Greetings! This Tuesday was the "Confined Users" Test Day / Fit&Finish [1] (TD/F&F). Though we expected higher attendance, the results are really valuable. The most valuable outcome of a test day could be a fact that we should bring more attention/people to using/testing SELinux policy and related tools.
Thanks to all who participated and helped with the organization, especially to Dan Walsh who promptly started to resolve reported bugs and already fixed some important issues. Following bugs were reported during the TD/F&F by the participants: ID Summary 529873 Openswan/pluto - AVC denials when starting the ipsec service 529870 SELinux is preventing /usr/bin/python "getattr" access on /home/jlaska/.gvfs. 529871 SELinux is preventing /usr/bin/python "connectto" access on /var/run/nscd/socket. 529758 SELinux is preventing /usr/sbin/sendmail.sendmail "module_request" access. 529803 Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory. 529606 SELinux is preventing /usr/sbin/modem-manager "read write" access to device noz0. 529738 SELinux is preventing /lib64/dbus-1/dbus-daemon-launch-helper "execute" access on /usr/sbin/abrtd. 529827 guest_u user not able to run ps 529830 SELinux failed to limit the authority of execute of user_u 529903 SELinux is preventing bash "create" access. 529911 SELinux is preventing nautilus "read write" access on sr0. 529916 AVCs with confined "mailuser" sending e-mail 529933 SELinux is preventing /usr/sbin/abrtd "setattr" access on .abrt. 529934 SELinux is preventing /usr/sbin/abrtd "write" access on /root. 529951 SELinux is preventing the /bin/loadkeys from using potentially mislabeled files (Documents). 529953 hp cups selinux denial 529961 SELinux is preventing /usr/sbin/abrtd "read" access on Bugzilla.conf. Have a nice day, /Eduard [1] - https://fedoraproject.org/wiki/Test_Day:2009-10-20 [2] - http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html [3] - http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/ -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
