refpolicy 2:2.20161023.1-7 source package in Ubuntu
Changelog
refpolicy (2:2.20161023.1-7) unstable; urgency=medium [ Laurent Bigonville and cgzones ] * Sort the files in the files in the selinux-policy-src.tar.gz tarball by name, this should fix the last issue for reproducible build * Add genfscon for cpu/online. Closes: #849637 [ Russell Coker ] * Make the boinc patch like the one upstream accepted and make it last in the list. * Label /etc/sddm/Xsession as xsession_exec_t * Label ~/.xsession-errors as xauth_home_t and use a type-trans rule for it * Allow devicekit_power_t to chat to xdm_t via dbus * Allow rtkit_daemon_t to stat the selinuxfs and seach default contexts * Allow loadkeys_t to read tmp files created by init scripts * Allow systemd_tmpfiles_t to delete usr_t files for a file copied to /tmp and to read dbus lib files for /var/lib/dbus * Allow systemd_logind_t to list tmpfs_t dirs, relabelto user runtime, relabel to/from user_tmpfs_t, and manage wireless_device_t * Allow xauth_t to inherit file handles from xdm_t, read an inherited fifo and read/write an inherited socket. * Allow xdm_t to send dbus messages to unconfined_t * Give crond_t sys_resource so it can set hard ulimit for jobs * Allow systemd_logind_t to setattr on the kvm device and user ttys, to manage user_tmp_t and user_tmpfs_t files, to read/write the dri device * Allow systemd_passwd_agent_t to stat the selinuxfs and search the contexts dir * Make systemd_read_machines() also allow listing directory * Make auth_login_pgm_domain() include userdom_read_user_tmpfs_files() * Allow setfiles_t to inherit apt_t file handles * Allow system_mail_t to use ptys from apt_t and unconfined_t * Label /run/agetty.reload as getty_var_run_t * Allow systemd_tmpfiles_t to relabel directories to etc_t * Made sysnet_create_config() include { relabelfrom relabelto manage_file_perms }, allow systemd_tmpfiles_t to create config, and set file contexts entries for /var/run/resolvconf. Makes policy work with resolvconf (but requires resolvconf changes) Closes: #740685 * Allow dpkg_script_t to restart init services * Allow shell_exec_t to be an entrypoint for unconfined_cronjob_t * Allow named to read network sysctls and usr files * Label /lib/systemd/systemd-timedated and /lib/systemd/systemd-timesyncd as ntpd_exec_t and allow ntpd_t to talk to dbus and talk to sysadm_t and unconfined_t over dbus. Allow ntpd_t capabilities fowner and setpcap when building with systemd support, also allow listing init pid dirs. Label /var/lib/systemd/clock as ntp_drift_t * Allow systemd_nspawn_t to read system state, search init pid dirs (for /run/systemd) and capability net_admin * Allow backup_t capabilities chown and fsetid to cp files and preserve ownership * Allow logrotate_t to talk to dbus and connect to init streams for systemctl, also allow setrlimit for systemctl * Allow mon_net_test_t to bind to generic UDP nodes. Allow mon_local_test_t to execute all applications (for ps to getattr mostly) * Label /var/lib/wordpress as httpd_var_lib_t * Label apachectl as httpd_exec_t so it correctly creates pid dirs etc and allow it to manage dirs of type httpd_lock_t [ Russell Coker Important ] * sddm is now working (gdm3 SEGVs, not a policy bug), closes: #781779 * Support usrmerge, lots of fc changes and subst_dist changes Closes: #850032 -- Russell Coker <email address hidden> Thu, 12 Jan 2017 18:01:40 +1100
Upload details
- Uploaded by:
- Debian SELinux maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian SELinux maintainers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
refpolicy_2.20161023.1-7.dsc | 2.4 KiB | 6602e628c2c60bdedc00fbf72f915b9146dd04f0e88d9084e21c01e36e7216a6 |
refpolicy_2.20161023.1.orig.tar.bz2 | 705.6 KiB | f056de551c17bbbd2775dfa63a94434538548c90ed1e0f0b6c2be6bf9b123e4f |
refpolicy_2.20161023.1-7.debian.tar.xz | 103.2 KiB | f12332afe827649bff3d4d9ade8c7665b1f4d24ae44d6c0f0eac5db9acb07894 |
Available diffs
No changes file available.
Binary packages built by this source
- selinux-policy-default: No summary available for selinux-policy-default in ubuntu zesty.
No description available for selinux-
policy- default in ubuntu zesty.
- selinux-policy-dev: No summary available for selinux-policy-dev in ubuntu zesty.
No description available for selinux-policy-dev in ubuntu zesty.
- selinux-policy-doc: No summary available for selinux-policy-doc in ubuntu zesty.
No description available for selinux-policy-doc in ubuntu zesty.
- selinux-policy-mls: No summary available for selinux-policy-mls in ubuntu zesty.
No description available for selinux-policy-mls in ubuntu zesty.
- selinux-policy-src: No summary available for selinux-policy-src in ubuntu zesty.
No description available for selinux-policy-src in ubuntu zesty.