-
refpolicy (2:0.2.20100524-10ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598)
refpolicy (2:0.2.20100524-10) unstable; urgency=low
* Label gpgsm as gpg_exec_t
* Add policy for /run etc, thanks to Martin Orr <email address hidden> for
working on this, even though we can't use subst now.
Closes: #629066, #628039, #626720
-- Angel Abad <email address hidden> Tue, 26 Jul 2011 00:31:22 +0200
-
refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598)
refpolicy (2:0.2.20100524-9) unstable; urgency=low
* Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
previous version. Getting gnome (gconfd) policy to work correctly is too
hard for Squeeze.
* Allow user_t to talk to xdm_var_run_t sockets so switch user can work.
* Allow mailman_mail_t to read /dev/urandom and usr_t files
* Allow xenconsoled_t capability sys_tty_config and create unix_dgram_socket
* Allow iodine_t to read /proc/filesystems
* Allow jabber_t to write it's fifos, process set/getsched, connect to
generic tcp ports, and bind to udp ports.
* Label /var/lib/sudo as pam_var_run_t
* Allow sshd_t to read gitosis files.
* Made the gitosis label apply to /srv/gitosis.
* Allow webalizer to read usr_t files for geoip database.
* Allow user_t and staff_t consolekit_dbus_chat() access so they can
determine their session status - necessary to login in KDE sometimes.
* Label ~/.gnupg/gpg.conf as user_home_t and allow user_t to list directories
of type gpg_secret_t so gpg-agent can start.
* Allow gpg_agent_t to launch a user session and send sigchld to xdm_t
* Allow user_ssh_agent_t to send sigchld to xdm_t and allow it to run the
gpg agent.
* Add new paths for chromium-browser to support the version in unstable,
needed for backports.
* Allow user_mail_t to transition to postfix_master_t for postalias, confined
by roles. Uses domain_system_change_exemption() for user_mail_t via
postfix_domtrans_master() which isn't ideal.
-- Angel Abad <email address hidden> Tue, 17 May 2011 14:44:24 +0200
-
refpolicy (2:0.2.20100524-8ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining change:
- debian/control: drop "selinux" conflict (Debian bug 576598)
refpolicy (2:0.2.20100524-8) unstable; urgency=low
* Add tunable user_manage_dos_files which defaults to true
* Correctly label /usr/lib/xulrunner-1.9.1/xulrunner-stub
* Allow mozilla to create directories under /tmp
* Use correct label for /usr/lib/libgconf2-4/gconfd-2 and load gnome.pp on
installation if libgconf2-4 is installed
* Use correct label for /usr/lib/upower/upowerd
* Dontaudit bind_t write attempts to / for lwresd calling access(".", W_OK)
* Allow user domains to execute mysqld_exec_t, for KDE
* Allow user_dbusd_t to execute gconfd_exec_t in user_gconfd_t.
* Label /var/lib/fetchmail as fetchmail_uidl_cache_t and allow fetchmail_t to
search /var/lib and manage fetchmail_uidl_cache_t dirs
* Allow xm_t to read kernel image files, needed for DomU startup on boot
* Allow gpg_agent_t to read etc_t files and sysctl_crypto_t.
* Allow network manager to run wpa_cli_exec_t programs.
-- Bhavani Shankar <email address hidden> Sun, 01 May 2011 15:52:51 +0530
-
refpolicy (2:0.2.20100524-7ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control: drop "selinux" conflict (Debian bug 576598)
refpolicy (2:0.2.20100524-7) unstable; urgency=low
* Allow crontab_t to create a directory of type crontab_tmp_t, necessary to
allow crontab -e to work
-- Angel Abad <email address hidden> Thu, 13 Jan 2011 22:04:50 +0100