Back to refpolicy PTS page

Accepted refpolicy 2:2.20161023.1-7 (source all) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 12 Jan 2017 18:01:40 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20161023.1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russell@coker.com.au>
Description:
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 740685 781779 849637 850032
Changes:
 refpolicy (2:2.20161023.1-7) unstable; urgency=medium
 .
   [ Laurent Bigonville and cgzones ]
    * Sort the files in the files in the selinux-policy-src.tar.gz tarball by
      name, this should fix the last issue for reproducible build
    * Add genfscon for cpu/online. Closes: #849637
   [ Russell Coker ]
    * Make the boinc patch like the one upstream accepted and make it last in
      the list.
    * Label /etc/sddm/Xsession as xsession_exec_t
    * Label ~/.xsession-errors as xauth_home_t and use a type-trans rule for it
    * Allow devicekit_power_t to chat to xdm_t via dbus
    * Allow rtkit_daemon_t to stat the selinuxfs and seach default contexts
    * Allow loadkeys_t to read tmp files created by init scripts
    * Allow systemd_tmpfiles_t to delete usr_t files for a file copied to /tmp
      and to read dbus lib files for /var/lib/dbus
    * Allow systemd_logind_t to list tmpfs_t dirs, relabelto user runtime,
      relabel to/from user_tmpfs_t, and manage wireless_device_t
    * Allow xauth_t to inherit file handles from xdm_t, read an inherited fifo
      and read/write an inherited socket.
    * Allow xdm_t to send dbus messages to unconfined_t
    * Give crond_t sys_resource so it can set hard ulimit for jobs
    * Allow systemd_logind_t to setattr on the kvm device and user ttys, to
      manage user_tmp_t and user_tmpfs_t files, to read/write the dri device
    * Allow systemd_passwd_agent_t to stat the selinuxfs and search the
      contexts dir
    * Make systemd_read_machines() also allow listing directory
    * Make auth_login_pgm_domain() include userdom_read_user_tmpfs_files()
    * Allow setfiles_t to inherit apt_t file handles
    * Allow system_mail_t to use ptys from apt_t and unconfined_t
    * Label /run/agetty.reload as getty_var_run_t
    * Allow systemd_tmpfiles_t to relabel directories to etc_t
    * Made sysnet_create_config() include { relabelfrom relabelto
      manage_file_perms }, allow systemd_tmpfiles_t to create config, and set
      file contexts entries for /var/run/resolvconf.  Makes policy work with
      resolvconf (but requires resolvconf changes) Closes: #740685
    * Allow dpkg_script_t to restart init services
    * Allow shell_exec_t to be an entrypoint for unconfined_cronjob_t
    * Allow named to read network sysctls and usr files
    * Label /lib/systemd/systemd-timedated and /lib/systemd/systemd-timesyncd as
      ntpd_exec_t and allow ntpd_t to talk to dbus and talk to sysadm_t and
      unconfined_t over dbus. Allow ntpd_t capabilities fowner and setpcap when
      building with systemd support, also allow listing init pid dirs. Label
      /var/lib/systemd/clock as ntp_drift_t
    * Allow systemd_nspawn_t to read system state, search init pid dirs (for
      /run/systemd) and capability net_admin
    * Allow backup_t capabilities chown and fsetid to cp files and preserve
      ownership
    * Allow logrotate_t to talk to dbus and connect to init streams for
      systemctl, also allow setrlimit for systemctl
    * Allow mon_net_test_t to bind to generic UDP nodes. Allow mon_local_test_t
      to execute all applications (for ps to getattr mostly)
