[DSE-Dev] refpolicy_2.20161023.1-7_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Jan 12 07:18:37 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Jan 2017 18:01:40 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20161023.1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel at lists.alioth.debian.org>
Changed-By: Russell Coker <russell at coker.com.au>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 740685 781779 849637 850032
Changes:
refpolicy (2:2.20161023.1-7) unstable; urgency=medium
.
[ Laurent Bigonville and cgzones ]
* Sort the files in the files in the selinux-policy-src.tar.gz tarball by
name, this should fix the last issue for reproducible build
* Add genfscon for cpu/online. Closes: #849637
[ Russell Coker ]
* Make the boinc patch like the one upstream accepted and make it last in
the list.
* Label /etc/sddm/Xsession as xsession_exec_t
* Label ~/.xsession-errors as xauth_home_t and use a type-trans rule for it
* Allow devicekit_power_t to chat to xdm_t via dbus
* Allow rtkit_daemon_t to stat the selinuxfs and seach default contexts
* Allow loadkeys_t to read tmp files created by init scripts
* Allow systemd_tmpfiles_t to delete usr_t files for a file copied to /tmp
and to read dbus lib files for /var/lib/dbus
* Allow systemd_logind_t to list tmpfs_t dirs, relabelto user runtime,
relabel to/from user_tmpfs_t, and manage wireless_device_t
* Allow xauth_t to inherit file handles from xdm_t, read an inherited fifo
and read/write an inherited socket.
* Allow xdm_t to send dbus messages to unconfined_t
* Give crond_t sys_resource so it can set hard ulimit for jobs
* Allow systemd_logind_t to setattr on the kvm device and user ttys, to
manage user_tmp_t and user_tmpfs_t files, to read/write the dri device
* Allow systemd_passwd_agent_t to stat the selinuxfs and search the
contexts dir
* Make systemd_read_machines() also allow listing directory
* Make auth_login_pgm_domain() include userdom_read_user_tmpfs_files()
* Allow setfiles_t to inherit apt_t file handles
* Allow system_mail_t to use ptys from apt_t and unconfined_t
* Label /run/agetty.reload as getty_var_run_t
* Allow systemd_tmpfiles_t to relabel directories to etc_t
* Made sysnet_create_config() include { relabelfrom relabelto
manage_file_perms }, allow systemd_tmpfiles_t to create config, and set
file contexts entries for /var/run/resolvconf. Makes policy work with
resolvconf (but requires resolvconf changes) Closes: #740685
* Allow dpkg_script_t to restart init services
* Allow shell_exec_t to be an entrypoint for unconfined_cronjob_t
* Allow named to read network sysctls and usr files
* Label /lib/systemd/systemd-timedated and /lib/systemd/systemd-timesyncd as
ntpd_exec_t and allow ntpd_t to talk to dbus and talk to sysadm_t and
unconfined_t over dbus. Allow ntpd_t capabilities fowner and setpcap when
building with systemd support, also allow listing init pid dirs. Label
/var/lib/systemd/clock as ntp_drift_t
* Allow systemd_nspawn_t to read system state, search init pid dirs (for
/run/systemd) and capability net_admin
* Allow backup_t capabilities chown and fsetid to cp files and preserve
ownership
* Allow logrotate_t to talk to dbus and connect to init streams for
systemctl, also allow setrlimit for systemctl
* Allow mon_net_test_t to bind to generic UDP nodes. Allow mon_local_test_t
to execute all applications (for ps to getattr mostly)
* Label /var/lib/wordpress as httpd_var_lib_t
* Label apachectl as httpd_exec_t so it correctly creates pid dirs etc and
