Lucid SELinux Policy Update

Bug #568744 reported by Steve Lawrence on 2010-04-22
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
refpolicy-ubuntu (Ubuntu)
Medium
Kees Cook
Lucid
Medium
Kees Cook
selinux (Ubuntu)
Medium
Kees Cook
Lucid
Medium
Kees Cook

Bug Description

Attached are two patches to update the SELinux policy for Ubuntu Lucid
Lynx.

The first patch applies to the repolicy-ubuntu package. This updates the
policy to the latest reference policy (2.20091117) and updates the
debian/patches to fix ubunutu specific policy issues. The majority of
the issues revolved around dbus starting various processes and ensuring
they transition to the correct domain.

The second patch applies to the selinux package. This adds two upstart
scripts to ensure that /var/run and /var/lock are relabeled once they
are mounted so they get the correct labels (var_run_t and var_lock_t
instead of tmpfs_t).

Steve Lawrence (slawrence) wrote :
Steve Lawrence (slawrence) wrote :
Kees Cook (kees) on 2010-04-23
summary: - SELinux Policy Update
+ Lucid SELinux Policy Update
Kees Cook (kees) wrote :

Great! I've updated the packaging for refpolicy-ubuntu to use the upstream bz2 file, and tweaked the selinux restorecon calls a little more. These changes make a large positive difference on the boot warnings now; down to just a handful instead of hundreds. Thanks!

Kees Cook (kees) wrote :

Regression potential is low, since it doesn't actually work very well without these updates.

Changed in selinux (Ubuntu):
status: New → Fix Committed
Changed in refpolicy-ubuntu (Ubuntu):
status: New → Fix Committed
assignee: nobody → Kees Cook (kees)
Changed in selinux (Ubuntu):
assignee: nobody → Kees Cook (kees)
importance: Undecided → Medium
Changed in refpolicy-ubuntu (Ubuntu):
importance: Undecided → Medium
Changed in selinux (Ubuntu Lucid):
milestone: none → ubuntu-10.04
Changed in refpolicy-ubuntu (Ubuntu Lucid):
milestone: none → ubuntu-10.04
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package selinux - 1:0.9

---------------
selinux (1:0.9) lucid; urgency=low

  * mounted-var{run,lock}.upstart, Makefile: add more restorecon
    calls for tmpfs filesystems, thanks to Stephen Lawrence (LP: #568744).
 -- Kees Cook <email address hidden> Thu, 22 Apr 2010 16:58:14 -0700

Changed in selinux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package refpolicy-ubuntu - 0.2.20091117-0ubuntu1

---------------
refpolicy-ubuntu (0.2.20091117-0ubuntu1) lucid; urgency=low

  * New upstream release, converted to source format 3.
  * Updated Ubuntu-specific patches thanks to Steve Lawrence (LP: #568744).
  * Extracted Makefile change to debian/patches/bashisms.patch.
 -- Kees Cook <email address hidden> Thu, 22 Apr 2010 17:10:43 -0700

Changed in refpolicy-ubuntu (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers