refpolicy 2:2.20221101-4 source package in Ubuntu
Changelog
refpolicy (2:2.20221101-4) unstable; urgency=medium
* Allow sshd_t to read var_lib_t files for motd generation
* Allow systemd_binfmt_t to statfs binfmt filesystems
* Allow systemd_nspawn_t all_unix_dgram_socket_perms to itself
* Allow groupdadd_t to read sysctl_kernel_t files
* Allow local_login_t to read pam motd files
* Allow nfsd_t to read directories of RPC file system pipes
* Allow mysqld_t (Mariadb) to create map read write anon_inode objects it creates
* Allow kmod_t to read modules_conf_t symlinks, for DKMS
* Remove unused debian/gen-deps.sh script.
Change to Debhelper compat level 13
Removed an attempt to delete a non-existant pyplate.pyc file
Changed to zstd for selinux-policy-src and stopped using a variable for
compression options. Why do we even have selinux-policy-src?
Removed unneeded build depends and changed the SE Linux build depends
to version >=3.4
Change VCS to Vcs in debian/control
Change lintian overrides to match new format
Change build to not need root
Tell Lintian to ignore some very long lines in source
Fix copyright URLs
Removed trailing whitespace in changelog
Use kernel_load_module(brctl_t) instead of just adding a capability
Add autopkgtest. Closes: #1012841
-- Russell Coker <email address hidden> Sun, 29 Jan 2023 15:07:05 +1100
Upload details
- Uploaded by:
- Debian SELinux maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian SELinux maintainers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Lunar | release | universe | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| refpolicy_2.20221101-4.dsc | 2.4 KiB | 38d4f2a8f3887285bfef9dab5016cc1a5246f9fbe291ab9550227b6af5eebf88 |
| refpolicy_2.20221101.orig.tar.bz2 | 569.5 KiB | 44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396 |
| refpolicy_2.20221101-4.debian.tar.xz | 101.7 KiB | 086a8ee95d784bbb4a4d46cb66f12a75d6e98c309d8a3447f77f28aa9f252769 |
Available diffs
No changes file available.
Binary packages built by this source
- selinux-policy-default: Strict and Targeted variants of the SELinux policy
This is the reference policy for SE Linux. In the default configuration it
will provide the functionality previously known as the "targeted" policy. If
the module "unconfined" is removed then it provides the functionality
previously known as the "strict" policy.
.
This uses the MMCS system of categories.
- selinux-policy-dev: Headers from the SELinux reference policy for building modules
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This package provides header files for building your own SELinux
policy packages compatible with official policy packages.
- selinux-policy-doc: Documentation for the SELinux reference policy
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This package contains the documentation for the reference policy.
- selinux-policy-mls: MLS (Multi Level Security) variant of the SELinux policy
This is the reference policy for SE Linux built with MLS support. It allows
giving data labels such as "Top Secret" and preventing such data from leaking
to processes or files with lower classification.
.
It was developed for Common Criteria LSPP certification for RHEL. It will
probably never be well supported in Debian and is only recommended for
students who want to learn about the security features used by the military.
- selinux-policy-src: Source of the SELinux reference policy for customization
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This is the source of the policy, provided so that local variations of
SELinux policy may be created.
