[DSE-Dev] wheezy policy update
Russell Coker
russell at coker.com.au
Sat Sep 12 07:53:34 UTC 2015
deb http://www.coker.com.au wheezy selinux
http://www.coker.com.au/dists/wheezy/selinux/binary-amd64/
I've uploaded version 2.20110726-12.4 of the refpolicy package to the above
repository/URL. I would really appreciate if it someone could look into
getting it into the Wheezy LTS. Below are the changes from the Wheezy
version:
refpolicy (2:2.20110726-12.4) wheezy; urgency=low
* Allow logrotate_t setgid/setuid for the su config file option
* Allow mailman_mail_t to be run from postfix_pipe_t
* Allow clamd_t the chown and fowner capabilities
* Allow logrotate to send signals to mysqld.
-- Russell Coker <russell at coker.com.au> Thu, 10 Sep 2015 14:32:04 +1000
refpolicy (2:2.20110726-12.3) wheezy; urgency=low
* Allow logwatch_t to search cgroup_t directories to stop df error messages.
-- Russell Coker <russell at coker.com.au> Sun, 22 Dec 2013 11:20:45 +1100
refpolicy (2:2.20110726-12.2) wheezy; urgency=low
* Allow dhclient dhcpc_t to bind to generic UDP ports port_t.
* new boolean dovecot_shadow_auth to allow Dovecot to directly authenticate
via /etc/shadow.
* Allow asterisk_t to read /dev/random, have file transitions for
sock_file:asterisk_var_run_t, and setattr asterisk_var_run_t:dir. Label
tcp port 2000 as asterisk_port_t for SCCP.
* Add block_suspend to capability2 and allow initrc_t, init_t, and udev_t
access to it - for kernel > 3.2.
* Label /etc/locale.alias as locale_t
* Make var_auth_t a mountpoint directory so /run/user can be mounted
-- Russell Coker <russell at coker.com.au> Sun, 08 Dec 2013 00:05:24 +1100
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list