allow it to manage dirs of type httpd_lock_t
[ Russell Coker Important ]
* sddm is now working (gdm3 SEGVs, not a policy bug), closes: #781779
* Support usrmerge, lots of fc changes and subst_dist changes
Closes: #850032
Checksums-Sha1:
0800269bcc61552f85dc0060c788e0d8ce65e599 2477 refpolicy_2.20161023.1-7.dsc
13565daa8abfe0f0834bef69b3c0a65be4799745 105696 refpolicy_2.20161023.1-7.debian.tar.xz
c82a662c489488f8bfa77f78f951548b74100c2f 6816 refpolicy_2.20161023.1-7_amd64.buildinfo
fe0bcbc0df46a90f1fefae2a4fa662e56be5672a 3022420 selinux-policy-default_2.20161023.1-7_all.deb
c1c2a2cbb18bb37faaea1b7d18a0960b1b061ddf 466774 selinux-policy-dev_2.20161023.1-7_all.deb
cd28f2c8df216e1d1fdd9279374ff3c8c88f26d9 447792 selinux-policy-doc_2.20161023.1-7_all.deb
2902a7b9c1b54178156e38bc37ae06ae2dcfbdac 3064446 selinux-policy-mls_2.20161023.1-7_all.deb
df4901b0c3d096dc9ff11a2ff2554e49a84d8fdb 1249418 selinux-policy-src_2.20161023.1-7_all.deb
Checksums-Sha256:
6602e628c2c60bdedc00fbf72f915b9146dd04f0e88d9084e21c01e36e7216a6 2477 refpolicy_2.20161023.1-7.dsc
f12332afe827649bff3d4d9ade8c7665b1f4d24ae44d6c0f0eac5db9acb07894 105696 refpolicy_2.20161023.1-7.debian.tar.xz
687e8aa6c820ccc5e8283b06ccbbfd74cca40f4d58b7e253bd4a27c99fe47ab7 6816 refpolicy_2.20161023.1-7_amd64.buildinfo
0607cb8494c6e26940f4a1892a0320fd1d72950aa166377ea100be15b1e241cc 3022420 selinux-policy-default_2.20161023.1-7_all.deb
51760efec7d3b75a2323b3c5d87331b902d916d90890508639d6b76e8309c967 466774 selinux-policy-dev_2.20161023.1-7_all.deb
d746cd26b1abc14bec4ed3f620b622ad9704c29b6c5512cfb6bf104a024a9d96 447792 selinux-policy-doc_2.20161023.1-7_all.deb
2aa275683aca899bd72718aa9b68e14945493087adba9e5a24fac042fad10156 3064446 selinux-policy-mls_2.20161023.1-7_all.deb
f7359563279d104560584485864ebaa422f396b1ce8281457fe14ffd7e1fa366 1249418 selinux-policy-src_2.20161023.1-7_all.deb
Files:
6594732f9477d8a0bbcd1101d74a6e89 2477 admin optional refpolicy_2.20161023.1-7.dsc
04e02832f4fdbf2f057aa4f2716303c3 105696 admin optional refpolicy_2.20161023.1-7.debian.tar.xz
6fa1c16a644657d0361e8cf293bad955 6816 admin optional refpolicy_2.20161023.1-7_amd64.buildinfo
70e5ec155d6d727a458746aa3b2f3600 3022420 admin optional selinux-policy-default_2.20161023.1-7_all.deb
95684f58a0fa20f0b5cfd74be4a65cb7 466774 admin optional selinux-policy-dev_2.20161023.1-7_all.deb
97eefa99b353a64cffd615e39ea49027 447792 doc optional selinux-policy-doc_2.20161023.1-7_all.deb
0ff85b3de406ec5d9823b6c772f2861a 3064446 admin extra selinux-policy-mls_2.20161023.1-7_all.deb
4a61e6f67b660b5c6fdafff3a4b91be6 1249418 admin optional selinux-policy-src_2.20161023.1-7_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlh3KoQACgkQ0UHNMPxL
j3n1Cw/+KgiELoiqPbQNRNfoVFNgSSpYbmwFBjRcvyZAKJvJ2Hq/hTmX5cTmoXwb
TrMyxROAIuBUySgcM2uAufQ+c8Tn0dJesTIkZv5xeRUhNw9QK2gSucqdl1hDJ8tv
7wHv87fGfRaSShpVhpa+OwaFEM4zqL6ZDToJMrPNWdpJlCCd7DohDAQlNa/xFyHz
yS+WqdJapfWtv1yJisIGNUXm0dE2K3iDppRVpSpgttkZ5631AGJeN6pzYm7B/xtK
SUUU31hHyHAndnUykrbSlUsbrla3scqx/gzVXP7H/aGzUuoFVbiKJYQ+7bJmZ8jH
XuPh3PcLm5nBgU16dts1lKY5i0U9T97gBTWtw0rCRKiWevgI67eCszfr1mezI7BP
+dOQsV2NTdF+fAG4o8Kj6+KbLofZ+y/AbQck/PWAcH/lV99wiHeCJaEQUyNhN17f
fCjIj4QtlEYR7A//5AhUDLFLOI8qxIiBJOr+tZKxXobzERvosZ/zgpE2fVGHvTh2
/idiHxtq94m6LMj7BKVNxrIIEIdGaFyn2CNB3pALdbbOVthgSN6W+vJM/TSNYQTg
Ex5/hVbgf9Yr9smsAk4TDwKOjbBTzrhTW75ofBty0BWJ8ktb0D7W50k/yug0E+Tb
qvUGuMuCpdbl2VWVixoY1iNF4UzVtoJ4gjjV6LqDBq0V1GjIrzA=
=xcE5
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the SELinux-devel
mailing list