[DSE-Dev] refpolicy_2.20210203-4_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Mar 5 10:35:13 GMT 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Mar 2021 21:11:58 +1100
Source: refpolicy
Architecture: source
Version: 2:2.20210203-4
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel at lists.alioth.debian.org>
Changed-By: Russell Coker <russell at coker.com.au>
Changes:
refpolicy (2:2.20210203-4) unstable; urgency=medium
.
* Allow ntpd_t to get the status of generic systemd units
* Allow kernel_t self:perf_event cpu.
* Allow chromium to watch network manager runtime dirs (for resolv.conf)
Allow chromium to run naclhelper with nnp_transition
Allow chromium to watch root dirs
Allow chromium to read/write unix sockets from the calling domain
* Make Postgresql use postgresql_tmpfs_t for tmpfs files and make
mon_local_test_t and systemd_logind_t not have getattr access to tmpfs
files audited.
* Allow systemd_user_runtime_dir_t to unlink device nodes of type
user_tmp_t, they probably should not exist, so it's in the hacks patch.
* Allow the acngtool to read random and urandom devices and search fs sysctls
* Add wm_write_xdg_data tunable to allow user_wm_t etc to write xdg data.
* Allow chromium to watch gnome_xdg_config_t dirs
* Label pinentry programs as gpg_agent_exec_t and allow gpg_agent_t to exec
them
* Create new admin_mail_t domain so that newaliases can work with Postfix
* Added a transition rule so that vipw/vigr gives the right context for
/etc/passwd and /etc/group
* Allow acngtool_t to read /proc/sys/kernel/random/uuid
* Allow unconfined domains lockdown confidentiality and integrity access
* Allow netutils_t netlink_generic_socket access for tcpdump
* Allow smbcontrol to create a sock_file in a samba run dir
* Allow mailman_queue_t to bind to all unreserved TCP ports
* Allow systemd_coredump_t to mmap all executables and to have cap_userns
sys_ptrace access. dontaudit systemd_coredump_t capability net_admin
* Allow mailman_queue_t to connect to port 443
Checksums-Sha1:
a3b1f358c3f0e9cc1c92523f6498b743ba9cb447 2445 refpolicy_2.20210203-4.dsc
afcaafe55efed07f0f49874ad820a97ad67b3704 90224 refpolicy_2.20210203-4.debian.tar.xz
e7cbe7ae65a3986ee8088786da0278a28c70bb00 8564 refpolicy_2.20210203-4_amd64.buildinfo
Checksums-Sha256:
d3a99601f457cb04d2b318c807f98b01709e34fa06bcb5b3b8cbb786e32172ee 2445 refpolicy_2.20210203-4.dsc
a7bf29d24541be8bbdc96ec596f98951f4fa4caaa5218db3a23e3738b65b28dc 90224 refpolicy_2.20210203-4.debian.tar.xz
d845af5e609eee79731f23b99f0e1e661862ef6adfc38000a125ec86b66d284d 8564 refpolicy_2.20210203-4_amd64.buildinfo
Files:
8c29650019da77ef6bc7bdb6b172d2f0 2445 admin optional refpolicy_2.20210203-4.dsc
0d493e1f5fec4c9f05e16c03ce938244 90224 admin optional refpolicy_2.20210203-4.debian.tar.xz
48e0c39f4e474af6e373b6a67793aa13 8564 admin optional refpolicy_2.20210203-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmBCBbMACgkQ0UHNMPxL
j3nEFw//Sz/ncrF1C6Wb+s3UUt6XErxiRp8tsNeIXdcw+QARhmaNrTX5oMAsyT38
dHFdndsYOjkw4bZ5ILVIylnRgzkLiZMtnON/74O8kWx17vn8TX57EN44SLqCrU+S
baBtvHmlJOQnkAaSe21HlIQ8JXzZC0DvAw7MGFdd28NJZXX3hnbJ8jkZrjiDrTjr
JYnpqSlCKatTD2YAXs2Se4JeUzfYfWfQH3mq14vN8C2wAjiOHHkdwXf2HDD9b6f/
aFEfbhPFsSf+QiUHzKpNJQydx8sR+I+GmWtOKOol7KkbtV0rawbM39lB6cf2Yieh
7QfF5pd0I/NiMcgAEKucC1QYuDjvgmRfF2gxr+MfolBc+c72sMiFmLK5jkIktfca
zYx4/4QXSdaOddGWUDTswSMgAYF4/Hy7+sx4t72SjyVEPgGF1pdpIW4aVNCWqoPc
vSXj3xEOXUHGRHy4ttndt6sOg/aw48Lwu1l7H8ek+w4FtuFUEwfFkExuhEJznw++
VBSN4S7daCxwfH9UXgb4yHfE1Sjhv8d5KKexD+oP1gByoUAh9YIq/VyZ/NLvPYDT
3k18A9qPCMaKZpxoCHWdjB1E2qjTEkWHT114JFsa5b+UVPdAZKy5jbCaxBt16T5P
F6ButcsRUDv08STMhKJF12zHvvKswa4NjGJ/krbI0do9+50P66E=
=XKJv
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the SELinux-devel
mailing list