[DSE-Dev] wheezy policy update

Russell Coker russell at coker.com.au
Sat Sep 12 07:53:34 UTC 2015


deb http://www.coker.com.au wheezy selinux

http://www.coker.com.au/dists/wheezy/selinux/binary-amd64/

I've uploaded version 2.20110726-12.4 of the refpolicy package to the above 
repository/URL.  I would really appreciate if it someone could look into 
getting it into the Wheezy LTS.  Below are the changes from the Wheezy 
version:

refpolicy (2:2.20110726-12.4) wheezy; urgency=low

  * Allow logrotate_t setgid/setuid for the su config file option
  * Allow mailman_mail_t to be run from postfix_pipe_t
  * Allow clamd_t the chown and fowner capabilities
  * Allow logrotate to send signals to mysqld.

 -- Russell Coker <russell at coker.com.au>  Thu, 10 Sep 2015 14:32:04 +1000

refpolicy (2:2.20110726-12.3) wheezy; urgency=low

  * Allow logwatch_t to search cgroup_t directories to stop df error messages.

 -- Russell Coker <russell at coker.com.au>  Sun, 22 Dec 2013 11:20:45 +1100

refpolicy (2:2.20110726-12.2) wheezy; urgency=low

  * Allow dhclient dhcpc_t to bind to generic UDP ports port_t.
  * new boolean dovecot_shadow_auth to allow Dovecot to directly authenticate
    via /etc/shadow.
  * Allow asterisk_t to read /dev/random, have file transitions for
    sock_file:asterisk_var_run_t, and setattr asterisk_var_run_t:dir.  Label
    tcp port 2000 as asterisk_port_t for SCCP.
  * Add block_suspend to capability2 and allow initrc_t, init_t, and udev_t
    access to it - for kernel > 3.2.
  * Label /etc/locale.alias as locale_t
  * Make var_auth_t a mountpoint directory so /run/user can be mounted

 -- Russell Coker <russell at coker.com.au>  Sun, 08 Dec 2013 00:05:24 +1100

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



More information about the SELinux-devel mailing list