nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Changelog and VERSION for release 2.20210203.

Browse Source 
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito 2021-02-03 08:38:27 -05:00
parent ff983a6239
commit 11612378e7
2 changed files with 194 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
Changelog
View File

@ -1,3 +1,196 @@
* Wed Feb 03 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210203
(GalaxyMaster) (1):
added policy for systemd-socket-proxyd
0xC0ncord (1):
userdomain, xserver: move xdg rules to userdom_xdg_user_template
Anthony PERARD (1):
xen: Allow xenstored to map /proc/xen/xsd_kva
Antoine Tenart (15):
udev: allow udevadm to retrieve xattrs
locallogin: allow login to get attributes of procfs
logging: allow systemd-journal to write messages to the audit socket
sysnetwork: allow to read network configuration files
dbus: add two interfaces to allow reading from directories and named
sockets
dbus: allow clients to list runtime dirs and named sockets
systemd: add extra systemd_generator_t rules
systemd: allow systemd-hwdb to search init runtime directories
systemd: allow systemd-network to get attributes of fs
systemd: allow systemd-resolve to read in tmpfs
corecommands: add entry for Busybox shell
systemd: allow systemd-getty-generator to read and write unallocated ttys
systemd: allow systemd-network to list the runtime directory
ntp: allow systemd-timesyn to watch dbus objects
ntp: allow systemd-timesyn to setfscreate
Chris PeBenito (117):
Merge branch 'acpid_shutdown' of https://github.com/jpds/refpolicy into
jpds-acpid_shutdown
.travis.yml: Point selint at only the policy dir.
corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module
version bump.
systemd: Move systemd-pstore block up in alphabetical order.
Switch to GitHub actions for CI actions.
systemd: Whitespace changes.
systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to
systemd_stream_connect_socket_proxyd().
Drop criteria on github actions.
userdomain: Fix error in calling userdom_xdg_user_template().
systemd: Add systemd-tty-ask watch for /run/systemd/ask-password.
Makefile: Add -E to setfiles labeling targets.
udev: Drop udev_tbl_t.
udev: Systemd 246 merged udev and udevadm executables.
devicekit: Udisks uses udevadm, it does not exec udev.
Remove modules for programs that are deprecated or no longer supported.
chromium: Whitespace changes.
chromium: Move naclhelper lines.
certbot: Whitespace changes.
certbot: Drop aliases since they have never had the old names in
refpolicy.
certbot: Reorder fc lines.
miscfiles: Rename miscfiles_manage_generic_tls_privkey_lnk_files.
userdomain: Move lines.
certbot: Fix lint issues.
memlockd: Move lines.
memlockd: Whitespace fixes.
memlockd: Fix lint issue.
file_patterns.spt: Add a mmap_manage_files_pattern().
apache, mysql, postgrey, samba, squid: Apply new
mmap_manage_files_pattern().
devicekit, jabber, samba: Move lines.
cron: Make backup call for system_cronjob_t optional.
samba: Fix samba_runtime_t alias use.
samba: Move service interface definitions.
sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba
block.
samba: Add missing userspace class requirements in unit interfaces.
apache: Fix lint error.
apache: Really fix lint error.
aptcacher: Drop broken config interfaces.
samba: Fix lint error.
0xC0ncord/feature/sudodomain_http_connect_boolean
0xC0ncord/bugfix/systemd_system_custom_unit_fc
dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces.
apt, bootloader: Move lines.
systemd: Move lines.
systemd: Fix lint errors.
systemd: Rename systemd_use_machined_devpts().
Bump module versions for release.
Christian Göttsche (16):
postfixpolicyd: split multi-class rule
init/systemd: allow systemd to map the SELinux status page
selinux: add selinux_use_status_page and deprecate
selinux_map_security_files
genhomedircon: drop backwards compatibility section
genhomedircon: require match for home directory name
genhomedircon: drop unused functions
genhomedircon: generate file contexts for %{USERNAME} and %{USERID}
genhomedircon: misc pylint cleanup
genhomedircon: improve error messages for min uid search
Rules.monolithic: ignore version mismatch
gitignore: ignore monolithic generated files
Preset OUTPUT_POLICY to 32
Rules.monolithic: do not suppress load_policy warning messages
Rules.monolithic: tweak checkpolicy arguments
Rules.monolithic: drop dead variable
Rules.monolithic: add missing phony declarations
Daniel Burgener (4):
Allow init to mount over the system bus
Allow systemd-ask-password to watch files
Use self keyword when an AV rule source type matches destination
Fix typo in comment
Dannick Pomerleau (1):
access_vectors: Add new capabilities to cap2
Dave Sugar (9):
Looks like this got dropped in pull request #294
Allow snmpd to read hwdata
Updates for corosync to work in enforcing
To get pacemaker working in enforcing
pacemaker systemd permissions
Allow pacemaker to map/read/write corosync shared memory files
Allow systemd-modules-load to search kernel keys
pcs_snmpd_agent_t fix denials to allow it to read needed queues
Work with xdg module disabled
David Schadlich (1):
add policy for pcs_snmp_agent
Deepak Rawat (1):
Add selinux-policy for systemd-pstore service
Dominick Grift (1):
bind: add a few fc specs for unbound
Guido Trentalancia (1):
Add LVM module permissions needed to open cryptsetup devices.
Jason Zaman (5):
userdomain: Add watch on home dirs
getty: allow watching file /run/agetty.reload
Add transition on gentoo init_t to openrc
init: upstream fcontexts from gentoo policy
systemd: make remaining dbus_* optional
Jonathan Davies (8):
acpi.te: Allow acpid_t to shutdown the system - this is required to handle
shutdown calls from libvirt. Fixes #298.
acpi.te: Removed unnecessary init_write_initctl().
userdomain.if: Marked usbguard user modify tunable as optional so usbguard
may be excluded.
portage: Added /var/cache/distfiles path.
init: Added fcontext for openrc-init.
init: Added fcontext for openrc-shutdown.
apps/screen.fc: Added fcontext for tmux xdg directory.
apps/screen.te: Allow screen to search xdg directories.
Kenton Groombridge (11):
devices: add interface for IOCTL on input devices
virt: add boolean to allow evdev passthrough
stunnel: add log type and rules
fail2ban: allow reading systemd journal
spamassassin: add rspamd support and tunable
apache: add interface for list dir perms on httpd content
sudo: add tunable for HTTP connections
init: label systemd units in /etc
certbot: add support for acme.sh
lvm: add lvm_tmpfs_t type and rules
Various fixes
Peter Morrow (1):
selinux: add selinux_get_all_booleans() interface
Richard Haines (1):
Ensure correct monolithic binary policy is loaded
Russell Coker (11):
base chrome/chromium patch fixed
latest iteration of certbot policy as patch
yet more strict patches fixed
remove deprecated from 20190201
more Chrome stuff
latest memlockd patch
misc services patches with changes Dominick and Chris wanted
misc network patches with Dominick's changes*2
new version of filetrans patch
misc apps and admin patches
machined
Yi Zhao (1):
sysnet: allow dhcpcd to create socket file
bauen1 (4):
systemd: private type for /run/systemd/userdb
authlogin: connect to userdb
systemd-logind: utilize nsswitch
selint: fix S-010
* Tue Aug 18 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200818 * Tue Aug 18 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200818
Alexander Miroshnichenko (2): Alexander Miroshnichenko (2):
openvpn: more versatile file context regex for ipp.txt openvpn: more versatile file context regex for ipp.txt

2
VERSION
View File

@ -1 +1 @@
2.20200818 2.20210203