RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-02-02 21:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Changelog and VERSION for release.

Browse Source
This commit is contained in:
Chris PeBenito 2019-02-01 15:03:42 -05:00
parent 445cbed7c7
commit 10e0106e82
2 changed files with 235 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

234
Changelog
View File

@ -1,3 +1,237 @@
* Fri Feb 01 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190201
Alexander Miroshnichenko (16):
Add signal_perms setpgid setsched permissions to syncthing_t.
Add corecmd_exec_bin permissions to syncthing_t.
Allow syncthing_t to read network state.
Allow syncthing_t to execute ifconfig/iproute2.
Add required permissions for nsd_t to be able running.
Add nsd_admin interface to sysadm.te.
Add map permission to lvm_t on lvm_metadata_t.
Add comment for map on lvm_metadata_t.
Remove syncthing tunable_policy.
Remove unneeded braces from nsd.te.
Add new interface fs_rmw_hugetlbfs_files.
Add map permission for postgresql_t to postgresql_tmp_t files.
Add dovecot_can_connect_db boolean.
fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface
Add hostapd service module
minor updates redis module to be able to start the app
Chris PeBenito (85):
mozilla, devices, selinux, xserver, init, iptables: Module version bump.
devices: Module version bump.
misc_patterns.spt: Remove unnecessary brackets.
ipsec: Module version bump.
fstools: Module version bump.
corecommands: Module version bump.
xserver: Module version bump.
Merge pull request #1 from bigon/fix-sepolgen-ifgen
Remove unused translate permission in context userspace class.
logrotate: Module version bump.
miscfiles: Module version bump.
Merge pull request #3 from bigon/xdp-socket
obj_perm_sets.spt: Add xdp_socket to socket_class_set.
clamav, ssh, init: Module version bump.
amavis, apache, clamav, exim, mta, udev: Module version bump.
dnsmasq: Whitespace fix in file contexts.
dnsmasq: Reorder lines in file contexts.
Merge branch 'master' of https://github.com/bigon/refpolicy
Merge branch 'resolved' of https://github.com/bigon/refpolicy
Merge branch 'iscsi' of https://github.com/bigon/refpolicy
Various modules: Version bump.
dnsmasq: Module version bump.
Merge branch 'minissdpd' of https://github.com/bigon/refpolicy
cron, minissdpd, ntp, systemd: Module version bump.
dbus, xserver, init, logging, modutils: Module version bump.
Merge branch 'syncthing' of https://github.com/alexminder/refpolicy
syncthing: Whitespace change
Merge branch 'lvm' of https://github.com/alexminder/refpolicy
lvm, syncthing: Module version bump.
sigrok: Remove extra comments.
networkmanager: Add ICMPv6 comment
sysnetwork: Move optional block in sysnet_dns_name_resolve().
sysnetwork: Move lines.
dpkg: Rename dpkg_read_script_tmp_links().
apt, rpm: Remove and move lines to fix fc conflicts.
sudo: Whitespace fix.
many: Module version bumps for changes from Russell Coker.
systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().
init: Remove inadvertent merge.
Merge branch 'nsd' of https://github.com/alexminder/refpolicy
nsd: Merge two rules into one.
Merge branch 'ssh_dac_read_search' of
git://github.com/fishilico/selinux-refpolicy
Merge branch 'restorecond_getattr_cgroupfs' of
git://github.com/fishilico/selinux-refpolicy
Merge branch 'systemd-logind-getutxent' of
git://github.com/fishilico/selinux-refpolicy
various: Module version bump.
iptables: Module version bump.
Add CONTRIBUTING file.
kernel, systemd: Move lines.
kernel, jabber, ntp, init, logging, systemd: Module version bump.
Merge branch 'systemd-journald_units_symlinks' of
git://github.com/fishilico/selinux-refpolicy
init, logging: Module version bump.
Merge branch 'services_single_usr_bin' of
git://github.com/fishilico/selinux-refpolicy
Merge branch 'init_rename_pid_interfaces' of
git://github.com/fishilico/selinux-refpolicy
various: Module name bump.
Merge branch 'systemd-rfkill' of
git://github.com/fishilico/selinux-refpolicy
systemd: Whitespace change
systemd: Module version bump.
Merge branch 'restorecond-symlinks' of
git://github.com/fishilico/selinux-refpolicy
Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy
usermanage, cron, selinuxutil: Module version bump.
logging, sysnetwork, systemd: Module version bump.
Merge branch 'restorecond-dontaudit-symlinks' of
git://github.com/fishilico/selinux-refpolicy
selinuxutil: Module version bump.
Merge branch 'dbus-dynamic-uid' of
git://github.com/fishilico/selinux-refpolicy
xserver: Move line
systemd: Move interface implementation.
various: Module version bump.
dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().
dpkg: Move interface implementations.
init: Rename init_read_generic_units_links() to
