Hi guys,
I haven't merged hardened-development overlay with the main tree yet because
I had to make sure that the changes in the policycoreutils wouldn't break
(m)any systems. Since I'm now pushing out rev 11, I'm going to skip merging
rev 10 and focus on the rev 11 instead in a few days.
So yes, the updated policies are now available and include the following
fixes:
bug #397535: Add policy for working with dracut (creating initramfs)
bug #396241: Updates for bacula policy
(no bug): Introduce aggregated types for Apache (needed later to support
phpfpm)
(no bug): Additional dontaudit statements for dbus, mozilla,
networkmanager, wpa_cli, hostname, sysnetwork
(no bug): Do not use java* wildcard in file contexts as it hits
java-config as well then
I'm currently putting most work in getting an initramfs with full SELinux
support (not by forcing unconfined domains or switching to permissive first)
working (through dracut for the moment). Hopefully that'll work in the near
future :-(
Wkr,
Sven Vermeulen
