[DSE-Dev] Bug#1012841: patch welcome

Please send me a patch to use autopkgtest and I'll include it. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net

[DSE-Dev] Bug#1012841: I don't think this is important

severity 1012841 wishlist thanks -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net

[DSE-Dev] Processed: I don't think this is important

Processing commands for cont...@bugs.debian.org: > severity 1012841 wishlist Bug #1012841 [src:refpolicy] refpolicy: add autopkgtest Severity set to 'wishlist' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1012841:

[DSE-Dev] Processed: fixed, dupe of 1012503

Processing commands for cont...@bugs.debian.org: > close 1012686 Bug #1012686 [selinux-policy-default] libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1012686:

[DSE-Dev] Bug#999441: policy needed

type firewalld_tmpfs_t; files_tmpfs_file(firewalld_tmpfs_t) fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file) manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t) allow firewalld_t firewalld_tmpfs_t:file { map execute }; allow firewalld_t self:netlink_netfilter_socket {

[DSE-Dev] Bug#962007: fixed

close 962007 thanks Below is from a Bullseye system. This was fixed after Buster, so Buster is still missing this. # sesearch -A -s openvpn_t -t openvpn_var_run_t -c sock_file allow openvpn_t openvpn_runtime_t:sock_file { append create getattr ioctl link lock open read rename setattr unlink

[DSE-Dev] Processed: fixed

Processing commands for cont...@bugs.debian.org: > close 962007 Bug #962007 [selinux-policy-default] selinux-policy-default: No SELinux rule for OpenVPN management socket file Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 962007:

[DSE-Dev] Bug#960960: fixed

close 960960 thanks Appears to be fixed in Bullseye and unstable. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net

[DSE-Dev] Processed: fixed

Processing commands for cont...@bugs.debian.org: > close 960960 Bug #960960 [src:refpolicy] Please update paths for upower and udisks2 Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 960960:

[DSE-Dev] Bug#948336: fixed

close 948336 thanks # sesearch -A -s syslogd_t -t devicekit_disk_t -c process allow syslogd_t domain:process { getattr signull }; Above is from a buster system showing it to be fixed. The below changelog indicates that it was fixed before version 2:2.20190201-6. refpolicy (2:2.20190201-4)

[DSE-Dev] Processed: fixed

Processing commands for cont...@bugs.debian.org: > close 948336 Bug #948336 [selinux-policy-default] selinux-policy-default: systemd-journal cannot access processes with 'signull' (RedHat Bug 1676923). Marked Bug as done > thanks Stopping processing here. Please contact me if you need

[DSE-Dev] Bug#900782: fixed in recent versions

close 900782 thanks Works in unstable now. root@unstable:~# cat /etc/fstab /dev/vda/ ext4 noatime,nodev 0 1 /dev/vdbnoneswappri=0 0 0 tmpfs /tmp tmpfs rootcontext=system_u:object_r:tmp_t:s0 0 0 root@unstable:~# df -h /tmp

[DSE-Dev] Processed: fixed in recent versions

Processing commands for cont...@bugs.debian.org: > close 900782 Bug #900782 [selinux-policy-default] selinux-policy-default: Systemd fails to set context for tmpfs mounts in enforcing mode Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. --

[DSE-Dev] Bug#728950: closing all bugs before buster

close 878345 close 888967 close 900186 close 933858 close 959803 close 728950 close 758083 close 860532 close 871704 close 890208 thanks Lots of things have changed and been fixed. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/

[DSE-Dev] Processed: closing all bugs before buster

Processing commands for cont...@bugs.debian.org: > close 878345 Bug #878345 [selinux-policy-default] avc denied read,open for NetworkManager Marked Bug as done > close 888967 Bug #888967 [selinux-policy-default] selinux-policy-default: Default policy breaks semanage tool Marked Bug as done >

[DSE-Dev] Processed: not a policy bug

Processing commands for cont...@bugs.debian.org: > close 962842 Bug #962842 [selinux-policy-default] selinux-policy-default: SElinux prevents apache2 access to the mysql (mariadb) socket Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 962842:

[DSE-Dev] Bug#962842: not a policy bug

close 962842 thanks Apache has always been allowed to connect to mysql, usually with a boolean controlling it. In this case MariaDB is mislabeled, run "ps axZ|grep maria" and you will see it's in the wrong context, run "ls -lZ /usr/sbin/mariadbd" and you will probably find it doesn't have the

[DSE-Dev] Processed: fixed

Processing commands for cont...@bugs.debian.org: > close 962238 Bug #962238 [selinux-policy-default] selinux-policy-default: selinux prevents automounting sshfs Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 962238:

[DSE-Dev] Bug#962238: fixed

close 962238 thanks Recent versions of the policy allow this, not sure when it was fixed. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ SELinux-devel mailing list