[gentoo-commits] proj/hardened-refpolicy:master commit in: / - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: /
Date:	Sun, 10 Feb 2019 04:15:03
Message-Id:	`1549771885.744101042e9ae8eab4f942963b64dcaf5f2c738a.perfinion@gentoo`

1

commit:     744101042e9ae8eab4f942963b64dcaf5f2c738a

2

Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>

3

AuthorDate: Fri Feb  1 20:03:42 2019 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Sun Feb 10 04:11:25 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=74410104

7

8

Update Changelog and VERSION for release.

9

10

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

11

12

 Changelog | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

13

 VERSION   |   2 +-

14

 2 files changed, 235 insertions(+), 1 deletion(-)

15

16

diff --git a/Changelog b/Changelog

17

index 116e228a..75d5fae0 100644

18

--- a/Changelog

19

+++ b/Changelog

20

@@ -1,3 +1,237 @@

21

+* Fri Feb 01 2019 Chris PeBenito <pebenito@××××.org> - 2.20190201

22

+Alexander Miroshnichenko (16):

23

+      Add signal_perms setpgid setsched permissions to syncthing_t.

24

+      Add corecmd_exec_bin permissions to syncthing_t.

25

+      Allow syncthing_t to read network state.

26

+      Allow syncthing_t to execute ifconfig/iproute2.

27

+      Add required permissions for nsd_t to be able running.

28

+      Add nsd_admin interface to sysadm.te.

29

+      Add map permission to lvm_t on lvm_metadata_t.

30

+      Add comment for map on lvm_metadata_t.

31

+      Remove syncthing tunable_policy.

32

+      Remove unneeded braces from nsd.te.

33

+      Add new interface fs_rmw_hugetlbfs_files.

34

+      Add map permission for postgresql_t to postgresql_tmp_t files.

35

+      Add dovecot_can_connect_db boolean.

36

+      fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface

37

+      Add hostapd service module

38

+      minor updates redis module to be able to start the app

39

+

40

+Chris PeBenito (85):

41

+      mozilla, devices, selinux, xserver, init, iptables: Module version bump.

42

+      devices: Module version bump.

43

+      misc_patterns.spt: Remove unnecessary brackets.

44

+      ipsec: Module version bump.

45

+      fstools: Module version bump.

46

+      corecommands: Module version bump.

47

+      xserver: Module version bump.

48

+      Merge pull request #1 from bigon/fix-sepolgen-ifgen

49

+      Remove unused translate permission in context userspace class.

50

+      logrotate: Module version bump.

51

+      miscfiles: Module version bump.

52

+      Merge pull request #3 from bigon/xdp-socket

53

+      obj_perm_sets.spt: Add xdp_socket to socket_class_set.

54

+      clamav, ssh, init: Module version bump.

55

+      amavis, apache, clamav, exim, mta, udev: Module version bump.

56

+      dnsmasq: Whitespace fix in file contexts.

57

+      dnsmasq: Reorder lines in file contexts.

58

+      Merge branch 'master' of https://github.com/bigon/refpolicy

59

+      Merge branch 'resolved' of https://github.com/bigon/refpolicy

60

+      Merge branch 'iscsi' of https://github.com/bigon/refpolicy

61

+      Various modules: Version bump.

62

+      dnsmasq: Module version bump.

63

+      Merge branch 'minissdpd' of https://github.com/bigon/refpolicy

64

+      cron, minissdpd, ntp, systemd: Module version bump.

65

+      dbus, xserver, init, logging, modutils: Module version bump.

66

+      Merge branch 'syncthing' of https://github.com/alexminder/refpolicy

67

+      syncthing: Whitespace change

68

+      Merge branch 'lvm' of https://github.com/alexminder/refpolicy

69

+      lvm, syncthing: Module version bump.

70

+      sigrok: Remove extra comments.

71

+      networkmanager: Add ICMPv6 comment

72

+      sysnetwork: Move optional block in sysnet_dns_name_resolve().

73

+      sysnetwork: Move lines.

74

+      dpkg: Rename dpkg_read_script_tmp_links().

75

+      apt, rpm: Remove and move lines to fix fc conflicts.

76

+      sudo: Whitespace fix.

77

+      many: Module version bumps for changes from Russell Coker.

78

+      systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().

79

+      init: Remove inadvertent merge.

80

+      Merge branch 'nsd' of https://github.com/alexminder/refpolicy

81

+      nsd: Merge two rules into one.

82

+      Merge branch 'ssh_dac_read_search' of

83

+         git://github.com/fishilico/selinux-refpolicy

84

+      Merge branch 'restorecond_getattr_cgroupfs' of

85

+         git://github.com/fishilico/selinux-refpolicy

86

+      Merge branch 'systemd-logind-getutxent' of

87

+         git://github.com/fishilico/selinux-refpolicy

88

+      various: Module version bump.

89

+      iptables: Module version bump.

90

+      Add CONTRIBUTING file.

91

+      kernel, systemd: Move lines.

92

+      kernel, jabber, ntp, init, logging, systemd: Module version bump.

93

+      Merge branch 'systemd-journald_units_symlinks' of

94

+         git://github.com/fishilico/selinux-refpolicy

95

+      init, logging: Module version bump.

96

+      Merge branch 'services_single_usr_bin' of

97

+         git://github.com/fishilico/selinux-refpolicy

98

+      Merge branch 'init_rename_pid_interfaces' of

99

+         git://github.com/fishilico/selinux-refpolicy

100

+      various: Module name bump.

101

+      Merge branch 'systemd-rfkill' of

102

+         git://github.com/fishilico/selinux-refpolicy

103

+      systemd: Whitespace change

104

+      systemd: Module version bump.

105

+      Merge branch 'restorecond-symlinks' of

106

+         git://github.com/fishilico/selinux-refpolicy

107

+      Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy

108

+      usermanage, cron, selinuxutil: Module version bump.

109

+      logging, sysnetwork, systemd: Module version bump.

110

+      Merge branch 'restorecond-dontaudit-symlinks' of

111

+         git://github.com/fishilico/selinux-refpolicy

112

+      selinuxutil: Module version bump.

113

+      Merge branch 'dbus-dynamic-uid' of

114

+         git://github.com/fishilico/selinux-refpolicy

115

+      xserver: Move line

116

+      systemd: Move interface implementation.

117

+      various: Module version bump.

118

+      dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().

119

+      dpkg: Move interface implementations.

120

+      init: Rename init_read_generic_units_links() to

121

+         init_read_generic_units_symlinks().

122

+      init: Drop unnecessary userspace class dependence in

123

+         init_read_generic_units_symlinks().

124

+      chromium: Whitespace fixes.

125

+      chromium: Move line.

126

+      Merge branch 'dovecot' of git://github.com/alexminder/refpolicy

127

+      dovecot: Move lines.

128

+      various: Module version bump.

129

+      Merge branch 'postgres' of git://github.com/alexminder/refpolicy

130

+      filesystem, postgresql: Module version bump.

131

+      hostapd: Whitespace change.

132

+      hostapd: Move line.

133

+      various: Module version bump.

134

+      redis: Move line.

135

+      redis: Module version bump.

136

+      corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version

137

+         bump.

138

+      Bump module versions for release.

139

+

140

+David Sugar (15):

141

+      Interface to allow reading of virus signature files.

142

+      Update CUSTOM_BUILDOPT

143

+      Add interface udev_run_domain

144

+      Allow clamd_t to read /proc/sys/crypt/fips_enabled

145

+      Interface to add domain allowed to be read by ClamAV for scanning.

146

+      Add interfaces to control clamav_unit_t systemd services

147

+      Allow clamd to use sent file descriptor

148

+      Add interfaces to control ntpd_unit_t systemd services

149

+      interface to enable/disable systemd_networkd service

150

+      Interface to read cron_system_spool_t

151

+      Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled

152

+      Allow kmod to read /proc/sys/crypto/fips_enabled

153

+      Allow dbus to access /proc/sys/crypto/fips_enabled

154

+      Add missing require for 'daemon' attribute.

155

+      Allow auditctl_t to read bin_t symlinks.

156

+

157

+Dominick Grift (1):

158

+      unconfined: add a note about DBUS

159

+

160

+Guido Trentalancia (1):

161

+      Add sigrok contrib module

162

+

163

+Jagannathan Raman (1):

164

+      vhost: Add /dev/vhost-scsi device of type vhost_device_t.

165

+

166

+Jason Zaman (10):

167

+      selinux: compute_access_vector requires creating netlink_selinux_sockets

168

+      mozilla: xdg updates

169

+      xserver: label .cache/fontconfig as user_fonts_cache_t

170

+      Allow map xserver_misc_device_t for nvidia driver

171

+      iptables: fcontexts for 1.8.0

172

+      devices: introduce dev_dontaudit_read_sysfs

173

+      files: introduce files_dontaudit_read_etc_files

174

+      kernel: introduce kernel_dontaudit_read_kernel_sysctl

175

+      userdomain: introduce userdom_user_home_dir_filetrans_user_cert

176

+      Add chromium policy upstreamed from Gentoo

177

+

178

+Laurent Bigonville (10):

179

+      policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to

180

+         make sepolgen-ifgen happy

181

+      Add xdp_socket security class and access vectors

182

+      irqbalance now creates an abstract socket

183

+      Allow semanage_t to connect to system D-Bus bus

184

+      Allow ntpd_t to read init state

185

+      Add systemd_dbus_chat_resolved() interface

186

+      Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names

187

+      Allow systemd_resolved_t to bind to port 53 and use net_raw

188

+      Allow iscsid_t to create a netlink_iscsi_socket

189

+      Allow minissdpd_t to create a unix_stream_socket

190

+

191

+Luis Ressel (7):

192

+      corecommands: Fix /usr/share/apr* fc

193

+      xserver: Allow user fonts (and caches) to be mmap()ed.

194

+      Add fc for /var/lib/misc/logrotate.status

195

+      Realign logrotate.fc, remove an obvious comment

196

+      miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t

197

+      services/ssh: Don't audit accesses from ssh_t to /dev/random

198

+      system/init: Give init_spec_daemon_domain()s the "daemon" attribute

199

+

200

+Lukas Vrabec (1):

201

+      Improve domain_transition_pattern to allow mmap entrypoint bin file.

202

+

203

+Nicolas Iooss (11):

204

+      fstools: label e2mmpstatus as fsadm_exec_t

205

+      ssh: use dac_read_search instead of dac_override

206

+      selinuxutil: allow restorecond to try counting the number of files in

207

+         cgroup fs

208

+      systemd: allow systemd-logind to use getutxent()

209

+      Allow systemd-journald to read systemd unit symlinks

210

+      Label service binaries in /usr/bin like /usr/sbin

211

+      init: rename *_pid_* interfaces to use "runtime"

212

+      systemd: add policy for systemd-rfkill

213

+      selinuxutil: allow restorecond to read symlinks

214

+      selinuxutil: restorecond is buggy when it dereferencies symlinks

215

+      dbus: allow using dynamic UID

216

+

217

+Petr Vorel (1):

218

+      dnsmasq: Require log files to have .log suffix

219

+

220

+Russell Coker (19):

221

+      misc services patches

222

+      misc interfaces

223

+      last misc stuff

224

+      systemd related interfaces

225

+      systemd misc

226

+      missing from previous

227

+      cron trivial

228

+      mls stuff

229

+      logging

230

+      some little stuff

231

+      trivial system cronjob

232

+      another trivial

233

+      more tiny stuff

234

+      map systemd private dirs

235

+      tiny stuff for today

236

+      yet more tiny stuff

237

+      yet another little patch

238

+      chromium

239

+      more misc stuff

240

+

241

+Sugar, David (9):

242

+      Allow greeter to start dbus

243

+      pam_faillock creates files in /run/faillock

244

+      Add interface to get status of iptables service

245

+      Add interface to start/stop iptables service

246

+      label journald configuraiton files syslog_conf_t

247

+      Interface with systemd_hostnamed over dbus to set hostname

248

+      Modify type for /etc/hostname

249

+      Add interface clamav_run

250

+      Add interface to read journal files

251

+

252

+Yuli Khodorkovskiy (1):

253

+      ipsec: add missing permissions for pluto

254

+

255

 * Sun Jul 01 2018 Chris PeBenito <pebenito@××××.org> - 2.20180701

256

 Chris PeBenito (28):

257

       Enable cgroup_seclabel and nnp_nosuid_transition.

258

259

diff --git a/VERSION b/VERSION

260

index b40612cc..b93d30a8 100644

261

--- a/VERSION

262

+++ b/VERSION

263

@@ -1 +1 @@

264

-2.20180701

265

+2.20190201

1	commit: 744101042e9ae8eab4f942963b64dcaf5f2c738a
2	Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3	AuthorDate: Fri Feb 1 20:03:42 2019 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sun Feb 10 04:11:25 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=74410104
7
8	Update Changelog and VERSION for release.
9
10	Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
11
12	Changelog \| 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
13	VERSION \| 2 +-
14	2 files changed, 235 insertions(+), 1 deletion(-)
15
16	diff --git a/Changelog b/Changelog
17	index 116e228a..75d5fae0 100644
18	--- a/Changelog
19	+++ b/Changelog
20	@@ -1,3 +1,237 @@
21	+* Fri Feb 01 2019 Chris PeBenito <pebenito@××××.org> - 2.20190201
22	+Alexander Miroshnichenko (16):
23	+ Add signal_perms setpgid setsched permissions to syncthing_t.
24	+ Add corecmd_exec_bin permissions to syncthing_t.
25	+ Allow syncthing_t to read network state.
26	+ Allow syncthing_t to execute ifconfig/iproute2.
27	+ Add required permissions for nsd_t to be able running.
28	+ Add nsd_admin interface to sysadm.te.
29	+ Add map permission to lvm_t on lvm_metadata_t.
30	+ Add comment for map on lvm_metadata_t.
31	+ Remove syncthing tunable_policy.
32	+ Remove unneeded braces from nsd.te.
33	+ Add new interface fs_rmw_hugetlbfs_files.
34	+ Add map permission for postgresql_t to postgresql_tmp_t files.
35	+ Add dovecot_can_connect_db boolean.
36	+ fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface
37	+ Add hostapd service module
38	+ minor updates redis module to be able to start the app
39	+
40	+Chris PeBenito (85):
41	+ mozilla, devices, selinux, xserver, init, iptables: Module version bump.
42	+ devices: Module version bump.
43	+ misc_patterns.spt: Remove unnecessary brackets.
44	+ ipsec: Module version bump.
45	+ fstools: Module version bump.
46	+ corecommands: Module version bump.
47	+ xserver: Module version bump.
48	+ Merge pull request #1 from bigon/fix-sepolgen-ifgen
49	+ Remove unused translate permission in context userspace class.
50	+ logrotate: Module version bump.
51	+ miscfiles: Module version bump.
52	+ Merge pull request #3 from bigon/xdp-socket
53	+ obj_perm_sets.spt: Add xdp_socket to socket_class_set.
54	+ clamav, ssh, init: Module version bump.
55	+ amavis, apache, clamav, exim, mta, udev: Module version bump.
56	+ dnsmasq: Whitespace fix in file contexts.
57	+ dnsmasq: Reorder lines in file contexts.
58	+ Merge branch 'master' of https://github.com/bigon/refpolicy
59	+ Merge branch 'resolved' of https://github.com/bigon/refpolicy
60	+ Merge branch 'iscsi' of https://github.com/bigon/refpolicy
61	+ Various modules: Version bump.
62	+ dnsmasq: Module version bump.
63	+ Merge branch 'minissdpd' of https://github.com/bigon/refpolicy
64	+ cron, minissdpd, ntp, systemd: Module version bump.
65	+ dbus, xserver, init, logging, modutils: Module version bump.
66	+ Merge branch 'syncthing' of https://github.com/alexminder/refpolicy
67	+ syncthing: Whitespace change
68	+ Merge branch 'lvm' of https://github.com/alexminder/refpolicy
69	+ lvm, syncthing: Module version bump.
70	+ sigrok: Remove extra comments.
71	+ networkmanager: Add ICMPv6 comment
72	+ sysnetwork: Move optional block in sysnet_dns_name_resolve().
73	+ sysnetwork: Move lines.
74	+ dpkg: Rename dpkg_read_script_tmp_links().
75	+ apt, rpm: Remove and move lines to fix fc conflicts.
76	+ sudo: Whitespace fix.
77	+ many: Module version bumps for changes from Russell Coker.
78	+ systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().
79	+ init: Remove inadvertent merge.
80	+ Merge branch 'nsd' of https://github.com/alexminder/refpolicy
81	+ nsd: Merge two rules into one.
82	+ Merge branch 'ssh_dac_read_search' of
83	+ git://github.com/fishilico/selinux-refpolicy
84	+ Merge branch 'restorecond_getattr_cgroupfs' of
85	+ git://github.com/fishilico/selinux-refpolicy
86	+ Merge branch 'systemd-logind-getutxent' of
87	+ git://github.com/fishilico/selinux-refpolicy
88	+ various: Module version bump.
89	+ iptables: Module version bump.
90	+ Add CONTRIBUTING file.
91	+ kernel, systemd: Move lines.
92	+ kernel, jabber, ntp, init, logging, systemd: Module version bump.
93	+ Merge branch 'systemd-journald_units_symlinks' of
94	+ git://github.com/fishilico/selinux-refpolicy
95	+ init, logging: Module version bump.
96	+ Merge branch 'services_single_usr_bin' of
97	+ git://github.com/fishilico/selinux-refpolicy
98	+ Merge branch 'init_rename_pid_interfaces' of
99	+ git://github.com/fishilico/selinux-refpolicy
100	+ various: Module name bump.
101	+ Merge branch 'systemd-rfkill' of
102	+ git://github.com/fishilico/selinux-refpolicy
103	+ systemd: Whitespace change
104	+ systemd: Module version bump.
105	+ Merge branch 'restorecond-symlinks' of
106	+ git://github.com/fishilico/selinux-refpolicy
107	+ Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy
108	+ usermanage, cron, selinuxutil: Module version bump.
109	+ logging, sysnetwork, systemd: Module version bump.
110	+ Merge branch 'restorecond-dontaudit-symlinks' of
111	+ git://github.com/fishilico/selinux-refpolicy
112	+ selinuxutil: Module version bump.
113	+ Merge branch 'dbus-dynamic-uid' of
114	+ git://github.com/fishilico/selinux-refpolicy
115	+ xserver: Move line
116	+ systemd: Move interface implementation.
117	+ various: Module version bump.
118	+ dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().
119	+ dpkg: Move interface implementations.
120	+ init: Rename init_read_generic_units_links() to
121	+ init_read_generic_units_symlinks().
122	+ init: Drop unnecessary userspace class dependence in
123	+ init_read_generic_units_symlinks().
124	+ chromium: Whitespace fixes.
125	+ chromium: Move line.
126	+ Merge branch 'dovecot' of git://github.com/alexminder/refpolicy
127	+ dovecot: Move lines.
128	+ various: Module version bump.
129	+ Merge branch 'postgres' of git://github.com/alexminder/refpolicy
130	+ filesystem, postgresql: Module version bump.
131	+ hostapd: Whitespace change.
132	+ hostapd: Move line.
133	+ various: Module version bump.
134	+ redis: Move line.
135	+ redis: Module version bump.
136	+ corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version
137	+ bump.
138	+ Bump module versions for release.
139	+
140	+David Sugar (15):
141	+ Interface to allow reading of virus signature files.
142	+ Update CUSTOM_BUILDOPT
143	+ Add interface udev_run_domain
144	+ Allow clamd_t to read /proc/sys/crypt/fips_enabled
145	+ Interface to add domain allowed to be read by ClamAV for scanning.
146	+ Add interfaces to control clamav_unit_t systemd services
147	+ Allow clamd to use sent file descriptor
148	+ Add interfaces to control ntpd_unit_t systemd services
149	+ interface to enable/disable systemd_networkd service
150	+ Interface to read cron_system_spool_t
151	+ Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled
152	+ Allow kmod to read /proc/sys/crypto/fips_enabled
153	+ Allow dbus to access /proc/sys/crypto/fips_enabled
154	+ Add missing require for 'daemon' attribute.
155	+ Allow auditctl_t to read bin_t symlinks.
156	+
157	+Dominick Grift (1):
158	+ unconfined: add a note about DBUS
159	+
160	+Guido Trentalancia (1):
161	+ Add sigrok contrib module
162	+
163	+Jagannathan Raman (1):
164	+ vhost: Add /dev/vhost-scsi device of type vhost_device_t.
165	+
166	+Jason Zaman (10):
167	+ selinux: compute_access_vector requires creating netlink_selinux_sockets
168	+ mozilla: xdg updates
169	+ xserver: label .cache/fontconfig as user_fonts_cache_t
170	+ Allow map xserver_misc_device_t for nvidia driver
171	+ iptables: fcontexts for 1.8.0
172	+ devices: introduce dev_dontaudit_read_sysfs
173	+ files: introduce files_dontaudit_read_etc_files
174	+ kernel: introduce kernel_dontaudit_read_kernel_sysctl
175	+ userdomain: introduce userdom_user_home_dir_filetrans_user_cert
176	+ Add chromium policy upstreamed from Gentoo
177	+
178	+Laurent Bigonville (10):
179	+ policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to
180	+ make sepolgen-ifgen happy
181	+ Add xdp_socket security class and access vectors
182	+ irqbalance now creates an abstract socket
183	+ Allow semanage_t to connect to system D-Bus bus
184	+ Allow ntpd_t to read init state
185	+ Add systemd_dbus_chat_resolved() interface
186	+ Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names
187	+ Allow systemd_resolved_t to bind to port 53 and use net_raw
188	+ Allow iscsid_t to create a netlink_iscsi_socket
189	+ Allow minissdpd_t to create a unix_stream_socket
190	+
191	+Luis Ressel (7):
192	+ corecommands: Fix /usr/share/apr* fc
193	+ xserver: Allow user fonts (and caches) to be mmap()ed.
194	+ Add fc for /var/lib/misc/logrotate.status
195	+ Realign logrotate.fc, remove an obvious comment
196	+ miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t
197	+ services/ssh: Don't audit accesses from ssh_t to /dev/random
198	+ system/init: Give init_spec_daemon_domain()s the "daemon" attribute
199	+
200	+Lukas Vrabec (1):
201	+ Improve domain_transition_pattern to allow mmap entrypoint bin file.
202	+
203	+Nicolas Iooss (11):
204	+ fstools: label e2mmpstatus as fsadm_exec_t
205	+ ssh: use dac_read_search instead of dac_override
206	+ selinuxutil: allow restorecond to try counting the number of files in
207	+ cgroup fs
208	+ systemd: allow systemd-logind to use getutxent()
209	+ Allow systemd-journald to read systemd unit symlinks
210	+ Label service binaries in /usr/bin like /usr/sbin
211	+ init: rename _pid_ interfaces to use "runtime"
212	+ systemd: add policy for systemd-rfkill
213	+ selinuxutil: allow restorecond to read symlinks
214	+ selinuxutil: restorecond is buggy when it dereferencies symlinks
215	+ dbus: allow using dynamic UID
216	+
217	+Petr Vorel (1):
218	+ dnsmasq: Require log files to have .log suffix
219	+
220	+Russell Coker (19):
221	+ misc services patches
222	+ misc interfaces
223	+ last misc stuff
224	+ systemd related interfaces
225	+ systemd misc
226	+ missing from previous
227	+ cron trivial
228	+ mls stuff
229	+ logging
230	+ some little stuff
231	+ trivial system cronjob
232	+ another trivial
233	+ more tiny stuff
234	+ map systemd private dirs
235	+ tiny stuff for today
236	+ yet more tiny stuff
237	+ yet another little patch
238	+ chromium
239	+ more misc stuff
240	+
241	+Sugar, David (9):
242	+ Allow greeter to start dbus
243	+ pam_faillock creates files in /run/faillock
244	+ Add interface to get status of iptables service
245	+ Add interface to start/stop iptables service
246	+ label journald configuraiton files syslog_conf_t
247	+ Interface with systemd_hostnamed over dbus to set hostname
248	+ Modify type for /etc/hostname
249	+ Add interface clamav_run
250	+ Add interface to read journal files
251	+
252	+Yuli Khodorkovskiy (1):
253	+ ipsec: add missing permissions for pluto
254	+
255	* Sun Jul 01 2018 Chris PeBenito <pebenito@××××.org> - 2.20180701
256	Chris PeBenito (28):
257	Enable cgroup_seclabel and nnp_nosuid_transition.
258
259	diff --git a/VERSION b/VERSION
260	index b40612cc..b93d30a8 100644
261	--- a/VERSION
262	+++ b/VERSION
263	@@ -1 +1 @@
264	-2.20180701
265	+2.20190201

Gentoo Archives: gentoo-commits