-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 25 Jun 2014 15:38:58 +1000
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140421-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-de...@lists.alioth.debian.org>
Changed-By: Russell Coker <russ...@coker.com.au>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building
modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Changes:
refpolicy (2:2.20140421-2) unstable; urgency=medium
.
* Fix systemd support
* Made init, logging, authlogin, application, userdomain, systemd, dmesg,
dpkg, usermanage, libraries, fstools, miscfiles, mount, selinuxutil,
storage and sysnetwork be base modules - some of this is needed for
systemd, some just makes sense.
* Disabled modules anaconda, authbind, kudzu, portage, rhgb, speedtouch
* Allow syslogd_t to read /dev/urandom (for systemd)
* Change unit files to use .*\.service
* Default trans syslogd_tmp_t for name /run/log (for systemd)
* Make /var/auth a mountpoint
* Allow systemd_tmpfiles_t to relabelto xconsole_device_t
* Allow init_t to start and stop service systemd_unit_file_t
* Allow udev_t to write to init_t stream sockets for systemctl
* Allow syslogd_t to read udev_var_run_t so systemd_journal can get seat data
* Allow systemd_logind_t to read udev_var_run_t for seat data
* Allow syslogd_t setgid and setgid for systemd_journal
* Allow udev_t to read cgroup files for systemd-udevd to read it's own cgroup
* Give logrotate_t the systemd_systemctl_domain access to restart daemons
* Make transition from unconfined_t to insmod_t for running modutils and
remove all unused modutils domains. Make unconfined_t transition to
insmod_t, this makes depmod run as insmod_t. Make insmod_t write modules
dep files with the correct context.
* Allow udev_t to load kernel modules for systemd-udevd
* Allow initrc_t to systemd_config_all_services
* Allow lvm_t to talk to init_t via unix socket for systemd
* Allow allow lvm_t to read sysctl_crypto_t
* Allow udev_t to read modules_object_t for systemd-udevd
* Allow udev_t to search /run/systemd for systemd-udevd
* Allow systemd_tmpfiles_t to relabel man_cache_t
* Allow initrc_t to get status of init_t for systemd
* Allow udev_t to get initrc_exec_t service status for when udev runs hdparm
script
.
* Allow ifconfig_t to load kernel modules
* Allow named_t to read vm sysctls
* Allow tor_t capabilities chown dac_read_search dac_override fowner
* Allow fetchmail_t to manage dirs of type fetchmail_uidl_cache_t
* Allow mysqld_t to connect to itself on unix_stream_socket
* Allow mysqld_t kernel_read_vm_sysctls for overcommit_memory
* Allow sysstat_t read and write access to crond_tmp_t (for cron to capture
stdout/stderr).
* Allow sysstat_t to read it's own log files and read shell_exec_t
* Included file context for /run/kdm.pid
* Allow kerneloops_t to read /proc/filesystems
* Label /var/cache/dirmngr as dirmngr_var_lib_t
* systemd_login_list_pid_dirs(system_dbusd_t)
Checksums-Sha1:
605f00c3db9af4fb13fff7d1292d60c1fdbf7d8b 1758 refpolicy_2.20140421-2.dsc
f4812456246aee744b806cf82ea52999359b68c3 67824
refpolicy_2.20140421-2.debian.tar.xz
66bb4329c6e2e89e22789202f2af911fa24771ee 2805706
selinux-policy-default_2.20140421-2_all.deb
388dffa8914472528aebe06682941befc1afa94c 2845368
selinux-policy-mls_2.20140421-2_all.deb
4ee9d154bba94dd6f026f96c20c42543939b06bd 1201664
selinux-policy-src_2.20140421-2_all.deb
5446a7d7a65d20eb2b4d528867e9700d81e952b0 435268
selinux-policy-dev_2.20140421-2_all.deb
47332be59a4889a04a1f3b4b42d856b437876292 412362
selinux-policy-doc_2.20140421-2_all.deb
Checksums-Sha256:
bbf6275973b688a8e6f0dc9fdad39629b4ea32fb98b0b6fd2116c366e15d4aaf 1758
refpolicy_2.20140421-2.dsc
232bc394236b20c04825985e71ed54b65ab65293abf9de477642e5e3337a5a6d 67824
refpolicy_2.20140421-2.debian.tar.xz
36a3f97eaee638f7146115faa0cbd4ec5778fe22f96b8d4ad28f61e608cdc075 2805706
selinux-policy-default_2.20140421-2_all.deb
c91721adbe094d7f7c1a2e12e0ffd0f4dc29c7211bc5fb0ef277a00bc53cb1c7 2845368
selinux-policy-mls_2.20140421-2_all.deb
73573d1f76c034b8aa6ccd41ed06781d9010c96841b3b35a1e96ff65e93bdb61 1201664
selinux-policy-src_2.20140421-2_all.deb
2903318fb6b06beee1dc99a735c7e5c9161391e3d83188d9966832b6ef36100a 435268
selinux-policy-dev_2.20140421-2_all.deb
37377f34e63b4ac70b79871db945347818e3597d3f3ed300033e9684f70c061a 412362
selinux-policy-doc_2.20140421-2_all.deb
Files:
e82af0c4e99bc6eca087e1a23af0cfa3 2805706 admin optional
selinux-policy-default_2.20140421-2_all.deb
dfc6ed27ed5ddeec866986ca4e2279e9 2845368 admin extra
selinux-policy-mls_2.20140421-2_all.deb
d7a2c1222b123869f78bbc2391d5a3cd 1201664 admin optional
selinux-policy-src_2.20140421-2_all.deb
eae7aeeff1106e0cd02e87bce0f7f32f 435268 admin optional
selinux-policy-dev_2.20140421-2_all.deb
2cd0e7a8305dbe82995fa703d6e7cecf 412362 doc optional
selinux-policy-doc_2.20140421-2_all.deb
71e02aca23afd2d3059086c6c3d3374a 1758 admin optional refpolicy_2.20140421-2.dsc
b23ab4de661b56ae1b2583171a5cd5ca 67824 admin optional
refpolicy_2.20140421-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlOqYkAACgkQwrB5/PXHUlbvjwCfR4bXz8IwDcL5Z3LJweTu1NIi
QBoAn0IVjMFBESHl62hfZ6yco/hKuBgd
=l93F
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1wzgmk-0004s7...@franck.debian.org
