Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted refpolicy 2:2.20210203-5 (source) into unstable
Date: Fri, 09 Apr 2021 13:18:48 +0000
Signed by: Russell Coker <etbe@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 09 Apr 2021 23:02:14 +1000
Source: refpolicy
Architecture: source
Version: 2:2.20210203-5
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russell@coker.com.au>
Changes:
 refpolicy (2:2.20210203-5) unstable; urgency=medium
 .
   * Add policy for rasdaemon
   * Made mta_manage_mail_home_rw_content() include mail_home_rw_t:file watch
     access, needed by dovecot_t and probably others in future
   * Allow restorecond to watch selinux_config_t files.
   * Allow *_wm_t domains (for window manager processes) to watch xdg_config_t
     files and to execmod wm_tmpfs_t files (stops kwin_x11 SEGV)
   * Allow systemd_tmpfiles_t to relabel colord var lib files and dirs
   * Allow smbcontrol_t to map samba_runtime_t files and send unix datagrams
     to smbd processes
   * Allow systemd_user_runtime_dir_t to delete all user runtime sock files
     and manage pulseaudio_tmp_t dirs
   * Allow system_cronjob_t to manage var_lib dirs
   * Allow dovecot to create ~/mail directories.
   * Label /usr/share/mailman3-web/manage.py as mailman_queue_exec_t
     Allow mailman_queue_t to read usr files and to create it's own tmpfs files
     and allow it to map mailman_data_t files
   * Added systemd policy from upstream git as of 31st Mar to the upstream patch
   * Label /usr/bin/rspamd file not /usr/bin/rspamd symlink
     label /var/log/rspamd(/.*)? as spamd_log_t.  Allow spamd_t self execmem
     access when rspamd_spamd.  Label port 11333 as spamd_port_t for rspam.
   * Label /usr/lib/courier/imapd.* and /usr/lib/courier/pop3d.* as
     courier_pop_exec_t.  Allow courier_pop_t to read generic certs, manage
     courier_var_lib_t files, bind to POP ports, execute courier_exec_t and
     courier_tcpd_exec_t programs, and map courier config files.  Grant
     courier_pop_t the fowner and chown capabilities (for managing user mail)
     but dontaudit the fsetid capability.  Grant courier_pop_t the setrlimit
     process access so it can set it's own resource limits.  Allow
     courier_authdaemon_t to search SE Linux default contexts (needed by pam
     before using unix_chkpwd) and allow it to stat proc files.
   * Add sympa policy
   * Allow exim_t to read/write tmp files inherited from cron.  Allow exim_t
     the dac_read_search capability.
   * Allow apache to map user content files when httpd_read_user_content is set.
     Label /usr/lib/w3m/* as httpd_sys_script_exec_t
   * Dontaudit fsdaemon_t capability net_admin (probably setting buffer size)
Checksums-Sha1:
 f02b84bb5932de5c9f798a5cb1dc1843b10e5868 2445 refpolicy_2.20210203-5.dsc
 721cb8330f12527abe96e6a438f6e753c6f4603d 96452 refpolicy_2.20210203-5.debian.tar.xz
 51b5d8800ee7ed2f66693d5182917b079bce18ad 8554 refpolicy_2.20210203-5_amd64.buildinfo
Checksums-Sha256:
 4d471adc7c8f6a88e8d43250e754f623752f590dc891cef17b4b7dfbdb69e75e 2445 refpolicy_2.20210203-5.dsc
 1741184d918d7dbd9a34534b76148620bfd9df1c11922b0184649245c9c7d115 96452 refpolicy_2.20210203-5.debian.tar.xz
 118ee682902cb90d9b5a16ac774497d3913deed59a17daa4f7f89517fd7ca76d 8554 refpolicy_2.20210203-5_amd64.buildinfo
Files:
 8fdec7faaf818c83f8a314a32589ce80 2445 admin optional refpolicy_2.20210203-5.dsc
 b9b5c5f45cfc95706b443c17e0259e71 96452 admin optional refpolicy_2.20210203-5.debian.tar.xz
 ea063098bf9dd2bf49da6a55418d2f84 8554 admin optional refpolicy_2.20210203-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmBwUUcACgkQ0UHNMPxL
j3mcdQ/+P0g/uhtQlj/Oqdgn7HKSgrFJ3/AGeXlS4E6YOLbdL84Ob+L8U6z3imUQ
8CZt/UQNtXJ00hXMzB7WwmqTQYosyUUHGixwR5XBFkQDAJmzAoWVf75W1IQJmxSV
ygIvffJu0OjtMcJWFM9/2wWwXGaJ6SLMt4QFzgEB6Lgicw9ytojiIBGtvK36HfAB
T6A6QiSLQwZARGrPc1R7dAhUus8Ks/kVFB0/9oUIHPNFSZku1U65QYt2WHRieMT6
0n1+3rS+u6reQ42VtHB/375ztRT4UwpjwKouQFM3yyzFTQT94DRicq5gz5RGBiue
pMFT0YiQrS8dq5EiKvRhmpUeuo4WvglEmO9c11Avnhxbm/pkIRiOnHY59B80+CxT
WBOvCh4HztwnZ2i7exPmW1TqNSaoqwLTG0TIF4FlMzZ4e12UutupKS1MNUXqtK5C
ZE2ha2prWKJ7WYsRyMhXZxjtRq6j1Utvn+qOw8fMT7KlTVP8OdpryTGAVB9qkef6
Zkw+PpiSSewY+lVNgdzOrD3pmTyoB1QxLI4n9/nK6COVMW4We8OZDpocmNAgBGA/
nUmbgP5Yov36TfQw6To4pJm16ACp/7JihwGQO4hOHsjIef1zomtdujVMtV8k18UK
VVlTamnP4J+cVlg+2iovxS1NAOU3czKSg068YGK9gN1RX+XWnDw=
=H9Vq
-----END PGP SIGNATURE-----
News for package refpolicy
