[DSE-Dev] refpolicy_2.20161023.1-8_amd64.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sun Jan 22 15:27:47 UTC 2017 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Jan 2017 01:55:57 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20161023.1-8
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel at lists.alioth.debian.org>
Changed-By: Russell Coker <russell at coker.com.au>
Description:
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Changes:
 refpolicy (2:2.20161023.1-8) unstable; urgency=medium
 .
   * Fixed mistake in previous changelog (attributed a -7 change to -6)
   * Label /usr/sbin/apache2ctl as well. Allow apache to read overcommit sysctl
   * Allow clamd_t to read the overcommit sysctl
   * Allow postfix_postdrop_t to write to postfix_public_t socket, allow
     postfix_master_t to bind to udp generic nodes
   * Allow dovecot_auth_t to write to dovecot_var_run_t fifos and read selinux
     config (needed for pop/imap login)
   * Allow mon local tests to search /var/spool/postfix and autofs mountpoints,
     and to read nfs content. Allow mon net tests to read certs. dontaudit when
     mon local tests try to stat tmpfs files. Allow mon local tests to access
     /dev/xconsole and search mnt_t and boot_t
   * Allow mount_t to getattr nfs filesystems and manage mount_var_run_t dirs
     and files
   * Allow setfiles_t to getattr nfs filesystems.
   * Allow postgrey_t to exec bin_t files, to read netlink_route_sockets,
     and to access udp sockets
   * Allow login programs to share fds with systemd_passwd_agent_t
   * Allow postfix_master_t to stat the spamass_milter_data_t dir
   * Allow dpkg_script_t to tell init_t to stop services
   * Allow initrc_t to tell init_t to halt and get system status - allows
     poweroff!!!
   * Make port 8953 be rndc type for unbound.
   * Lots of policy for systemd_nspawn_t
   * More policy for systemd_coredump_t to do what it wants
   * Allow dkim_milter_t to read vm overcommit sysctl
   * Allow mandb_t to search init pid dirs for systemd
   * Allow initrc_t to reload systemdunit types
   * Make init_manage_all_units() include file:getattr access
   * Allow logrotate to init_manage_all_units for restarting daemons, to stat
     tmpfs filesystems, to get init system status, and capability net_admin
     that systemctl wants
   * Allow network manager to inherit logind pids
   * Allow devicekit_power_t to search init pid dirs
   * Allow named to read vm sysctls
   * Allow mysqld_safe_t to read dpkg db, it inherits cwd from dpkg_script_t
     alow is to read sysfs and kill mysqld_t
     Make mysql_signal interface include signull permission and grant that to
     logrotate
   * Allow rpcd_t to write /proc/fs/lockd/nlm_end_grace
   * Make apache use the new interfaces for nfs access and to read
     httpd_var_lib_t symlinks. Allow httpd_sys_script_t to search init pid
     dirs
   * Allow auth to send sigchild to xdm
   * Allow chkpwd_t to getattr the selinuxfs
   * Allow system_cronjob_t net_admin capability, manage acct data, and manage
     initrc services
   * Allow crontab domains fsetid capability. Use a separate $2_crontab_t domain
     for each role's crontab program. Give ntp_admin access to system_cronjob_t
     and allow it to manage var_log_t and cron log files
   * Label /var/lib/sddm as xdm_var_lib_t
   * Don't label acct cron job scripts as acct_exec_t
   * Allow systemd-tmpfiles to create /dev/xconsole
   * Create new type for /var/run/iodine
   * Allow logrotate to restart services
   * Made init_script_service_restart() include reload access
   * Dontaudit systemd_logind_t statting files under /dev/shm
