-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 08 Jan 2011 14:13:43 +1100 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:0.2.20100524-5 Distribution: unstable Urgency: low Maintainer: Russell Coker <russell@coker.com.au> Changed-By: Russell Coker <russell@coker.com.au> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 540143 559860 587596 592038 601686 608291 Changes: refpolicy (2:0.2.20100524-5) unstable; urgency=low . * Label /usr/bin/tcsh as shell_exec_t * Domain trans from unconfined_t to depmod_t * Don't include /usr/lib/dovecot/deliver in dovecot.fc/te as it's in lda.pp * Don't include /usr/sbin/spamass-milter and /var/spool/postfix/spamass in spamassassin.fc as they are in milter.fc * Label /var/run/spamass as spamass_milter_data_t * Allow lvm_t rw access to unconfined_t semaphores. * Added in_unconfined_r() interface and made postfix user domains use it so they can be in the role unconfined_r. Ugly but no better solution at this time Closes: #592038 #599053 * Include Chromium policy in mozilla.pp * Allow sshd getcap and setcap access * Correctly label ~/.xsession-errors * Allow spamc_t to be in system_r and allow it access to netlink_route_socket * Allow lda_t to talk to the Courier Authdaemon - for courier maildrop * Allow fetchmail_t to read usr_t for certificates and to create /tmp files * Allow cron jobs to write to crond_tmp_t * Label courier socket files as courier_var_run_t * Run /usr/sbin/authdaemond as courier_authdaemon_t * Allow dkim_milter_t to read proc_t files and create /tmp files * Allow dovecot domains to search dovecot_etc_t dirs * Allow dovecot_auth_t to talk to mysqld via TCP and read /etc/mysql/my.cnf * Label /etc/network/run as etc_t * Label X as spamass_milter_var_run_t * Remove unconfined_exec_t label from /usr/bin/qemu Closes: #601686 * Label /usr/lib/apache2/mpm-*/apache2 as httpd_exec_t Closes: #608291 * Allow nagios.pp to be installed without apache.pp Closes: #587596 * Removed amavis.pp because it doesn't work and it's functionality is covered by clamav.pp Closes: #559860 * Allow mono_t to be in role unconfined_r Closes: #540143 Checksums-Sha1: 14079cd9b96387f4ba2cb7c8f51dee133ce36dbf 1514 refpolicy_0.2.20100524-5.dsc 4615f8487fa548165d59a2400389ebf06d9573cb 109910 refpolicy_0.2.20100524-5.diff.gz a3feb2555bfd66bd971bb410e042afb2d51c2819 4159556 selinux-policy-default_0.2.20100524-5_all.deb eb8d7ef1aba61b4d2d078e2ec763e1d34e945ad5 4195170 selinux-policy-mls_0.2.20100524-5_all.deb fe7b0ca2c4d8e7361f72afe2920db71673f42f71 991898 selinux-policy-src_0.2.20100524-5_all.deb c52c70e7e6ba13c369a703c3f5eb745feec3755b 819560 selinux-policy-dev_0.2.20100524-5_all.deb 6dda96f6b043a34eed813fd015e77a9b50589924 574852 selinux-policy-doc_0.2.20100524-5_all.deb Checksums-Sha256: 77f7ff03e4c47e4114f5218cdf0bdd741abefdfd0a467cd04a68bd0293165aa1 1514 refpolicy_0.2.20100524-5.dsc 74d42e59683992ae82ae3f8a8f8c6b087e94c21c0860a71dc4f2a236cc7b4e86 109910 refpolicy_0.2.20100524-5.diff.gz 8fbc6c0b1ff96c720d1043a622edacbfe16dbe77fed974c2ae317cb6b73b3111 4159556 selinux-policy-default_0.2.20100524-5_all.deb d61e1327d8df05094220f280d263c4e8e230e791bc05b779d8f3d2dc92ae5cfe 4195170 selinux-policy-mls_0.2.20100524-5_all.deb ddb76dc3b730ec4ea72eaff7f2df4bba6f0c15fad9dc34e9695922385dbfce61 991898 selinux-policy-src_0.2.20100524-5_all.deb 906436438aba394da1bd58f9af11ef09b22d382ca98f52885a9d366bf2a121b9 819560 selinux-policy-dev_0.2.20100524-5_all.deb e0600bc1f0f244aec529d9bd22befad080b2abb6e88d39a9539fb2004293cac2 574852 selinux-policy-doc_0.2.20100524-5_all.deb Files: 7ae1d854b4235cd3dcd3c50494a230f2 1514 admin optional refpolicy_0.2.20100524-5.dsc 3bde8c2206db03cf843a4e4998e4d302 109910 admin optional refpolicy_0.2.20100524-5.diff.gz 4e927d53f6f30059e74b77173c4f0e9d 4159556 admin optional selinux-policy-default_0.2.20100524-5_all.deb dc0e97eacdb75462f99090ff75760d3d 4195170 admin extra selinux-policy-mls_0.2.20100524-5_all.deb b46803f30f2f7e8ee42b754f389c7a1a 991898 admin optional selinux-policy-src_0.2.20100524-5_all.deb c300f0ca0bba44bec4ec0c10caa680c8 819560 admin optional selinux-policy-dev_0.2.20100524-5_all.deb 7a6c2b0cc67ec449314c28993781f9d5 574852 doc optional selinux-policy-doc_0.2.20100524-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0n15IACgkQwrB5/PXHUlbjAACgq/6uRWcUAKiBeGneHxGjg/RB V/sAn14fIo44yAFx2B7c6/1oUaeVkQm1 =xa7I -----END PGP SIGNATURE----- Accepted: refpolicy_0.2.20100524-5.diff.gz to main/r/refpolicy/refpolicy_0.2.20100524-5.diff.gz refpolicy_0.2.20100524-5.dsc to main/r/refpolicy/refpolicy_0.2.20100524-5.dsc selinux-policy-default_0.2.20100524-5_all.deb to main/r/refpolicy/selinux-policy-default_0.2.20100524-5_all.deb selinux-policy-dev_0.2.20100524-5_all.deb to main/r/refpolicy/selinux-policy-dev_0.2.20100524-5_all.deb selinux-policy-doc_0.2.20100524-5_all.deb to main/r/refpolicy/selinux-policy-doc_0.2.20100524-5_all.deb selinux-policy-mls_0.2.20100524-5_all.deb to main/r/refpolicy/selinux-policy-mls_0.2.20100524-5_all.deb selinux-policy-src_0.2.20100524-5_all.deb to main/r/refpolicy/selinux-policy-src_0.2.20100524-5_all.deb
