refpolicy 2:2.20210203-5 source package in Ubuntu
Changelog
refpolicy (2:2.20210203-5) unstable; urgency=medium
* Add policy for rasdaemon
* Made mta_manage_mail_home_rw_content() include mail_home_rw_t:file watch
access, needed by dovecot_t and probably others in future
* Allow restorecond to watch selinux_config_t files.
* Allow *_wm_t domains (for window manager processes) to watch xdg_config_t
files and to execmod wm_tmpfs_t files (stops kwin_x11 SEGV)
* Allow systemd_tmpfiles_t to relabel colord var lib files and dirs
* Allow smbcontrol_t to map samba_runtime_t files and send unix datagrams
to smbd processes
* Allow systemd_user_runtime_dir_t to delete all user runtime sock files
and manage pulseaudio_tmp_t dirs
* Allow system_cronjob_t to manage var_lib dirs
* Allow dovecot to create ~/mail directories.
* Label /usr/share/mailman3-web/manage.py as mailman_queue_exec_t
Allow mailman_queue_t to read usr files and to create it's own tmpfs files
and allow it to map mailman_data_t files
* Added systemd policy from upstream git as of 31st Mar to the upstream patch
* Label /usr/bin/rspamd file not /usr/bin/rspamd symlink
label /var/log/rspamd(/.*)? as spamd_log_t. Allow spamd_t self execmem
access when rspamd_spamd. Label port 11333 as spamd_port_t for rspam.
* Label /usr/lib/courier/imapd.* and /usr/lib/courier/pop3d.* as
courier_pop_exec_t. Allow courier_pop_t to read generic certs, manage
courier_var_lib_t files, bind to POP ports, execute courier_exec_t and
courier_tcpd_exec_t programs, and map courier config files. Grant
courier_pop_t the fowner and chown capabilities (for managing user mail)
but dontaudit the fsetid capability. Grant courier_pop_t the setrlimit
process access so it can set it's own resource limits. Allow
courier_authdaemon_t to search SE Linux default contexts (needed by pam
before using unix_chkpwd) and allow it to stat proc files.
* Add sympa policy
* Allow exim_t to read/write tmp files inherited from cron. Allow exim_t
the dac_read_search capability.
* Allow apache to map user content files when httpd_read_user_content is set.
Label /usr/lib/w3m/* as httpd_sys_script_exec_t
* Dontaudit fsdaemon_t capability net_admin (probably setting buffer size)
-- Russell Coker <email address hidden> Fri, 09 Apr 2021 23:02:14 +1000
Upload details
- Uploaded by:
- Debian SELinux maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian SELinux maintainers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| refpolicy_2.20210203-5.dsc | 2.4 KiB | 4d471adc7c8f6a88e8d43250e754f623752f590dc891cef17b4b7dfbdb69e75e |
| refpolicy_2.20210203.orig.tar.bz2 | 550.9 KiB | 48cbf2c63ff9003bef05e03c8d3cdddb4e8f63fef2a072ae51c987301f0b874d |
| refpolicy_2.20210203-5.debian.tar.xz | 94.2 KiB | 1741184d918d7dbd9a34534b76148620bfd9df1c11922b0184649245c9c7d115 |
Available diffs
- diff from 2:2.20210203-3 to 2:2.20210203-5 (25.7 KiB)
No changes file available.
Binary packages built by this source
- selinux-policy-default: No summary available for selinux-policy-default in ubuntu impish.
No description available for selinux-
policy- default in ubuntu impish.
- selinux-policy-dev: No summary available for selinux-policy-dev in ubuntu impish.
No description available for selinux-policy-dev in ubuntu impish.
- selinux-policy-doc: No summary available for selinux-policy-doc in ubuntu impish.
No description available for selinux-policy-doc in ubuntu impish.
- selinux-policy-mls: No summary available for selinux-policy-mls in ubuntu impish.
No description available for selinux-policy-mls in ubuntu impish.
- selinux-policy-src: No summary available for selinux-policy-src in ubuntu impish.
No description available for selinux-policy-src in ubuntu impish.
