[gentoo-commits] proj/hardened-refpolicy:master commit in: / - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: /
Date:	Thu, 17 Dec 2015 16:10:45
Message-Id:	`1450365922.8ba3d32077cb80df69133ea44ab31a39992427c8.perfinion@gentoo`

1

commit:     8ba3d32077cb80df69133ea44ab31a39992427c8

2

Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>

3

AuthorDate: Tue Dec  8 14:53:02 2015 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Thu Dec 17 15:25:22 2015 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8ba3d320

7

8

Update Changelog and VERSION for release.

9

10

 Changelog | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

11

 VERSION   |  2 +-

12

 2 files changed, 88 insertions(+), 1 deletion(-)

13

14

diff --git a/Changelog b/Changelog

15

index 1f53185..617f49e 100644

16

--- a/Changelog

17

+++ b/Changelog

18

@@ -1,3 +1,90 @@

19

+* Tue Dec 08 2015 Chris PeBenito <selinux@××××××.com> - 2.20151208

20

+Alexander Wetzel (1):

21

+      adds vfio device support to base policy

22

+

23

+Chris PeBenito (48):

24

+      Module version bump for optional else block removal from Steve Lawrence.

25

+      Add always_check_network policy capability.

26

+      Update contrib.

27

+      Fix domain_mmap_low() to be a proper tunable.

28

+      Add initial Travis CI configuration.

29

+      Travis CI already exports variables.

30

+      Add validate target for monolithic policy.

31

+      Update contrib.

32

+      Use matrix keyword to simplify travis-ci build definitions.

33

+      Undo last commit.

34

+      Simplify travis-ci build handling of SELinux toolchain.

35

+      Update contrib.

36

+      Module version bump for fstools blkid fix from Jason Zaman

37

+      Update contrib.

38

+      Module version bump for debufs mount point fc entry from Laurent

39

+         Bigonville.

40

+      Module version bump for updated netlink sockets from Stephen Smalley

41

+      Update contrib.

42

+      Module version bump for init_startstop_service from Jason Zaman.

43

+      Update contrib.

44

+      Change CI tests to drop DIRECT_INITRC.

45

+      Module version bumps for further init_startstop_service() changes from

46

+         Jason Zaman.

47

+      Module version bump for admin interface changes from Jason Zaman.

48

+      Update contrib.

49

+      Module version bumps for admin interfaces from Jason Zaman.

50

+      Module version bump for cron_admin for sysadm from Jason Zaman.

51

+      Module version bump for ssh-agent -k fix from Luis Ressel.

52

+      Module version bump for APR build script labeling from Luis Ressel.

53

+      Module version bump for vfio device from Alexander Wetzel.

54

+      Update contrib.

55

+      Rearrange lines in ipsec.te.

56

+      Module version bump for patches from Jason Zaman/Matthias Dahl.

57

+      Add systemd build option.

58

+      Add systemd access vectors.

59

+      Implement core systemd policy.

60

+      Add supporting rules for domains tightly-coupled with systemd.

61

+      Add rules for sysadm_r to manage the services.

62

+      Add systemd units for core refpolicy services.

63

+      Add sysfs_types attribute.

64

+      Add refpolicy core socket-activated services.

65

+      Change policy_config_t to a security file type.

66

+      Merge branch 'pebenito-master'

67

+      Module version bump for systemd additions.

68

+      Update contrib for dbus systemd fix.

69

+      Revise selinux module interfaces for perms protected by neverallows.

70

+      Remove bad interface in systemd.if.

71

+      Module version bump for utempter Debian helper from Laurent Bigonville.

72

+      Update contrib.

73

+      Bump module versions for release.

74

+

75

+Jason Zaman (13):

76

+      fstools: add in filetrans for /run dir

77

+      Introduce init_startstop_service interface

78

+      logging: use init_startstop_service in _admin interface

79

+      postgresql: use init_startstop_service in _admin interface

80

+      Add openrc support to init_startstop_service

81

+      Introduce iptables_admin

82

+      Add all the missing _admin interfaces to sysadm

83

+      Introduce lvm_admin interface

84

+      Introduce ipsec_admin interface

85

+      Introduce setrans_admin interface

86

+      add new cron_admin interface to sysadm

87

+      Add overlayfs as an XATTR capable fs

88

+      system/ipsec: Add policy for StrongSwan

89

+

90

+Laurent Bigonville (4):

91

+      Add fc for /sys/kernel/debug as debugfs_t

92

+      Add "binder" security class and access vectors

93

+      Properly label utempter helper on debian

94

+      Allow the user cronjobs to run in their userdomain

95

+

96

+Luis Ressel (2):

97

+      Allow ssh-agent to send signals to itself

98

+      Mark APR build scripts as bin_t

99

+

100

+Stephen Smalley (1):

101

+      Update netlink socket classes.

102

+

103

+Steve Lawrence (1):

104

+      Remove optional else block for dhcp ping

105

+

106

 * Wed Dec 03 2014 Chris PeBenito <selinux@××××××.com> - 2.20141203

107

 Artyom Smirnov (3):

108

       New database object classes

109

110

diff --git a/VERSION b/VERSION

111

index a9e4840..382483e 100644

112

--- a/VERSION

113

+++ b/VERSION

114

@@ -1 +1 @@

115

-2.20141203

116

+2.20151208

1	commit: 8ba3d32077cb80df69133ea44ab31a39992427c8
2	Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
3	AuthorDate: Tue Dec 8 14:53:02 2015 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Thu Dec 17 15:25:22 2015 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8ba3d320
7
8	Update Changelog and VERSION for release.
9
10	Changelog \| 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
11	VERSION \| 2 +-
12	2 files changed, 88 insertions(+), 1 deletion(-)
13
14	diff --git a/Changelog b/Changelog
15	index 1f53185..617f49e 100644
16	--- a/Changelog
17	+++ b/Changelog
18	@@ -1,3 +1,90 @@
19	+* Tue Dec 08 2015 Chris PeBenito <selinux@××××××.com> - 2.20151208
20	+Alexander Wetzel (1):
21	+ adds vfio device support to base policy
22	+
23	+Chris PeBenito (48):
24	+ Module version bump for optional else block removal from Steve Lawrence.
25	+ Add always_check_network policy capability.
26	+ Update contrib.
27	+ Fix domain_mmap_low() to be a proper tunable.
28	+ Add initial Travis CI configuration.
29	+ Travis CI already exports variables.
30	+ Add validate target for monolithic policy.
31	+ Update contrib.
32	+ Use matrix keyword to simplify travis-ci build definitions.
33	+ Undo last commit.
34	+ Simplify travis-ci build handling of SELinux toolchain.
35	+ Update contrib.
36	+ Module version bump for fstools blkid fix from Jason Zaman
37	+ Update contrib.
38	+ Module version bump for debufs mount point fc entry from Laurent
39	+ Bigonville.
40	+ Module version bump for updated netlink sockets from Stephen Smalley
41	+ Update contrib.
42	+ Module version bump for init_startstop_service from Jason Zaman.
43	+ Update contrib.
44	+ Change CI tests to drop DIRECT_INITRC.
45	+ Module version bumps for further init_startstop_service() changes from
46	+ Jason Zaman.
47	+ Module version bump for admin interface changes from Jason Zaman.
48	+ Update contrib.
49	+ Module version bumps for admin interfaces from Jason Zaman.
50	+ Module version bump for cron_admin for sysadm from Jason Zaman.
51	+ Module version bump for ssh-agent -k fix from Luis Ressel.
52	+ Module version bump for APR build script labeling from Luis Ressel.
53	+ Module version bump for vfio device from Alexander Wetzel.
54	+ Update contrib.
55	+ Rearrange lines in ipsec.te.
56	+ Module version bump for patches from Jason Zaman/Matthias Dahl.
57	+ Add systemd build option.
58	+ Add systemd access vectors.
59	+ Implement core systemd policy.
60	+ Add supporting rules for domains tightly-coupled with systemd.
61	+ Add rules for sysadm_r to manage the services.
62	+ Add systemd units for core refpolicy services.
63	+ Add sysfs_types attribute.
64	+ Add refpolicy core socket-activated services.
65	+ Change policy_config_t to a security file type.
66	+ Merge branch 'pebenito-master'
67	+ Module version bump for systemd additions.
68	+ Update contrib for dbus systemd fix.
69	+ Revise selinux module interfaces for perms protected by neverallows.
70	+ Remove bad interface in systemd.if.
71	+ Module version bump for utempter Debian helper from Laurent Bigonville.
72	+ Update contrib.
73	+ Bump module versions for release.
74	+
75	+Jason Zaman (13):
76	+ fstools: add in filetrans for /run dir
77	+ Introduce init_startstop_service interface
78	+ logging: use init_startstop_service in _admin interface
79	+ postgresql: use init_startstop_service in _admin interface
80	+ Add openrc support to init_startstop_service
81	+ Introduce iptables_admin
82	+ Add all the missing _admin interfaces to sysadm
83	+ Introduce lvm_admin interface
84	+ Introduce ipsec_admin interface
85	+ Introduce setrans_admin interface
86	+ add new cron_admin interface to sysadm
87	+ Add overlayfs as an XATTR capable fs
88	+ system/ipsec: Add policy for StrongSwan
89	+
90	+Laurent Bigonville (4):
91	+ Add fc for /sys/kernel/debug as debugfs_t
92	+ Add "binder" security class and access vectors
93	+ Properly label utempter helper on debian
94	+ Allow the user cronjobs to run in their userdomain
95	+
96	+Luis Ressel (2):
97	+ Allow ssh-agent to send signals to itself
98	+ Mark APR build scripts as bin_t
99	+
100	+Stephen Smalley (1):
101	+ Update netlink socket classes.
102	+
103	+Steve Lawrence (1):
104	+ Remove optional else block for dhcp ping
105	+
106	* Wed Dec 03 2014 Chris PeBenito <selinux@××××××.com> - 2.20141203
107	Artyom Smirnov (3):
108	New database object classes
109
110	diff --git a/VERSION b/VERSION
111	index a9e4840..382483e 100644
112	--- a/VERSION
113	+++ b/VERSION
114	@@ -1 +1 @@
115	-2.20141203
116	+2.20151208

Gentoo Archives: gentoo-commits