refpolicy 0.0.20071214-0ubuntu1 source package in Ubuntu
Changelog
refpolicy (0.0.20071214-0ubuntu1) hardy; urgency=low [ Caleb Case ] * New upstream SVN HEAD. - Labeled networking peer object class updates. - Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik. - Improve several tunables descriptions from Dan Walsh. - Patch to clean up ns switch usage in the policy from Dan Walsh. - More complete labeled networking infrastructure from KaiGai Kohei. - Add interface for libselinux constructor, for libselinux-linked SELinux-enabled programs. - Patch to restructure user role templates to create restricted user roles from Dan Walsh. - Russian man page translations from Andrey Markelov. - Remove unused types from dbus. - Add infrastructure for managing all user web content. - Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. - Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. - Merge shlib_t into lib_t. - Merge strict and targeted policies. The policy will now behave like the strict policy if the unconfined module is not present. If it is, it will behave like the targeted policy. Added an unconfined role to have a mix of confined and unconfined users. - Added modules: exim (Dan Walsh) postfixpolicyd (Jan-Frode Myklebust) - Add support for setting the unknown permissions handling. - Fix XML building for external reference builds and headers builds. - Patch to add missing requirements in userdomain interfaces from Shintaro Fujiwara. - Add tcpd_wrapped_domain() for services that use tcp wrappers. - Update MLS constraints from LSPP evaluated policy. - Allow initrc_t file descriptors to be inherited regardless of MLS level. Accordingly drop MLS permissions from daemons that inherit from any level. - Files and radvd updates from Stefan Schulze Frielinghaus. - Deprecate mls_file_write_down() and mls_file_read_up(), replaced with mls_write_all_levels() and mls_read_all_levels(), for consistency. - Add make kernel and init ranged interfaces pass the range transition MLS constraints. Also remove calls to mls_rangetrans_target() in modules that use the kernel and init interfaces, since its redundant. - Add interfaces for all MLS attributes except X object classes. - Require all sensitivities and categories for MLS and MCS policies, not just the low and high sensitivity and category. - Database userspace object manager classes from KaiGai Kohei. - Add third-party interface for Apache CGI. - Add getserv and shmemserv nscd permissions. - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus. - Added modules: application awstats (Stefan Schulze Frielinghaus) bitlbee (Devin Carraway) brctl (Dan Walsh) - Fix incorrectly named files_lib_filetrans_shared_lib() interface in the libraries module. - Unified labeled networking policy from Paul Moore. - Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore. - Xen updates from Dan Walsh. - Filesystem updates from Dan Walsh. - Large samba update from Dan Walsh. - Drop snmpd_etc_t. - Confine sendmail and logrotate on targeted. - Tunable connection to postgresql for users from KaiGai Kohei. - Memprotect support patch from Stephen Smalley. - Add logging_send_audit_msgs() interface and deprecate send_audit_msgs_pattern(). - Openct updates patch from Dan Walsh. - Merge restorecon into setfiles. - Patch to begin separating out hald helper programs from Dan Walsh. - Fixes for squid, dovecot, and snmp from Dan Walsh. - Miscellaneous consolekit fixes from Dan Walsh. - Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh. - Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh. - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes to handle usage from userhelper from Dan Walsh. - Patch to allow amavis to read spamassassin libraries from Dan Walsh. - Patch to allow slocate to getattr other filesystems and directories on those filesystems from Dan Walsh. - Fixes for RHEL4 from the CLIP project. - Replace the old lrrd fc entries with munin ones. - Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties. - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface. - Added modules: amtu (Dan Walsh) apcupsd (Dan Walsh) rpcbind (Dan Walsh) rwho (Nalin Dahyabhai) * debian/control * selinux-policy-refpolicy depends on *-cups an *-unconfined policies. * selinux-policy-refpolicy-(cups|unconfined) provide selinux-policy-(cups|unconfined) (potentially allowing a user to install a dummy package to satisfy). * debian/patches/conf.patch * added seusers patch that makes all users unconfined by default. * debian/selinux-policy-refpolicy.* * adding in dbus policy [ Joseph Jackson IV ] * debian/control - Update Debian Maintainer field [ J. Tang ] * debian/postinst - Invoke /usr/sbin/update-selinux-policy to change the policy to refpolicy, if possible. * debian/selinux-policy-refpolicy.*postrrm - Handle purging correctly. -- Caleb Case <email address hidden> Fri, 08 Feb 2008 03:22:20 -0500
Upload details
- Uploaded by:
- Caleb Case
- Sponsored by:
- Kees Cook
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Hardened
- Architectures:
- all
- Section:
- admin
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
refpolicy_0.0.20071214.orig.tar.gz | 450.0 KiB | 9bacf51378382db0be231a72d335d8dc47d7017bfe9516231f6dbbc827f23b4a |
refpolicy_0.0.20071214-0ubuntu1.diff.gz | 22.8 KiB | ce24d171bffdd517f3a8eb51c3e087e20d9f8bfd449b6ecaaa80aa7fa045413f |
refpolicy_0.0.20071214-0ubuntu1.dsc | 914 bytes | 00dfdb99af9d4c26cd268d8511779049f1871ddf0b2f738133ff332856412572 |
Binary packages built by this source
- selinux-policy-refpolicy: No summary available for selinux-policy-refpolicy in ubuntu hardy.
No description available for selinux-
policy- refpolicy in ubuntu hardy.
- selinux-policy-refpolicy-cups: No summary available for selinux-policy-refpolicy-cups in ubuntu hardy.
No description available for selinux-
policy- refpolicy- cups in ubuntu hardy.
- selinux-policy-refpolicy-dev: No summary available for selinux-policy-refpolicy-dev in ubuntu hardy.
No description available for selinux-
policy- refpolicy- dev in ubuntu hardy.
- selinux-policy-refpolicy-doc: No summary available for selinux-policy-refpolicy-doc in ubuntu hardy.
No description available for selinux-
policy- refpolicy- doc in ubuntu hardy.
- selinux-policy-refpolicy-unconfined: No summary available for selinux-policy-refpolicy-unconfined in ubuntu hardy.
No description available for selinux-
policy- refpolicy- unconfined in ubuntu hardy.