Ubuntu
refpolicy package

refpolicy 2:2.20210203-8 source package in Ubuntu

Changelog

refpolicy (2:2.20210203-8) unstable; urgency=medium

  * Label /etc/ppp/ip-pre-up as pppd_initrc_exec_t
  * Allow wireshark to rw DRI devices, read crypto sysctls, rw the xserver
    mesa shader cache, read the kernel network state, have execmem access
    (probably needed for one of the many shared objects it uses), have setsched
    access, execute lib files (for it's helper programs), manage xdg config
    files (gives warning if it can't do this), manage xdg cache, and read xdg
    data files.
  * Allow acngtool_t the dac_override capability for managing log files
  * Allow pppd to connect create and ioctl pppox_socket and allow it to map
    pppd_runtime_t files.
  * Allow kmod_t, ifconfig_t, and ping_t to use unallocated ttys (for sysadmin
    login on boot failure)
  * Allow ntpd_t to start and stop generic units when systemd is used, for
    systemd-timesyncd.

 -- Russell Coker <email address hidden>  Mon, 04 Oct 2021 15:06:54 +1100

Upload details

Uploaded by:
Debian SELinux maintainers
Uploaded to:
Sid
Original maintainer:
Debian SELinux maintainers
Architectures:
all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
refpolicy_2.20210203-8.dsc 2.4 KiB 95b6b1721ab1d924b8748f5c756a95283a8461c38133b0e862288b9cf9ce9401
refpolicy_2.20210203.orig.tar.bz2 550.9 KiB 48cbf2c63ff9003bef05e03c8d3cdddb4e8f63fef2a072ae51c987301f0b874d
refpolicy_2.20210203-8.debian.tar.xz 98.8 KiB c4984bcfec22d050917d793029c04cb877d0ce358b47cdb2d2814bb0706c1541

No changes file available.

Binary packages built by this source

selinux-policy-default: Strict and Targeted variants of the SELinux policy

 This is the reference policy for SE Linux. In the default configuration it
 will provide the functionality previously known as the "targeted" policy. If
 the module "unconfined" is removed then it provides the functionality
 previously known as the "strict" policy.
 .
 This uses the MMCS system of categories.

selinux-policy-dev: Headers from the SELinux reference policy for building modules

 The SELinux Reference Policy (refpolicy) is a complete SELinux
 policy, as an alternative to the existing strict and targeted
 policies available from http://selinux.sf.net. The goal is to have
 this policy as the system policy, be and used as the basis for
 creating other policies. Refpolicy is based on the current strict and
 targeted policies, but aims to accomplish many additional
 goals:
  + Strong Modularity
  + Clearly stated security Goals
  + Documentation
  + Development Tool Support
  + Forward Looking
  + Configurability
  + Flexible Base Policy
  + Application Policy Variations
  + Multi-Level Security
 .
 This package provides header files for building your own SELinux
 policy packages compatible with official policy packages.

selinux-policy-doc: Documentation for the SELinux reference policy

 The SELinux Reference Policy (refpolicy) is a complete SELinux
 policy, as an alternative to the existing strict and targeted
 policies available from http://selinux.sf.net. The goal is to have
 this policy as the system policy, be and used as the basis for
 creating other policies. Refpolicy is based on the current strict and
 targeted policies, but aims to accomplish many additional
 goals:
  + Strong Modularity
  + Clearly stated security Goals
  + Documentation
  + Development Tool Support
  + Forward Looking
  + Configurability
  + Flexible Base Policy
  + Application Policy Variations
  + Multi-Level Security
 .
 This package contains the documentation for the reference policy.

selinux-policy-mls: MLS (Multi Level Security) variant of the SELinux policy

 This is the reference policy for SE Linux built with MLS support. It allows
 giving data labels such as "Top Secret" and preventing such data from leaking
 to processes or files with lower classification.
 .
 It was developed for Common Criteria LSPP certification for RHEL. It will
 probably never be well supported in Debian and is only recommended for
 students who want to learn about the security features used by the military.

selinux-policy-src: Source of the SELinux reference policy for customization

 The SELinux Reference Policy (refpolicy) is a complete SELinux
 policy, as an alternative to the existing strict and targeted
 policies available from http://selinux.sf.net. The goal is to have
 this policy as the system policy, be and used as the basis for
 creating other policies. Refpolicy is based on the current strict and
 targeted policies, but aims to accomplish many additional
 goals:
  + Strong Modularity
  + Clearly stated security Goals
  + Documentation
  + Development Tool Support
  + Forward Looking
  + Configurability
  + Flexible Base Policy
  + Application Policy Variations
  + Multi-Level Security
 .
 This is the source of the policy, provided so that local variations of
 SELinux policy may be created.