refpolicy 2:2.20161023.1-8 source package in Ubuntu
Changelog
refpolicy (2:2.20161023.1-8) unstable; urgency=medium * Fixed mistake in previous changelog (attributed a -7 change to -6) * Label /usr/sbin/apache2ctl as well. Allow apache to read overcommit sysctl * Allow clamd_t to read the overcommit sysctl * Allow postfix_postdrop_t to write to postfix_public_t socket, allow postfix_master_t to bind to udp generic nodes * Allow dovecot_auth_t to write to dovecot_var_run_t fifos and read selinux config (needed for pop/imap login) * Allow mon local tests to search /var/spool/postfix and autofs mountpoints, and to read nfs content. Allow mon net tests to read certs. dontaudit when mon local tests try to stat tmpfs files. Allow mon local tests to access /dev/xconsole and search mnt_t and boot_t * Allow mount_t to getattr nfs filesystems and manage mount_var_run_t dirs and files * Allow setfiles_t to getattr nfs filesystems. * Allow postgrey_t to exec bin_t files, to read netlink_route_sockets, and to access udp sockets * Allow login programs to share fds with systemd_passwd_agent_t * Allow postfix_master_t to stat the spamass_milter_data_t dir * Allow dpkg_script_t to tell init_t to stop services * Allow initrc_t to tell init_t to halt and get system status - allows poweroff!!! * Make port 8953 be rndc type for unbound. * Lots of policy for systemd_nspawn_t * More policy for systemd_coredump_t to do what it wants * Allow dkim_milter_t to read vm overcommit sysctl * Allow mandb_t to search init pid dirs for systemd * Allow initrc_t to reload systemdunit types * Make init_manage_all_units() include file:getattr access * Allow logrotate to init_manage_all_units for restarting daemons, to stat tmpfs filesystems, to get init system status, and capability net_admin that systemctl wants * Allow network manager to inherit logind pids * Allow devicekit_power_t to search init pid dirs * Allow named to read vm sysctls * Allow mysqld_safe_t to read dpkg db, it inherits cwd from dpkg_script_t alow is to read sysfs and kill mysqld_t Make mysql_signal interface include signull permission and grant that to logrotate * Allow rpcd_t to write /proc/fs/lockd/nlm_end_grace * Make apache use the new interfaces for nfs access and to read httpd_var_lib_t symlinks. Allow httpd_sys_script_t to search init pid dirs * Allow auth to send sigchild to xdm * Allow chkpwd_t to getattr the selinuxfs * Allow system_cronjob_t net_admin capability, manage acct data, and manage initrc services * Allow crontab domains fsetid capability. Use a separate $2_crontab_t domain for each role's crontab program. Give ntp_admin access to system_cronjob_t and allow it to manage var_log_t and cron log files * Label /var/lib/sddm as xdm_var_lib_t * Don't label acct cron job scripts as acct_exec_t * Allow systemd-tmpfiles to create /dev/xconsole * Create new type for /var/run/iodine * Allow logrotate to restart services * Made init_script_service_restart() include reload access * Dontaudit systemd_logind_t statting files under /dev/shm Allow it to setattr unallocated terminals and unlink user_runtime_t files * Added boolean allow_smbd_read_shadow for the obvious purpose Allow smbd_t to read cupsd_var_run_t socket as well as write to it * Allow NetworkManager_t to send dbus messages to unconfined_t * Grant access to dri and input_dev devices to system_dbusd_t, gdm3 makes it want this -- Russell Coker <email address hidden> Mon, 23 Jan 2017 01:55:57 +1100
Upload details
- Uploaded by:
- Debian SELinux maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian SELinux maintainers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
refpolicy_2.20161023.1-8.dsc | 2.4 KiB | c089423e9dc9df35793a3885f42d3ca684e3d02f5c814e583b6a2b9ee044973f |
refpolicy_2.20161023.1.orig.tar.bz2 | 705.6 KiB | f056de551c17bbbd2775dfa63a94434538548c90ed1e0f0b6c2be6bf9b123e4f |
refpolicy_2.20161023.1-8.debian.tar.xz | 109.6 KiB | 6b83df0b73b6e0593dafdde111060ac1f54e93df8a3348f13e38feb452d2086a |
Available diffs
No changes file available.
Binary packages built by this source
- selinux-policy-default: No summary available for selinux-policy-default in ubuntu zesty.
No description available for selinux-
policy- default in ubuntu zesty.
- selinux-policy-dev: No summary available for selinux-policy-dev in ubuntu zesty.
No description available for selinux-policy-dev in ubuntu zesty.
- selinux-policy-doc: No summary available for selinux-policy-doc in ubuntu zesty.
No description available for selinux-policy-doc in ubuntu zesty.
- selinux-policy-mls: No summary available for selinux-policy-mls in ubuntu zesty.
No description available for selinux-policy-mls in ubuntu zesty.
- selinux-policy-src: No summary available for selinux-policy-src in ubuntu zesty.
No description available for selinux-policy-src in ubuntu zesty.