Debian Package Tracker

From: Russell Coker <russell@coker.com.au>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted refpolicy 2:2.20140421-2 (source all)
Date: Wed, 25 Jun 2014 06:33:56 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 25 Jun 2014 15:38:58 +1000
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140421-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russell@coker.com.au>
Description:
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Changes:
 refpolicy (2:2.20140421-2) unstable; urgency=medium
 .
   * Fix systemd support
   * Made init, logging, authlogin, application, userdomain, systemd, dmesg,
     dpkg, usermanage, libraries, fstools, miscfiles, mount, selinuxutil,
     storage and sysnetwork be base modules - some of this is needed for
     systemd, some just makes sense.
   * Disabled modules anaconda, authbind, kudzu, portage, rhgb, speedtouch
   * Allow syslogd_t to read /dev/urandom (for systemd)
   * Change unit files to use .*\.service
   * Default trans syslogd_tmp_t for name /run/log (for systemd)
   * Make /var/auth a mountpoint
   * Allow systemd_tmpfiles_t to relabelto xconsole_device_t
   * Allow init_t to start and stop service systemd_unit_file_t
   * Allow udev_t to write to init_t stream sockets for systemctl
   * Allow syslogd_t to read udev_var_run_t so systemd_journal can get seat data
   * Allow systemd_logind_t to read udev_var_run_t for seat data
   * Allow syslogd_t setgid and setgid for systemd_journal
   * Allow udev_t to read cgroup files for systemd-udevd to read it's own cgroup
   * Give logrotate_t the systemd_systemctl_domain access to restart daemons
   * Make transition from unconfined_t to insmod_t for running modutils and
     remove all unused modutils domains. Make unconfined_t transition to
     insmod_t, this makes depmod run as insmod_t. Make insmod_t write modules
     dep files with the correct context.
   * Allow udev_t to load kernel modules for systemd-udevd
   * Allow initrc_t to systemd_config_all_services
   * Allow lvm_t to talk to init_t via unix socket for systemd
   * Allow allow lvm_t to read sysctl_crypto_t
   * Allow udev_t to read modules_object_t for systemd-udevd
   * Allow udev_t to search /run/systemd for systemd-udevd
   * Allow systemd_tmpfiles_t to relabel man_cache_t
   * Allow initrc_t to get status of init_t for systemd
   * Allow udev_t to get initrc_exec_t service status for when udev runs hdparm
     script
 .
   * Allow ifconfig_t to load kernel modules
   * Allow named_t to read vm sysctls
   * Allow tor_t capabilities chown dac_read_search dac_override fowner
   * Allow fetchmail_t to manage dirs of type fetchmail_uidl_cache_t
   * Allow mysqld_t to connect to itself on unix_stream_socket
   * Allow mysqld_t kernel_read_vm_sysctls for overcommit_memory
   * Allow sysstat_t read and write access to crond_tmp_t (for cron to capture
     stdout/stderr).
   * Allow sysstat_t to read it's own log files and read shell_exec_t
   * Included file context for /run/kdm.pid
   * Allow kerneloops_t to read /proc/filesystems
   * Label /var/cache/dirmngr as dirmngr_var_lib_t
   * systemd_login_list_pid_dirs(system_dbusd_t)
Checksums-Sha1:
 605f00c3db9af4fb13fff7d1292d60c1fdbf7d8b 1758 refpolicy_2.20140421-2.dsc
 f4812456246aee744b806cf82ea52999359b68c3 67824 refpolicy_2.20140421-2.debian.tar.xz
 66bb4329c6e2e89e22789202f2af911fa24771ee 2805706 selinux-policy-default_2.20140421-2_all.deb
 388dffa8914472528aebe06682941befc1afa94c 2845368 selinux-policy-mls_2.20140421-2_all.deb
 4ee9d154bba94dd6f026f96c20c42543939b06bd 1201664 selinux-policy-src_2.20140421-2_all.deb
 5446a7d7a65d20eb2b4d528867e9700d81e952b0 435268 selinux-policy-dev_2.20140421-2_all.deb
 47332be59a4889a04a1f3b4b42d856b437876292 412362 selinux-policy-doc_2.20140421-2_all.deb
Checksums-Sha256:
 bbf6275973b688a8e6f0dc9fdad39629b4ea32fb98b0b6fd2116c366e15d4aaf 1758 refpolicy_2.20140421-2.dsc
 232bc394236b20c04825985e71ed54b65ab65293abf9de477642e5e3337a5a6d 67824 refpolicy_2.20140421-2.debian.tar.xz
 36a3f97eaee638f7146115faa0cbd4ec5778fe22f96b8d4ad28f61e608cdc075 2805706 selinux-policy-default_2.20140421-2_all.deb
 c91721adbe094d7f7c1a2e12e0ffd0f4dc29c7211bc5fb0ef277a00bc53cb1c7 2845368 selinux-policy-mls_2.20140421-2_all.deb
 73573d1f76c034b8aa6ccd41ed06781d9010c96841b3b35a1e96ff65e93bdb61 1201664 selinux-policy-src_2.20140421-2_all.deb
 2903318fb6b06beee1dc99a735c7e5c9161391e3d83188d9966832b6ef36100a 435268 selinux-policy-dev_2.20140421-2_all.deb
 37377f34e63b4ac70b79871db945347818e3597d3f3ed300033e9684f70c061a 412362 selinux-policy-doc_2.20140421-2_all.deb
Files:
 e82af0c4e99bc6eca087e1a23af0cfa3 2805706 admin optional selinux-policy-default_2.20140421-2_all.deb
 dfc6ed27ed5ddeec866986ca4e2279e9 2845368 admin extra selinux-policy-mls_2.20140421-2_all.deb
 d7a2c1222b123869f78bbc2391d5a3cd 1201664 admin optional selinux-policy-src_2.20140421-2_all.deb
 eae7aeeff1106e0cd02e87bce0f7f32f 435268 admin optional selinux-policy-dev_2.20140421-2_all.deb
 2cd0e7a8305dbe82995fa703d6e7cecf 412362 doc optional selinux-policy-doc_2.20140421-2_all.deb
 71e02aca23afd2d3059086c6c3d3374a 1758 admin optional refpolicy_2.20140421-2.dsc
 b23ab4de661b56ae1b2583171a5cd5ca 67824 admin optional refpolicy_2.20140421-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlOqYkAACgkQwrB5/PXHUlbvjwCfR4bXz8IwDcL5Z3LJweTu1NIi
QBoAn0IVjMFBESHl62hfZ6yco/hKuBgd
=l93F
-----END PGP SIGNATURE-----
News for package refpolicy
