorrent).

For our own internal bugs, it fixes the following set:

#444006 Build issue with xguest and rtorrent
#443624 tcpdump requires additional SELinux privileges
#443156 sandbox logging is disabled in enforcing mode
#442356 spurious fail2ban avc denials
#440816 qemu sdl frontend on selinux
#440812 new policy for logsentry
#440802 new policy for makewhatis
#441614 openvpn is not able to write to its status log file
#441626 support voicemail in asterisk policy

For future reference, r8 is at commit
d7bd32677c917e760f4df2bdbd0ebf6c3db633fa in the repository (so when r9 comes
out, I can generate the changelog from git ;-)
Re: SELinux base policy 2.20120725 rev 8 in hardened-dev overlay [ In reply to ]
stsander at sblan
Nov 23, 2012, 2:37 PM
Post #2 of 3 (1022 views)
Permalink
On 11/23/2012 02:50 PM, Sven Vermeulen wrote:
> Hi all,
>
> Another week has passed, another release of the policies. Again with one
> that I find important enough not to have r7 marked as stable (build error on
> xguest and rtorrent).
>
> For our own internal bugs, it fixes the following set:
> #441626 support voicemail in asterisk policy
>

I had this on my to investigate and look at further list. Asterisk
wasn't sending the e-mail notifications which is a handy (though not
critical) feature in our setup. Hadn't gotten around to actually doing
it though. Looks like now I can wait until r8 (or higher) hits the
stable tree or add the mta_system_content(asterisk_tmp_t) locally.
Thanks for the great work!!

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

Attached Files:

Re: SELinux base policy 2.20120725 rev 8 in hardened-dev overlay [ In reply to ]
swift at gentoo
Nov 24, 2012, 11:11 AM
Post #3 of 3 (1016 views)
Permalink
On Fri, Nov 23, 2012 at 03:37:42PM -0700, Stan Sander wrote:
> > For our own internal bugs, it fixes the following set:
> > #441626 support voicemail in asterisk policy
> >
>
> I had this on my to investigate and look at further list. Asterisk
> wasn't sending the e-mail notifications which is a handy (though not
> critical) feature in our setup. Hadn't gotten around to actually doing
> it though. Looks like now I can wait until r8 (or higher) hits the
> stable tree or add the mta_system_content(asterisk_tmp_t) locally.
> Thanks for the great work!!

Credits go to Vincent Brillault for the patience he showed while we were
working on a simple yet decent fix on the policies, and the investigation he
did to get to the problem quickly.

Wkr,
Sven Vermeulen

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal