[DSE-Dev] refpolicy_2.20210203-5_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Apr 9 14:18:48 BST 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 09 Apr 2021 23:02:14 +1000
Source: refpolicy
Architecture: source
Version: 2:2.20210203-5
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel at lists.alioth.debian.org>
Changed-By: Russell Coker <russell at coker.com.au>
Changes:
refpolicy (2:2.20210203-5) unstable; urgency=medium
.
* Add policy for rasdaemon
* Made mta_manage_mail_home_rw_content() include mail_home_rw_t:file watch
access, needed by dovecot_t and probably others in future
* Allow restorecond to watch selinux_config_t files.
* Allow *_wm_t domains (for window manager processes) to watch xdg_config_t
files and to execmod wm_tmpfs_t files (stops kwin_x11 SEGV)
* Allow systemd_tmpfiles_t to relabel colord var lib files and dirs
* Allow smbcontrol_t to map samba_runtime_t files and send unix datagrams
to smbd processes
* Allow systemd_user_runtime_dir_t to delete all user runtime sock files
and manage pulseaudio_tmp_t dirs
* Allow system_cronjob_t to manage var_lib dirs
* Allow dovecot to create ~/mail directories.
* Label /usr/share/mailman3-web/manage.py as mailman_queue_exec_t
Allow mailman_queue_t to read usr files and to create it's own tmpfs files
and allow it to map mailman_data_t files
* Added systemd policy from upstream git as of 31st Mar to the upstream patch
* Label /usr/bin/rspamd file not /usr/bin/rspamd symlink
label /var/log/rspamd(/.*)? as spamd_log_t. Allow spamd_t self execmem
access when rspamd_spamd. Label port 11333 as spamd_port_t for rspam.
* Label /usr/lib/courier/imapd.* and /usr/lib/courier/pop3d.* as
courier_pop_exec_t. Allow courier_pop_t to read generic certs, manage
courier_var_lib_t files, bind to POP ports, execute courier_exec_t and
courier_tcpd_exec_t programs, and map courier config files. Grant
courier_pop_t the fowner and chown capabilities (for managing user mail)
but dontaudit the fsetid capability. Grant courier_pop_t the setrlimit
process access so it can set it's own resource limits. Allow
courier_authdaemon_t to search SE Linux default contexts (needed by pam
before using unix_chkpwd) and allow it to stat proc files.
* Add sympa policy
* Allow exim_t to read/write tmp files inherited from cron. Allow exim_t
the dac_read_search capability.
* Allow apache to map user content files when httpd_read_user_content is set.
Label /usr/lib/w3m/* as httpd_sys_script_exec_t
* Dontaudit fsdaemon_t capability net_admin (probably setting buffer size)
Checksums-Sha1:
f02b84bb5932de5c9f798a5cb1dc1843b10e5868 2445 refpolicy_2.20210203-5.dsc
721cb8330f12527abe96e6a438f6e753c6f4603d 96452 refpolicy_2.20210203-5.debian.tar.xz
51b5d8800ee7ed2f66693d5182917b079bce18ad 8554 refpolicy_2.20210203-5_amd64.buildinfo
Checksums-Sha256:
4d471adc7c8f6a88e8d43250e754f623752f590dc891cef17b4b7dfbdb69e75e 2445 refpolicy_2.20210203-5.dsc
1741184d918d7dbd9a34534b76148620bfd9df1c11922b0184649245c9c7d115 96452 refpolicy_2.20210203-5.debian.tar.xz
118ee682902cb90d9b5a16ac774497d3913deed59a17daa4f7f89517fd7ca76d 8554 refpolicy_2.20210203-5_amd64.buildinfo
Files:
8fdec7faaf818c83f8a314a32589ce80 2445 admin optional refpolicy_2.20210203-5.dsc
b9b5c5f45cfc95706b443c17e0259e71 96452 admin optional refpolicy_2.20210203-5.debian.tar.xz
ea063098bf9dd2bf49da6a55418d2f84 8554 admin optional refpolicy_2.20210203-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmBwUUcACgkQ0UHNMPxL
j3mcdQ/+P0g/uhtQlj/Oqdgn7HKSgrFJ3/AGeXlS4E6YOLbdL84Ob+L8U6z3imUQ
8CZt/UQNtXJ00hXMzB7WwmqTQYosyUUHGixwR5XBFkQDAJmzAoWVf75W1IQJmxSV
ygIvffJu0OjtMcJWFM9/2wWwXGaJ6SLMt4QFzgEB6Lgicw9ytojiIBGtvK36HfAB
T6A6QiSLQwZARGrPc1R7dAhUus8Ks/kVFB0/9oUIHPNFSZku1U65QYt2WHRieMT6
0n1+3rS+u6reQ42VtHB/375ztRT4UwpjwKouQFM3yyzFTQT94DRicq5gz5RGBiue
pMFT0YiQrS8dq5EiKvRhmpUeuo4WvglEmO9c11Avnhxbm/pkIRiOnHY59B80+CxT
WBOvCh4HztwnZ2i7exPmW1TqNSaoqwLTG0TIF4FlMzZ4e12UutupKS1MNUXqtK5C
ZE2ha2prWKJ7WYsRyMhXZxjtRq6j1Utvn+qOw8fMT7KlTVP8OdpryTGAVB9qkef6
Zkw+PpiSSewY+lVNgdzOrD3pmTyoB1QxLI4n9/nK6COVMW4We8OZDpocmNAgBGA/
nUmbgP5Yov36TfQw6To4pJm16ACp/7JihwGQO4hOHsjIef1zomtdujVMtV8k18UK
VVlTamnP4J+cVlg+2iovxS1NAOU3czKSg068YGK9gN1RX+XWnDw=
=H9Vq
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the SELinux-devel
mailing list