Back to refpolicy PTS page

Accepted refpolicy 2:2.20140421-9 (source all) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 06 Feb 2015 02:31:05 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140421-9
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russell@coker.com.au>
Description:
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Changes:
 refpolicy (2:2.20140421-9) unstable; urgency=medium
 .
   * Allow dovecot_t to read /usr/share/dovecot/protocols.d
     Allow dovecot_t capability sys_resource
     Label /usr/lib/dovecot/* as bin_t unless specified otherwise
     Allow dovecot_auth_t to manage dovecot_var_run_t for auth tokens
   * Allow clamd_t capability { chown fowner fsetid }
     Allow clamd_t to read sysctl_vm_t
   * Allow dkim_milter_t capability dac_override and read sysctl_vm_t
     allow dkim_milter_t to bind to unreserved UDP ports
   * Label all hard-links of perdition perdition_exec_t
     Allow perdition to read /dev/urandom and capabilities dac_override, chown,
     and fowner
     Allow perdition file trans to perdition_var_run_t for directories
     Also proxy the sieve service - sieve_port_t
     Allow connecting to mysql for map data
   * Allow nrpe_t to read nagios_etc_t and have capability dac_override
   * Allow httpd_t to write to initrc_tmp_t files
     Label /var/lib/php5(/.*)? as httpd_var_lib_t
   * Allow postfix_cleanup_t to talk to the dkim filter
     allow postfix_cleanup_t to use postfix_smtpd_t fds (for milters)
     allow postfix_smtpd_t to talk to clamd_t via unix sockets
     allow postfix_master_t to execute hostname for Debian startup scripts
   * Allow unconfined_cronjob_t role system_r and allow it to restart daemons
     via systemd
     Allow system_cronjob_t to unlink httpd_var_lib_t files (for PHP session
     cleanup)
   * Allow spamass_milter_t to search the postfix spool and sigkill itself
     allow spamc_t to be in system_r for when spamass_milter runs it
   * Allow courier_authdaemon_t to execute a shell
   * Label /usr/bin/maildrop as procmail_exec_t
     Allow procmail_t to connect to courier authdaemon for the courier maildrop,
     also changed courier_stream_connect_authdaemon to use courier_var_run_t
     for the type of the socket file
     Allow procmail_t to read courier config for maildrop.
   * Allow system_mail_t to be in role unconfined_r
   * Label ldconfig.real instead of ldconfig as ldconfig_exec_t
   * Allow apt_t to list directories of type apt_var_log_t
   * Allow dpkg_t to execute dpkg_tmp_t and load kernel modules for
     dpkg-preconfigure
   * Allow dpkg_script_t to create udp sockets, netlink audit sockets, manage
     shadow files, process setfscreate, and capabilities audit_write net_admin
     sys_ptrace
   * Label /usr/lib/xen-*/xl as xm_exec_t
Checksums-Sha1:
 6ac7a2a56b0203e51667c87daa961c41f3b4d462 2398 refpolicy_2.20140421-9.dsc
 dd1941f462cce86ef0c06a43d0023bb9b522e640 82372 refpolicy_2.20140421-9.debian.tar.xz
 ea8774413457a635858ba28dfe9e8f4a9190defb 2818670 selinux-policy-default_2.20140421-9_all.deb
 dec1f80581a2b3f27cb925b1c9036ab8da6b0a1b 2873588 selinux-policy-mls_2.20140421-9_all.deb
 6edcee2d79501c45f0f9c0b06fdd6d353c155456 1199346 selinux-policy-src_2.20140421-9_all.deb
 36f9a87039a57a0b1224e1a620b4e3e94167ce5f 440406 selinux-policy-dev_2.20140421-9_all.deb
 d1ef508db03f76f34b2a702fb798c834ed93c691 417484 selinux-policy-doc_2.20140421-9_all.deb
Checksums-Sha256:
 6ea68faf19973309cc52729075134d846ef6e3d1ef1d309e00fd1176b1ff8eba 2398 refpolicy_2.20140421-9.dsc
 a12cf7892cdfdb3ee851469731d655892d519d4797b7e3e2e6568e2305f7d888 82372 refpolicy_2.20140421-9.debian.tar.xz
 178f40e6c4768cdb72ba90070f58c0cc661267afa34d58121d713de44bce44c8 2818670 selinux-policy-default_2.20140421-9_all.deb
 275e3cc831137634d79a61fbfd104385dc45fad12dc98c5a22ba210f7de75957 2873588 selinux-policy-mls_2.20140421-9_all.deb
 ba71cb7bfb89fafa58a5ad9aa13cd3fa0f2c63b485170ed785f1d70dd760b51c 1199346 selinux-policy-src_2.20140421-9_all.deb
 c9520db329d53cfaef9eee7d4ea0c4237b4c082a1e9a93e261971b4a612e2106 440406 selinux-policy-dev_2.20140421-9_all.deb
 b9bf69c2e40106bf215a478a12d136a15728e0464537b546c14d0a838522e70b 417484 selinux-policy-doc_2.20140421-9_all.deb
Files:
 a50be26a4e92464bd74c37863ebc2b57 2398 admin optional refpolicy_2.20140421-9.dsc
 ad4ee805d2376f7faf4ecf6739656b68 82372 admin optional refpolicy_2.20140421-9.debian.tar.xz
 6cd2df5acd55b444d06c42d202994acf 2818670 admin optional selinux-policy-default_2.20140421-9_all.deb
 19a618621b010e35451b5ef3746dd010 2873588 admin extra selinux-policy-mls_2.20140421-9_all.deb
 4b8bfbd22c568bd91178acefc7264ab5 1199346 admin optional selinux-policy-src_2.20140421-9_all.deb
 306026bad48bd7c264f0717d125c4b07 440406 admin optional selinux-policy-dev_2.20140421-9_all.deb
 e42e48462472215152ad00aecc2f3f6d 417484 doc optional selinux-policy-doc_2.20140421-9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU047iAAoJENFBzTD8S495kLAQAK1uPwA5UbVWGqe2z2yg8qZc
M8cEj5ILmF7t0ftzYiDYq1jyunIPk8w6U2ymhm/fEMJJQNkK7ePyCH6XD2eTWPjQ
mqanqrF7VbqTwVZJWVxqE5GYhYKLcHmyAD9KjyvoXjKgBR/6ZbiLgFO30vfbpWzP
LvV35sW+OJVFsaoAKL+VEyWHaIaw7J0gB6467TCP7zx8U8qHWxqFirhdNixKSp5A
RDesbX4Snk2N3xfc2I2jht1hXb+3s8wAK5Zbrxs9BI1XzLcUa53MNdzKYAaEtcn9
0X0FFmICdW6z1bhYs8+4yh/enuSMjw4rjmggstLui+zZxJ5wTfO+QyXF6PckaQTi
sJVI6zLQ41OG59z7MZovtqwnmEWQHIkis4eX+uoS1iNkbN3sgY5eUC6fljY2y2TD
M73UasgAZNNo3nxU77V2Je118WW+Ea02tSEdNn80xlAQfsC6cBOQoSSOb1tbHDt9
Mm96pRtl+MzhcjtdyujjOWEV01YF1oNCU5etywg58U3nfvZB4IXEUIusmyHDFfQo
sXMj5WKTKHci+UeWAZzyQo47m1qS0cOAwt+aj4CnLIdk187usCrtBjiii0cdP2pF
t44OXT94gA3oIoMo37TZ4AKuZM8Yb0DNeJT725Ep6OD4YdYVW5qxr1jIyOtYE243
iCEe8B/O60n2PfeFOtQr
=DpK+
-----END PGP SIGNATURE-----