Hi guys,
I've pushed out another set of ebuilds for the SELinux policies, containing
83 changes as reported by git. Needless to say, some testing is appreciated ;-)
Short changelog below.
Wkr,
Sven Vermeulen
9f242f6 Module version bumps for file context fixes in various policy modules by Laurent Bigonville
c9b7346 Label /usr/bin/kvm as qemu_exec_t
19cdd44 ptchown.fc: Properly label pt_chown executable in Debian
f3b0af1 gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian
6de9099 Fix typo in mcelog_admin (missing bracket)
e507015 Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-refpolicy
9b69c1f updating udev-197 udevd location for gentoo bug 451128
65c069f Google talk plugin searches through devices
a5c9b3e Remove calls that are merged (were in distro_gentoo blocks but not needed anymore)
59251ce Module version bump for fixes from Dominick Grift.
6969d25 NSCD related changes in various policy modules
de5aa80 Changes to the userdomain policy module
120c8be Changes to the init policy module
d7b373a Module version bump for misc updates from Sven Vermeulen.
80a0782 Introduce exec-check interfaces for passwd binaries and useradd binaries
c98a726 Allow initrc_t to read stunnel configuration
545015a Allow syslogger to manage cron log files (v2)
c6dbdc8 lvscan creates the /run/lock/lvm directory if nonexisting (v2)
c2097b3 Postgresql 9.2 connects to its unix stream socket
b97379a Module version bumps for fixes in various policy module by Sven Vermeulen
60829a7 Changes to the puppet policy module
284c7ca Changes to the virt policy module
631f92e Puppet runs statfs against selinuxfs
2e349e9 Puppet initscript creates /run/puppet
fc536df Support netlink_route_socket creation for puppet
6faf8db Puppet module helper scripts are puppet_var_lib_t
c01b451 Grant sys_admin capability to puppet
d1c0e94 Allow rpc admin to run exportfs
3e5f315 Changes to puppet domain
f283916 Move mta call (coding style)
ee6f07d Mark make.profile entry as portage_conf_t (v2)
ca9488d More .maildir fixes
775f39d Allow staff and regular user the googletalk plugin domains
800aca7 Support using googletalk
33ef617 Introduce googletalk policy
a1d8e9e Support mozilla_dontaudit_use_fds and mozilla_send_dgram_plugin interfaces
72d8966 Introduce xdg_search_config_home_dirs interface
291da0d Fix typo, needed to call the argument, not sysadm_t
2e34d4e Create filetransition for ld.so.cache~
535015c Mozilla plugin to read profile info
c0a7407 Move gentoo specifics downwards
e81132e Udev init script writes to /proc/sys/kernel/hotplug
d7a74e2 Use udev_rules_t for /run/udev/rules.d
16b663c Support a file transition from udev_var_run_t to udev_rules_t
dd062fb Move majority of gentoo specifics downwards
a642219 Add file transition for /dev/.lvm created by lvm_t
cb6cc4d Move Gentoo specifics downwards
8b82a9a Mark /run/udev/rules.d as udev_rules_t
22c79cd Move gentoo specifics down
94f9528 Fix specification collision
30716f7 Allow qemu to create TCP sockets (VNC support)
a52c5eb Move distro_gentoo stuff towards the end of the file (easier upstream patching)
1d5cee4 Allow restorecon/setfiles to read all symlinks
3733985 Puppet runs statfs against selinuxfs
4a0681d Puppet initscript creates /run/puppet
08e4126 Support netlink_route_socket creation for puppet
a21e705 Puppet module helper scripts are puppet_var_lib_t
8317266 Grant sys_admin capability to puppet
1ff5050 Mark sysadm as rpc_admin
acc84cf Allow rpc admin to run exportfs
f990dd9 Allow sysadmin to call rpcinfo
6e18623 Remove redundant net_bind_service capabilities in various modules
aa3d987 Changes to the apcupsd policy module
2689d76 Changes to the dbus policy module
3ed388d Changes to the cups policy module
05cc79c Module version bumps for fixes in various policy modules by Laurent Bigonville
0608e67 Allow cupsd_t to read cupsd_log_t
768a51c Allow virsh_t context to read sysctl_crypto_t
0d6cad3 Allow networkmanager_t to read crypto_sysctl_t
f155aab Allow pcscd the fsetid capability
319156b cups.fc: Properly label cups-pk-helper-mechanism on Debian
9f4c32e policykit.fc: Properly label polkit-agent-helper-1 on Debian
9831e61 Changes to the dbus policy module
bdfa170 Properly label nm-dispatcher.action on Debian
04c3a35 Changes to the nscd policy module and relevant dependencies
4348e22 Changes to the wdmd policy module and relevant dependencies
6b6e45c Changes to the logwatch policy module
75f29a2 Changes to the userhelper policy module
ff3ed95 Changes to the cobbler policy module
975a174 Changes to the dovecot policy module
0b82370 Changes to the munin policy module
cd61d48 Changes to the virt policy module
ec537ce Changes to the dkim policy module
I've pushed out another set of ebuilds for the SELinux policies, containing
83 changes as reported by git. Needless to say, some testing is appreciated ;-)
Short changelog below.
