-
refpolicy (2:0.2.20100524-2ubuntu1) maverick; urgency=low
* Merge from debian unstable (LP: #607149). Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598).
refpolicy (2:0.2.20100524-2) unstable; urgency=low
* Include tmpreaper in base policy as mountnfs-bootclean.sh and
mountall-bootclean.sh need to run as tmpreaper_t.
* Added a new mcsdeleteall attribute for tmpreaper_t so that it can
delete files and directories regardless of mcs level.
* Allow perdition netlink_route_socket access.
* Allow nrpe_t to execute sudo and search /var/spool
also don't audit capability sys_resource.
* Allow postfix_local_t to run sendmail for programs like vacation
* Make the milter module be loaded if the milter-greylist or spamass-milter
package is installed. Make spamassassin policy optional when using the
milter module.
* Added a bunch of fixes from git mostly trivial stuff but also allowed
bootloader_t to load modules, allowed kismet_t to search home directories,
* Don't allow cron daemon to search /var/lib/logrotate.
* Fixed a typo in gitosis.if
* Commented out the genfscon line in selinux.if for the includes directory,
now sepolgen-ifgen works without error.
-- Angel Abad <email address hidden> Fri, 09 Jul 2010 06:30:26 +0100
-
refpolicy (2:0.2.20100524-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes: LP: #602199
- debian/control: drop "selinux" conflict (Debian bug 576598).
refpolicy (2:0.2.20100524-1) unstable; urgency=low
* New Upstream release. This version has had a good deal of testing for
server use but almost no testing for desktop use. The usual "Unstable"
disclaimers apply.
* Disable UBAC - see http://etbe.coker.com.au/2010/05/26/ubac-selinux-debian/
* Allow mount_t to read sysfs_t.
* Allow lvm_t to create semaphores.
* Allow mount_t and setfiles_t to read/write device_t chr_file.
* Allow udev to read sym-links in it's config directory.
* Allow vbetool_t to read inotify directories.
* Allow gpm_t self signull and signal access.
refpolicy (2:0.2.20091117-3) unstable; urgency=low
* label Google Chrome as unconfined_execmem_exec_t
* Change the apache_content_template() macro to not define the type
httpd_$1_script_exec_t, now the caller must unconditionally define it and
can therefore use it in it's .fc file without making a .fc dependency.
* Allow setrans_t to read proc_t files.
* Allow pppd to load modules.
* Allow watchdog_t to read/write /dev/watchdog
* Allow rpcd_t getcap and setcap access.
* Allow insmod_t to mount a rpc_pipefs_t filesystem.
* Correctly label kdm.log.* pm-*log* aptitude*
* Allow consolekit_t to access pam console data.
* Correctly label consolekit scripts
* Allow mount_t to set the scheduling for kernel threads.
-- Bhavani Shankar <email address hidden> Tue, 06 Jul 2010 14:26:53 +0530
-
refpolicy (2:0.2.20091117-2ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598).
refpolicy (2:0.2.20091117-2) unstable; urgency=low
* Label /etc/gdm/Xsession, /etc/gdm/PostSession/* and /etc/gdm/PreSession/*
as xsession_exec_t.
* Label /usr/lib/dbus-1.0/dbus-daemon-launch-helper as dbusd_exec_t.
* Allow syslogd_t to read/write access to xconsole_device_t.
* Allow system_dbusd_t list access to inotifyfs.
* Allow udev to manage symlinks under /dev
* Treat devtmpfs the same way as tmpfs.
* Changed upstream to http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease
* Allow iptables_t, insmod_t and mount_t to do module_request
* Use lib32 instead of lib64
* Make manage_lnk_file_perms allow write access for setting the timestamp.
* Use filesystem transitions for hugetlbfs_t.
* Label xenfs_t and allow xend etc to use it.
* Use lda_t for mail local delivery
* Allow udev to manage xenfs_t files, to write to etc_runtime_t (for ifstate),
and to load modules.
* Allow ifconfig to load modules.
* Made auth_domtrans_chk_passwd() specify dontaudit for shadow_t file open.
-- Kees Cook <email address hidden> Thu, 24 Jun 2010 14:26:07 -0700
-
refpolicy (2:0.2.20091117-1ubuntu1) lucid; urgency=low
* debian/control: drop "selinux" conflict for sane installation
in Ubuntu (Debian bug 576598).
-- Kees Cook <email address hidden> Mon, 05 Apr 2010 13:03:23 -0700