[DSE-Dev] refpolicy_2.20221101-9_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Apr 19 11:49:13 BST 2023
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 19 Apr 2023 20:24:14 +1000
Source: refpolicy
Architecture: source
Version: 2:2.20221101-9
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel at lists.alioth.debian.org>
Changed-By: Russell Coker <russell at coker.com.au>
Changes:
refpolicy (2:2.20221101-9) unstable; urgency=medium
.
* Added git and thunderbird to the not default modules list
* Add filetrans to make dpkg_script_t create /var/lib/ntpsec/ as ntp_drift_t
also add fc entry for /var/lib/ntpsec
* Allow ndc_t to read vm_overcommit_state and sysfs files
* Dontaudit certbot_t net_admin capability, it doesn't need to change
network stuff, probably changing buffer sizes.
* Allow aptcacher_t to getsched for itself
* Allow boinc_t to to connect to unconfinged stream sockets for X access
* Allow systemd_locale_t to talk to unconfined users by dbus
* Allow xdm_t to talk to systemd-locale via dbus
* Allow systemd_generator_t to manage files and dirs of type
systemd_user_runtime_unit_t and to read crypto sysctls
* Dontaudit writing to lib dirs for fail2ban_t and fail2ban_client_t for
python attempts to generate cache files
* Dontaudit mysqld_safe (mysql startup script) attempts to write to root dir
* Change all toolchain dependencies to >= version 3.4
* Allow jabberd_domain to create jabberd_var_lib_t:sock_file for prosody
* Allow dkim_milter_t and clamd_t to get their own scheduling status
* Allow auditd_t to map it's config files to avoid recursion when dontaudit
rules are disabled
* Allow groupadd_t to stat /proc
* Allow matrixd_t to read sysfs for CPU information
* Give postfwd_milter_t kill capability
* Allow unconfined domains the self:anon_inode access.
Also allow them to manage dirs in their own domain, Chrome does this
* Allow the postfix_map_t domain to read /dev/urandom
* Allow mozilla to bind UDP generic nodes, write dbus session runtime
sockets, read device sysctls for video hardware specs, and map it's cache
files.
* Allow fsadm_t to write to boot_t for fstrim
* Gave nfsd_t the lease capability, taking leases on files is necessary
* dontaudit bootloader_t accessing /dev/mem, mdadm does this for some reason
but doesn't need it
* Allow fwupd_t to read the vm overcommit sysctl
* Allow setfiles_t to read the vm overcommit sysctl
* Allow vnstatd_t to read urandom
Checksums-Sha1:
19c9a8792f99f5a91df18ea7eb592d9699587a99 2442 refpolicy_2.20221101-9.dsc
af98a6c2b17f76299555183f50722b6b7050bcf4 108148 refpolicy_2.20221101-9.debian.tar.xz
3e22db04c28f45d8c2f7a85460997186296536f4 8555 refpolicy_2.20221101-9_amd64.buildinfo
Checksums-Sha256:
fa452b3263c146d65027d5df9d1041e989776ff8834660c6382c608a6d544a23 2442 refpolicy_2.20221101-9.dsc
9ff5cb44ebd15931e96dd5a6d632f1058c7919914709536a6c771dceb980c1d8 108148 refpolicy_2.20221101-9.debian.tar.xz
e2cea6742f71145e0bdadc586ece6d3ca308d0dd2c5b4bccaf704b1d54b08eb4 8555 refpolicy_2.20221101-9_amd64.buildinfo
Files:
042b5eb81068e7637fb16716bf572771 2442 admin optional refpolicy_2.20221101-9.dsc
07cf4924f462b78dae4eaa7881bb6d66 108148 admin optional refpolicy_2.20221101-9.debian.tar.xz
0cd0805a096b956a5308bdcbff024149 8555 admin optional refpolicy_2.20221101-9_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmQ/w8MACgkQ0UHNMPxL
j3kB/RAAv0eytUMNKJm9Qbx3zHfg/hQ5fRbOraa3i615j7BzfdxrhNIYrg1oqe0Y
2p2VX1UHOcSh9puP/N81a3C/forsm6X+oRFyeyGjETuqMlZ76izk4w4q1KZ5Q/BN
4RbtGSHAhCskXNqwvf970V4IuBl47VjUYOUz6qy7db7/5nPW/1w/9kpRbN4SteeS
7T+I5AesrNQ2vhmtyvuu1CIswHObZ1QIxUfGafEWWqrJjvIgZq8DsBEPdk/87ICo
8ABQ8mvkJC13bKnHMECFMoXfcfh9l2eFWhlySAP19AjBxWpiVxrdlK5FO2DObpYL
vNt5JlKsE6zLsGXdyJCzETuF8kRwqrSSyjmXxmAN4Zkdnr2nH4ytbYhc+9MpdJsU
05FcxlT34S6Lt4iLm8MELPtpotAYnsn+EBsj9jzLuuwGgu90+7ZJXoUYcBO2jGo2
SwhckPGlM4AJFx/SLgfDDGrLb0ly17FZoRQPUEAr9D/rQgLD19Its83swm2BTpXi
TlKc8I1VHunp6r07Bkn4kUpTlLxsCzMIUIrWwV7orKDvMtsXfIg21zn3uXiQj/t/
CMBd6Wkf3B0jSttGJ9cD6EjddXUKXT4v7q8QuGyCtN+0cUZXVpwvWArcSvefznEK
kQ61zJ3+X7D6tl+2oWpmGCKfOo4rU9ub2vdnfIwSdNZVNV1m1UY=
=VthJ
-----END PGP SIGNATURE-----
More information about the SELinux-devel
mailing list