     Allow it to setattr unallocated terminals and unlink user_runtime_t files
   * Added boolean allow_smbd_read_shadow for the obvious purpose
     Allow smbd_t to read cupsd_var_run_t socket as well as write to it
   * Allow NetworkManager_t to send dbus messages to unconfined_t
   * Grant access to dri and input_dev devices to system_dbusd_t, gdm3 makes it
     want this
Checksums-Sha1:
 b90a71098a277bbe86f0fc0827d0c5161b2a9bc9 2477 refpolicy_2.20161023.1-8.dsc
 9b11ccbf91f088e703a129d0ab93643c8fb609df 112188 refpolicy_2.20161023.1-8.debian.tar.xz
 15cf87c10df5c553b985c9cc275ce0062cc89856 6805 refpolicy_2.20161023.1-8_amd64.buildinfo
 49ba5884cab935fd65bb3fdd28f710875d24908a 3024310 selinux-policy-default_2.20161023.1-8_all.deb
 125e567f4a81b61b54f447168bfa71f54a1e45fe 468450 selinux-policy-dev_2.20161023.1-8_all.deb
 a3dd49edaf11bc77158fb6a935988d8a78aaf4cc 449466 selinux-policy-doc_2.20161023.1-8_all.deb
 03ec6efd675054b8a1aed709f0c3826fb4d29fac 3066526 selinux-policy-mls_2.20161023.1-8_all.deb
 a4cb548500f256cce0cf1f0d640e4d976ea981a8 1253254 selinux-policy-src_2.20161023.1-8_all.deb
Checksums-Sha256:
 c089423e9dc9df35793a3885f42d3ca684e3d02f5c814e583b6a2b9ee044973f 2477 refpolicy_2.20161023.1-8.dsc
 6b83df0b73b6e0593dafdde111060ac1f54e93df8a3348f13e38feb452d2086a 112188 refpolicy_2.20161023.1-8.debian.tar.xz
 cc4ca97b7cbe11eece781f37799d7711c25254a3862cf582e169b11b1e7b523c 6805 refpolicy_2.20161023.1-8_amd64.buildinfo
 59097319fef19d53788cc869cf975674af44e5c22b887848a578e5146600f527 3024310 selinux-policy-default_2.20161023.1-8_all.deb
 972dbf46411fddc72db7184796c6a0e1d41b49b541f929e8b98ac4d53d4d2f7a 468450 selinux-policy-dev_2.20161023.1-8_all.deb
 fd0f2c07d1b25439e790315762db7f828a9ad1568d14c888200385fc79ab36c9 449466 selinux-policy-doc_2.20161023.1-8_all.deb
 aec438fa1b4f6b0d2d13eeafa0d3eb6a098f4d2c27e86003df85d75ffffa1416 3066526 selinux-policy-mls_2.20161023.1-8_all.deb
 b16451cd4b7ae5ca809656042f28d7228a9851ca113460a818ed4aa4be8f6041 1253254 selinux-policy-src_2.20161023.1-8_all.deb
Files:
 aebd670c95c4acbe81f1197d8c8e3a10 2477 admin optional refpolicy_2.20161023.1-8.dsc
 f8f72c1077a7ad0570600356e6c565f9 112188 admin optional refpolicy_2.20161023.1-8.debian.tar.xz
 1e7926a01c619b41175eb9c537586760 6805 admin optional refpolicy_2.20161023.1-8_amd64.buildinfo
 185d376d5bd9a1b3748226cd443f2a4c 3024310 admin optional selinux-policy-default_2.20161023.1-8_all.deb
 47a0f812c51522c0ae78e173a0091c3e 468450 admin optional selinux-policy-dev_2.20161023.1-8_all.deb
 46e082cdd9f24120f6c686031758b108 449466 doc optional selinux-policy-doc_2.20161023.1-8_all.deb
 94fabfed2b33ecc0561c47aa650252ed 3066526 admin extra selinux-policy-mls_2.20161023.1-8_all.deb
 578929c3a2b4e02fb26afe7843150a06 1253254 admin optional selinux-policy-src_2.20161023.1-8_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAliEyL0ACgkQ0UHNMPxL
j3k4ehAAp+NLV8JTavPSI8pGs0aQP0B2W6mouBEvuV/TW+W4YXar10B0MPBguujF
5ALUKs4hF2f7YJI23fBRXD8WP2tXYHK9qju+Yxs1RQWPTFKGEUHPCDMujtqxG1dP
32gnD0zDgA5Eb0uTSzMbKq0yQQqqLvcWgoLr1iEQD8lRZdMH2xm/QRzJ4S3rseGA
VNoJDnhd5k2CaDEdM1Qf9dn4e0rBmDqpCIU1lGmOv+g2X8ZjDZL+RHy7/h89si82
Yk8cnf/YtnNYcYfKfOVmA0SWi3gx/TggkHcoaNgoDQieViV2qzZrGnZ+5sGYBNpA
1FbJiBOxFWwpr7CxvADWYfLTJOb8fH2Tu1YoC0DksYOgeHEm/kjQJ57fsxW2CRpV
AxstEB1BocI1AsN8NCZD6trQlj3KzmU/FG8Yz53P67Z+pjfJM7r+p17kY19eHGes
QtDppFCDKH5/mMJEyJURtZ8Eax/6iUxBc/JVjynKMY5HVsR12YhxPkAwvpj4+DTR
5EBHiL9x/t1Yw5xcZeuHtD+JxVtCsiYxhbzlibU/oQWkuZrh1OXhmVCWUInlihoZ
Fn4ZbalEbfx/lUJ+zeAx31NvXWiLxV2KG+WI3o6cqCZ7nrNckwNMAo+3EohBDnva
SLQrVE/NvjinP4Zkm9O54toyUkTzR3+EulbsfMeDDX0Go4eAHWQ=
=VRGU
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the SELinux-devel mailing list