Bug#679277: marked as done (selinux-policy-default: cronjob_t is not a suitable domain for cron jobs)

[Debian Bug Tracking System]

Your message dated Sat, 30 Jun 2012 10:53:39 +0000
with message-id <e1skvj5-0005q0...@franck.debian.org>
and subject line Bug#679277: fixed in refpolicy 2:2.20110726-9
has caused the Debian Bug report #679277,
regarding selinux-policy-default: cronjob_t is not a suitable domain for cron 
jobs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: selinux-policy-default
Version: 2:2.20110726-4
Severity: important

Currently the domain cronjob_t is used for all user cron jobs.  This breaks
separation between roles and also doesn't permit the cron jobs to perform
expected tasks such as managing files under a user home directory.

Cron jobs for user_t should run as user_t.

--- End Message ---

--- Begin Message ---

Source: refpolicy
Source-Version: 2:2.20110726-9

We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive:

refpolicy_2.20110726-9.debian.tar.gz
  to main/r/refpolicy/refpolicy_2.20110726-9.debian.tar.gz
refpolicy_2.20110726-9.dsc
  to main/r/refpolicy/refpolicy_2.20110726-9.dsc
selinux-policy-default_2.20110726-9_all.deb
  to main/r/refpolicy/selinux-policy-default_2.20110726-9_all.deb
selinux-policy-dev_2.20110726-9_all.deb
  to main/r/refpolicy/selinux-policy-dev_2.20110726-9_all.deb
selinux-policy-doc_2.20110726-9_all.deb
  to main/r/refpolicy/selinux-policy-doc_2.20110726-9_all.deb
selinux-policy-mls_2.20110726-9_all.deb
  to main/r/refpolicy/selinux-policy-mls_2.20110726-9_all.deb
selinux-policy-src_2.20110726-9_all.deb
  to main/r/refpolicy/selinux-policy-src_2.20110726-9_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russell Coker <russ...@coker.com.au> (supplier of updated refpolicy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 30 Jun 2012 19:19:57 +1000
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src 
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20110726-9
Distribution: unstable
Urgency: high
Maintainer: Debian SELinux maintainers <selinux-de...@lists.alioth.debian.org>
Changed-By: Russell Coker <russ...@coker.com.au>
Description: 
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building 
modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 678392 679277
Changes: 
 refpolicy (2:2.20110726-9) unstable; urgency=high
 .
   * Enable UBAC as roles aren't useful.  I recommend using only roles user_r
     and unconfined_r and using UBAC (constraining users from sharing files
     between identities) where you would previously have used roles.
   * Made cron jobs run in regular user domains such as unconfined_t and user_t
     Closes: #679277
   * Had the wrong timestamp on the last upload, corrected it for the record.
   * Allow ftpd to create sock_file objects under /var/run for proftpd
   * Change readahead policy to support memlockd.
   * Allow devicekit_power_t, devicekit_disk_t, kerneloops_t, and policykit_t
     to send dbus messages to users.
   * Grant systemd utilities access to selinuxfs so they can correctly label 
directories
     Closes: #678392
   * Assigned type consolekit_var_run_t to /var/run/console(/.*)? because it's
     created and managed by consolekit nowadays.
   * Created tunable allow_ssh_connect_reserved_ports to allow ssh client to
     connect to reserved ports.
   * Correctly label all perdition binaries, give perdition_t dac_override, and
     allow perdition_t to create it's own pid directories.
   * Label /etc/dansguardian as squid_etc_t
   * Allow devicekit_power_t to access acpi device and read udev tables and
     allow devicekit_disk_t to read udev tables.
   * Allow sshd_t to write to fifos inherited from systemd
   * High urgency because we really need to have working cron jobs!!!
   * Removed the postinst code to upgrade from pre-squeeze packages.
Checksums-Sha1: 
 5443578c79f62c55398d57b766ab7358652a202f 1702 refpolicy_2.20110726-9.dsc
 7eb68a563dd802a79007bbae38d3e8f20b2fd71f 204748 
refpolicy_2.20110726-9.debian.tar.gz
 b10d48e9235eefbbfe84e625f9fa1044bd7679f9 4296828 
selinux-policy-default_2.20110726-9_all.deb
 674e6454a2f7cff331df4c02570e12022be6a05e 4337300 
selinux-policy-mls_2.20110726-9_all.deb
 fd611e0e914fa7d04a4cfd7ab28e3994acc5847f 1058068 
selinux-policy-src_2.20110726-9_all.deb
 06d6d8cd93bd8447c43effe5625cca9675f6c572 888388 
selinux-policy-dev_2.20110726-9_all.deb
 c4a68338e95d3947d2fca271a2ff7d4a8d1011a0 518472 
selinux-policy-doc_2.20110726-9_all.deb
Checksums-Sha256: 
 adad55dc0c4c20acc52aa6db1819a23dbbc6c3bb8e67e7e0c02959c9e475b31f 1702 
refpolicy_2.20110726-9.dsc
 200dc23da2d462038a4955ac87ebf2235e95bcdb03c33c8dba1d4f45b870ad87 204748 
refpolicy_2.20110726-9.debian.tar.gz
 1f860b526e2fc9a538a743ccf82ddc9ed9106ebbe71571a281a67c8666773353 4296828 
selinux-policy-default_2.20110726-9_all.deb
 cc471ba95f275ce9f1315846ac7739ed13026022f69ca88eb2ad59fade0f3f3c 4337300 
selinux-policy-mls_2.20110726-9_all.deb
 6db1ad3d95992885d873f0a483f3268dce502bd0c1e625c4ca4951515ec2db5d 1058068 
selinux-policy-src_2.20110726-9_all.deb
 2bab22227d16b1b362e160a9b75bdf589b14d5b9553fa325bd6ae93721cb447a 888388 
selinux-policy-dev_2.20110726-9_all.deb
 eec7463f78f2370278e0e1945c1e5697a7a707ba419c9d63071ccda2f9911971 518472 
selinux-policy-doc_2.20110726-9_all.deb
Files: 
 b7464fa40795bb6182ebde0e697fff5a 1702 admin optional refpolicy_2.20110726-9.dsc
 a8035cf66083be25ea232697d6c32c6e 204748 admin optional 
refpolicy_2.20110726-9.debian.tar.gz
 768335906dfbd7c34b25f6484afb8875 4296828 admin optional 
selinux-policy-default_2.20110726-9_all.deb
 d56488b7c93aeccca7920241c94367fb 4337300 admin extra 
selinux-policy-mls_2.20110726-9_all.deb
 1a5675c480bac0e82ce74c9b3a7aa10b 1058068 admin optional 
selinux-policy-src_2.20110726-9_all.deb
 6f197d9bbbeb644505dc88f1d80f53ef 888388 admin optional 
selinux-policy-dev_2.20110726-9_all.deb
 f04820eb2d9fd8086e3ec018f8107a9a 518472 doc optional 
selinux-policy-doc_2.20110726-9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/uzMIACgkQwrB5/PXHUlbu9QCfYCbJz91/XCy5a0IFH4Ju0FHG
1WEAn04znJL+N4RB+dqgsUFSNF0DG+Ts
=5DgB
-----END PGP SIGNATURE-----

--- End Message ---