init_read_generic_units_symlinks().
init: Drop unnecessary userspace class dependence in
init_read_generic_units_symlinks().
chromium: Whitespace fixes.
chromium: Move line.
Merge branch 'dovecot' of git://github.com/alexminder/refpolicy
dovecot: Move lines.
various: Module version bump.
Merge branch 'postgres' of git://github.com/alexminder/refpolicy
filesystem, postgresql: Module version bump.
hostapd: Whitespace change.
hostapd: Move line.
various: Module version bump.
redis: Move line.
redis: Module version bump.
corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version
bump.
Bump module versions for release.
David Sugar (15):
Interface to allow reading of virus signature files.
Update CUSTOM_BUILDOPT
Add interface udev_run_domain
Allow clamd_t to read /proc/sys/crypt/fips_enabled
Interface to add domain allowed to be read by ClamAV for scanning.
Add interfaces to control clamav_unit_t systemd services
Allow clamd to use sent file descriptor
Add interfaces to control ntpd_unit_t systemd services
interface to enable/disable systemd_networkd service
Interface to read cron_system_spool_t
Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled
Allow kmod to read /proc/sys/crypto/fips_enabled
Allow dbus to access /proc/sys/crypto/fips_enabled
Add missing require for 'daemon' attribute.
Allow auditctl_t to read bin_t symlinks.
Dominick Grift (1):
unconfined: add a note about DBUS
Guido Trentalancia (1):
Add sigrok contrib module
Jagannathan Raman (1):
vhost: Add /dev/vhost-scsi device of type vhost_device_t.
Jason Zaman (10):
selinux: compute_access_vector requires creating netlink_selinux_sockets
mozilla: xdg updates
xserver: label .cache/fontconfig as user_fonts_cache_t
Allow map xserver_misc_device_t for nvidia driver
iptables: fcontexts for 1.8.0
devices: introduce dev_dontaudit_read_sysfs
files: introduce files_dontaudit_read_etc_files
kernel: introduce kernel_dontaudit_read_kernel_sysctl
userdomain: introduce userdom_user_home_dir_filetrans_user_cert
Add chromium policy upstreamed from Gentoo
Laurent Bigonville (10):
policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to
make sepolgen-ifgen happy
Add xdp_socket security class and access vectors
irqbalance now creates an abstract socket
Allow semanage_t to connect to system D-Bus bus
Allow ntpd_t to read init state
Add systemd_dbus_chat_resolved() interface
Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names
Allow systemd_resolved_t to bind to port 53 and use net_raw
Allow iscsid_t to create a netlink_iscsi_socket
Allow minissdpd_t to create a unix_stream_socket
Luis Ressel (7):
corecommands: Fix /usr/share/apr* fc
xserver: Allow user fonts (and caches) to be mmap()ed.
Add fc for /var/lib/misc/logrotate.status
Realign logrotate.fc, remove an obvious comment
miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t
services/ssh: Don't audit accesses from ssh_t to /dev/random
system/init: Give init_spec_daemon_domain()s the "daemon" attribute
Lukas Vrabec (1):
Improve domain_transition_pattern to allow mmap entrypoint bin file.
Nicolas Iooss (11):
fstools: label e2mmpstatus as fsadm_exec_t
ssh: use dac_read_search instead of dac_override
selinuxutil: allow restorecond to try counting the number of files in
cgroup fs
systemd: allow systemd-logind to use getutxent()
Allow systemd-journald to read systemd unit symlinks
Label service binaries in /usr/bin like /usr/sbin
init: rename *_pid_* interfaces to use "runtime"
systemd: add policy for systemd-rfkill
selinuxutil: allow restorecond to read symlinks
selinuxutil: restorecond is buggy when it dereferencies symlinks
dbus: allow using dynamic UID
Petr Vorel (1):
dnsmasq: Require log files to have .log suffix
Russell Coker (19):
misc services patches
misc interfaces
last misc stuff
systemd related interfaces
systemd misc
missing from previous
cron trivial
mls stuff
logging
some little stuff
trivial system cronjob
another trivial
more tiny stuff
map systemd private dirs
tiny stuff for today
yet more tiny stuff
yet another little patch
chromium
more misc stuff
Sugar, David (9):
Allow greeter to start dbus
pam_faillock creates files in /run/faillock
Add interface to get status of iptables service
Add interface to start/stop iptables service
label journald configuraiton files syslog_conf_t
Interface with systemd_hostnamed over dbus to set hostname
Modify type for /etc/hostname
Add interface clamav_run
Add interface to read journal files
Yuli Khodorkovskiy (1):
ipsec: add missing permissions for pluto
* Sun Jul 01 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180701
Chris PeBenito (28):
Enable cgroup_seclabel and nnp_nosuid_transition.

2
VERSION
View File

@ -1 +1 @@
2.20180701
2.20190201