[DSE-Dev] policy for wheezy

Russell Coker russell at coker.com.au
Sat Dec 7 13:30:35 UTC 2013 

deb http://www.coker.com.au wheezy selinux

I've updated my SE Linux repository with a new refpolicy.  Below is the 
changelog and I've attached the new patches.

Where are we at with Wheezy updates?  Is this something we can get into a 
Wheezy update?  While most of the changes are things people have probably 
worked around (although it's a PITA) adding block_suspend is something I'd 
really like to do before the release of Jessie.

My aim has always been to have every policy work with the kernels from the 
next and previous releases of SE Linux.  We need to support the older kernel 
(if possible) to make things easier for virtual machines and the newer kernel 
for people who want to upgrade the kernel before all the user space.

refpolicy (2:2.20110726-12.2) wheezy; urgency=low

  * Allow dhclient dhcpc_t to bind to generic UDP ports port_t.
  * new boolean dovecot_shadow_auth to allow Dovecot to directly authenticate
    via /etc/shadow.
  * Allow asterisk_t to read /dev/random, have file transitions for
    sock_file:asterisk_var_run_t, and setattr asterisk_var_run_t:dir.  Label
    tcp port 2000 as asterisk_port_t for SCCP.
  * Add block_suspend to capability2 and allow initrc_t, init_t, and udev_t
    access to it - for kernel > 3.2.
  * Label /etc/locale.alias as locale_t
  * Make var_auth_t a mountpoint directory so /run/user can be mounted

 -- Russell Coker <russell at coker.com.au>  Sun, 08 Dec 2013 00:05:24 +1100

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0320-dovecot-shadow-auth.patch
Type: text/x-patch
Size: 810 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20131208/c265c38a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0330-block_suspend.patch
Type: text/x-patch
Size: 1978 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20131208/c265c38a/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0340-asterisk.patch
Type: text/x-patch
Size: 2150 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20131208/c265c38a/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0350-misc.patch
Type: text/x-patch
Size: 2304 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20131208/c265c38a/attachment-0003.bin>

More information about the SELinux-devel mailing list