    * Label /var/lib/wordpress as httpd_var_lib_t
    * Label apachectl as httpd_exec_t so it correctly creates pid dirs etc and
      allow it to manage dirs of type httpd_lock_t
   [ Russell Coker Important ]
    * sddm is now working (gdm3 SEGVs, not a policy bug), closes: #781779
    * Support usrmerge, lots of fc changes and subst_dist changes
      Closes: #850032
Checksums-Sha1:
 0800269bcc61552f85dc0060c788e0d8ce65e599 2477 refpolicy_2.20161023.1-7.dsc
 13565daa8abfe0f0834bef69b3c0a65be4799745 105696 refpolicy_2.20161023.1-7.debian.tar.xz
 c82a662c489488f8bfa77f78f951548b74100c2f 6816 refpolicy_2.20161023.1-7_amd64.buildinfo
 fe0bcbc0df46a90f1fefae2a4fa662e56be5672a 3022420 selinux-policy-default_2.20161023.1-7_all.deb
 c1c2a2cbb18bb37faaea1b7d18a0960b1b061ddf 466774 selinux-policy-dev_2.20161023.1-7_all.deb
 cd28f2c8df216e1d1fdd9279374ff3c8c88f26d9 447792 selinux-policy-doc_2.20161023.1-7_all.deb
 2902a7b9c1b54178156e38bc37ae06ae2dcfbdac 3064446 selinux-policy-mls_2.20161023.1-7_all.deb
 df4901b0c3d096dc9ff11a2ff2554e49a84d8fdb 1249418 selinux-policy-src_2.20161023.1-7_all.deb
Checksums-Sha256:
 6602e628c2c60bdedc00fbf72f915b9146dd04f0e88d9084e21c01e36e7216a6 2477 refpolicy_2.20161023.1-7.dsc
 f12332afe827649bff3d4d9ade8c7665b1f4d24ae44d6c0f0eac5db9acb07894 105696 refpolicy_2.20161023.1-7.debian.tar.xz
 687e8aa6c820ccc5e8283b06ccbbfd74cca40f4d58b7e253bd4a27c99fe47ab7 6816 refpolicy_2.20161023.1-7_amd64.buildinfo
 0607cb8494c6e26940f4a1892a0320fd1d72950aa166377ea100be15b1e241cc 3022420 selinux-policy-default_2.20161023.1-7_all.deb
 51760efec7d3b75a2323b3c5d87331b902d916d90890508639d6b76e8309c967 466774 selinux-policy-dev_2.20161023.1-7_all.deb
 d746cd26b1abc14bec4ed3f620b622ad9704c29b6c5512cfb6bf104a024a9d96 447792 selinux-policy-doc_2.20161023.1-7_all.deb
 2aa275683aca899bd72718aa9b68e14945493087adba9e5a24fac042fad10156 3064446 selinux-policy-mls_2.20161023.1-7_all.deb
 f7359563279d104560584485864ebaa422f396b1ce8281457fe14ffd7e1fa366 1249418 selinux-policy-src_2.20161023.1-7_all.deb
Files:
 6594732f9477d8a0bbcd1101d74a6e89 2477 admin optional refpolicy_2.20161023.1-7.dsc
 04e02832f4fdbf2f057aa4f2716303c3 105696 admin optional refpolicy_2.20161023.1-7.debian.tar.xz
 6fa1c16a644657d0361e8cf293bad955 6816 admin optional refpolicy_2.20161023.1-7_amd64.buildinfo
 70e5ec155d6d727a458746aa3b2f3600 3022420 admin optional selinux-policy-default_2.20161023.1-7_all.deb
 95684f58a0fa20f0b5cfd74be4a65cb7 466774 admin optional selinux-policy-dev_2.20161023.1-7_all.deb
 97eefa99b353a64cffd615e39ea49027 447792 doc optional selinux-policy-doc_2.20161023.1-7_all.deb
 0ff85b3de406ec5d9823b6c772f2861a 3064446 admin extra selinux-policy-mls_2.20161023.1-7_all.deb
 4a61e6f67b660b5c6fdafff3a4b91be6 1249418 admin optional selinux-policy-src_2.20161023.1-7_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlh3KoQACgkQ0UHNMPxL
j3n1Cw/+KgiELoiqPbQNRNfoVFNgSSpYbmwFBjRcvyZAKJvJ2Hq/hTmX5cTmoXwb
TrMyxROAIuBUySgcM2uAufQ+c8Tn0dJesTIkZv5xeRUhNw9QK2gSucqdl1hDJ8tv
7wHv87fGfRaSShpVhpa+OwaFEM4zqL6ZDToJMrPNWdpJlCCd7DohDAQlNa/xFyHz
yS+WqdJapfWtv1yJisIGNUXm0dE2K3iDppRVpSpgttkZ5631AGJeN6pzYm7B/xtK
SUUU31hHyHAndnUykrbSlUsbrla3scqx/gzVXP7H/aGzUuoFVbiKJYQ+7bJmZ8jH
XuPh3PcLm5nBgU16dts1lKY5i0U9T97gBTWtw0rCRKiWevgI67eCszfr1mezI7BP
+dOQsV2NTdF+fAG4o8Kj6+KbLofZ+y/AbQck/PWAcH/lV99wiHeCJaEQUyNhN17f
fCjIj4QtlEYR7A//5AhUDLFLOI8qxIiBJOr+tZKxXobzERvosZ/zgpE2fVGHvTh2
/idiHxtq94m6LMj7BKVNxrIIEIdGaFyn2CNB3pALdbbOVthgSN6W+vJM/TSNYQTg
Ex5/hVbgf9Yr9smsAk4TDwKOjbBTzrhTW75ofBty0BWJ8ktb0D7W50k/yug0E+Tb
qvUGuMuCpdbl2VWVixoY1iNF4UzVtoJ4gjjV6LqDBq0V1GjIrzA=
=xcE5
-----END PGP SIGNATURE-----