Wkr,
Sven Vermeulen
9f242f6 Module version bumps for file context fixes in various policy modules by Laurent Bigonville
c9b7346 Label /usr/bin/kvm as qemu_exec_t
19cdd44 ptchown.fc: Properly label pt_chown executable in Debian
f3b0af1 gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian
6de9099 Fix typo in mcelog_admin (missing bracket)
e507015 Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-refpolicy
9b69c1f updating udev-197 udevd location for gentoo bug 451128
65c069f Google talk plugin searches through devices
a5c9b3e Remove calls that are merged (were in distro_gentoo blocks but not needed anymore)
59251ce Module version bump for fixes from Dominick Grift.
6969d25 NSCD related changes in various policy modules
de5aa80 Changes to the userdomain policy module
120c8be Changes to the init policy module
d7b373a Module version bump for misc updates from Sven Vermeulen.
80a0782 Introduce exec-check interfaces for passwd binaries and useradd binaries
c98a726 Allow initrc_t to read stunnel configuration
545015a Allow syslogger to manage cron log files (v2)
c6dbdc8 lvscan creates the /run/lock/lvm directory if nonexisting (v2)
c2097b3 Postgresql 9.2 connects to its unix stream socket
b97379a Module version bumps for fixes in various policy module by Sven Vermeulen
60829a7 Changes to the puppet policy module
284c7ca Changes to the virt policy module
631f92e Puppet runs statfs against selinuxfs
2e349e9 Puppet initscript creates /run/puppet
fc536df Support netlink_route_socket creation for puppet
6faf8db Puppet module helper scripts are puppet_var_lib_t
c01b451 Grant sys_admin capability to puppet
d1c0e94 Allow rpc admin to run exportfs
3e5f315 Changes to puppet domain
f283916 Move mta call (coding style)
ee6f07d Mark make.profile entry as portage_conf_t (v2)
ca9488d More .maildir fixes
775f39d Allow staff and regular user the googletalk plugin domains
800aca7 Support using googletalk
33ef617 Introduce googletalk policy
a1d8e9e Support mozilla_dontaudit_use_fds and mozilla_send_dgram_plugin interfaces
72d8966 Introduce xdg_search_config_home_dirs interface
291da0d Fix typo, needed to call the argument, not sysadm_t
2e34d4e Create filetransition for ld.so.cache~
535015c Mozilla plugin to read profile info
c0a7407 Move gentoo specifics downwards
e81132e Udev init script writes to /proc/sys/kernel/hotplug
d7a74e2 Use udev_rules_t for /run/udev/rules.d
16b663c Support a file transition from udev_var_run_t to udev_rules_t
dd062fb Move majority of gentoo specifics downwards
a642219 Add file transition for /dev/.lvm created by lvm_t
cb6cc4d Move Gentoo specifics downwards
8b82a9a Mark /run/udev/rules.d as udev_rules_t
22c79cd Move gentoo specifics down
94f9528 Fix specification collision
30716f7 Allow qemu to create TCP sockets (VNC support)
a52c5eb Move distro_gentoo stuff towards the end of the file (easier upstream patching)
1d5cee4 Allow restorecon/setfiles to read all symlinks
3733985 Puppet runs statfs against selinuxfs
4a0681d Puppet initscript creates /run/puppet
08e4126 Support netlink_route_socket creation for puppet
a21e705 Puppet module helper scripts are puppet_var_lib_t
8317266 Grant sys_admin capability to puppet
1ff5050 Mark sysadm as rpc_admin
acc84cf Allow rpc admin to run exportfs
f990dd9 Allow sysadmin to call rpcinfo
6e18623 Remove redundant net_bind_service capabilities in various modules
aa3d987 Changes to the apcupsd policy module
2689d76 Changes to the dbus policy module
3ed388d Changes to the cups policy module
05cc79c Module version bumps for fixes in various policy modules by Laurent Bigonville
0608e67 Allow cupsd_t to read cupsd_log_t
768a51c Allow virsh_t context to read sysctl_crypto_t
0d6cad3 Allow networkmanager_t to read crypto_sysctl_t
f155aab Allow pcscd the fsetid capability
319156b cups.fc: Properly label cups-pk-helper-mechanism on Debian
9f4c32e policykit.fc: Properly label polkit-agent-helper-1 on Debian
9831e61 Changes to the dbus policy module
bdfa170 Properly label nm-dispatcher.action on Debian
04c3a35 Changes to the nscd policy module and relevant dependencies
4348e22 Changes to the wdmd policy module and relevant dependencies
6b6e45c Changes to the logwatch policy module
75f29a2 Changes to the userhelper policy module
ff3ed95 Changes to the cobbler policy module
975a174 Changes to the dovecot policy module
0b82370 Changes to the munin policy module
cd61d48 Changes to the virt policy module
ec537ce Changes to the dkim policy module