-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Mar 2021 21:11:58 +1100 Source: refpolicy Architecture: source Version: 2:2.20210203-4 Distribution: unstable Urgency: medium Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org> Changed-By: Russell Coker <russell@coker.com.au> Changes: refpolicy (2:2.20210203-4) unstable; urgency=medium . * Allow ntpd_t to get the status of generic systemd units * Allow kernel_t self:perf_event cpu. * Allow chromium to watch network manager runtime dirs (for resolv.conf) Allow chromium to run naclhelper with nnp_transition Allow chromium to watch root dirs Allow chromium to read/write unix sockets from the calling domain * Make Postgresql use postgresql_tmpfs_t for tmpfs files and make mon_local_test_t and systemd_logind_t not have getattr access to tmpfs files audited. * Allow systemd_user_runtime_dir_t to unlink device nodes of type user_tmp_t, they probably should not exist, so it's in the hacks patch. * Allow the acngtool to read random and urandom devices and search fs sysctls * Add wm_write_xdg_data tunable to allow user_wm_t etc to write xdg data. * Allow chromium to watch gnome_xdg_config_t dirs * Label pinentry programs as gpg_agent_exec_t and allow gpg_agent_t to exec them * Create new admin_mail_t domain so that newaliases can work with Postfix * Added a transition rule so that vipw/vigr gives the right context for /etc/passwd and /etc/group * Allow acngtool_t to read /proc/sys/kernel/random/uuid * Allow unconfined domains lockdown confidentiality and integrity access * Allow netutils_t netlink_generic_socket access for tcpdump * Allow smbcontrol to create a sock_file in a samba run dir * Allow mailman_queue_t to bind to all unreserved TCP ports * Allow systemd_coredump_t to mmap all executables and to have cap_userns sys_ptrace access. dontaudit systemd_coredump_t capability net_admin * Allow mailman_queue_t to connect to port 443 Checksums-Sha1: a3b1f358c3f0e9cc1c92523f6498b743ba9cb447 2445 refpolicy_2.20210203-4.dsc afcaafe55efed07f0f49874ad820a97ad67b3704 90224 refpolicy_2.20210203-4.debian.tar.xz e7cbe7ae65a3986ee8088786da0278a28c70bb00 8564 refpolicy_2.20210203-4_amd64.buildinfo Checksums-Sha256: d3a99601f457cb04d2b318c807f98b01709e34fa06bcb5b3b8cbb786e32172ee 2445 refpolicy_2.20210203-4.dsc a7bf29d24541be8bbdc96ec596f98951f4fa4caaa5218db3a23e3738b65b28dc 90224 refpolicy_2.20210203-4.debian.tar.xz d845af5e609eee79731f23b99f0e1e661862ef6adfc38000a125ec86b66d284d 8564 refpolicy_2.20210203-4_amd64.buildinfo Files: 8c29650019da77ef6bc7bdb6b172d2f0 2445 admin optional refpolicy_2.20210203-4.dsc 0d493e1f5fec4c9f05e16c03ce938244 90224 admin optional refpolicy_2.20210203-4.debian.tar.xz 48e0c39f4e474af6e373b6a67793aa13 8564 admin optional refpolicy_2.20210203-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmBCBbMACgkQ0UHNMPxL j3nEFw//Sz/ncrF1C6Wb+s3UUt6XErxiRp8tsNeIXdcw+QARhmaNrTX5oMAsyT38 dHFdndsYOjkw4bZ5ILVIylnRgzkLiZMtnON/74O8kWx17vn8TX57EN44SLqCrU+S baBtvHmlJOQnkAaSe21HlIQ8JXzZC0DvAw7MGFdd28NJZXX3hnbJ8jkZrjiDrTjr JYnpqSlCKatTD2YAXs2Se4JeUzfYfWfQH3mq14vN8C2wAjiOHHkdwXf2HDD9b6f/ aFEfbhPFsSf+QiUHzKpNJQydx8sR+I+GmWtOKOol7KkbtV0rawbM39lB6cf2Yieh 7QfF5pd0I/NiMcgAEKucC1QYuDjvgmRfF2gxr+MfolBc+c72sMiFmLK5jkIktfca zYx4/4QXSdaOddGWUDTswSMgAYF4/Hy7+sx4t72SjyVEPgGF1pdpIW4aVNCWqoPc vSXj3xEOXUHGRHy4ttndt6sOg/aw48Lwu1l7H8ek+w4FtuFUEwfFkExuhEJznw++ VBSN4S7daCxwfH9UXgb4yHfE1Sjhv8d5KKexD+oP1gByoUAh9YIq/VyZ/NLvPYDT 3k18A9qPCMaKZpxoCHWdjB1E2qjTEkWHT114JFsa5b+UVPdAZKy5jbCaxBt16T5P F6ButcsRUDv08STMhKJF12zHvvKswa4NjGJ/krbI0do9+50P66E= =XKJv -----END PGP SIGNATURE-----