1 |
Hi guys, |
2 |
|
3 |
I've pushed out another set of ebuilds for the SELinux policies, containing |
4 |
83 changes as reported by git. Needless to say, some testing is appreciated ;-) |
5 |
|
6 |
Short changelog below. |
7 |
|
8 |
Wkr, |
9 |
Sven Vermeulen |
10 |
|
11 |
9f242f6 Module version bumps for file context fixes in various policy modules by Laurent Bigonville |
12 |
c9b7346 Label /usr/bin/kvm as qemu_exec_t |
13 |
19cdd44 ptchown.fc: Properly label pt_chown executable in Debian |
14 |
f3b0af1 gnomeclock.fc: Properly label gsd-datetime-mechanism in Debian |
15 |
6de9099 Fix typo in mcelog_admin (missing bracket) |
16 |
e507015 Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-refpolicy |
17 |
9b69c1f updating udev-197 udevd location for gentoo bug 451128 |
18 |
65c069f Google talk plugin searches through devices |
19 |
a5c9b3e Remove calls that are merged (were in distro_gentoo blocks but not needed anymore) |
20 |
59251ce Module version bump for fixes from Dominick Grift. |
21 |
6969d25 NSCD related changes in various policy modules |
22 |
de5aa80 Changes to the userdomain policy module |
23 |
120c8be Changes to the init policy module |
24 |
d7b373a Module version bump for misc updates from Sven Vermeulen. |
25 |
80a0782 Introduce exec-check interfaces for passwd binaries and useradd binaries |
26 |
c98a726 Allow initrc_t to read stunnel configuration |
27 |
545015a Allow syslogger to manage cron log files (v2) |
28 |
c6dbdc8 lvscan creates the /run/lock/lvm directory if nonexisting (v2) |
29 |
c2097b3 Postgresql 9.2 connects to its unix stream socket |
30 |
b97379a Module version bumps for fixes in various policy module by Sven Vermeulen |
31 |
60829a7 Changes to the puppet policy module |
32 |
284c7ca Changes to the virt policy module |
33 |
631f92e Puppet runs statfs against selinuxfs |
34 |
2e349e9 Puppet initscript creates /run/puppet |
35 |
fc536df Support netlink_route_socket creation for puppet |
36 |
6faf8db Puppet module helper scripts are puppet_var_lib_t |
37 |
c01b451 Grant sys_admin capability to puppet |
38 |
d1c0e94 Allow rpc admin to run exportfs |
39 |
3e5f315 Changes to puppet domain |
40 |
f283916 Move mta call (coding style) |
41 |
ee6f07d Mark make.profile entry as portage_conf_t (v2) |
42 |
ca9488d More .maildir fixes |
43 |
775f39d Allow staff and regular user the googletalk plugin domains |
44 |
800aca7 Support using googletalk |
45 |
33ef617 Introduce googletalk policy |
46 |
a1d8e9e Support mozilla_dontaudit_use_fds and mozilla_send_dgram_plugin interfaces |
47 |
72d8966 Introduce xdg_search_config_home_dirs interface |
48 |
291da0d Fix typo, needed to call the argument, not sysadm_t |
49 |
2e34d4e Create filetransition for ld.so.cache~ |
50 |
535015c Mozilla plugin to read profile info |
51 |
c0a7407 Move gentoo specifics downwards |
52 |
e81132e Udev init script writes to /proc/sys/kernel/hotplug |
53 |
d7a74e2 Use udev_rules_t for /run/udev/rules.d |
54 |
16b663c Support a file transition from udev_var_run_t to udev_rules_t |
55 |
dd062fb Move majority of gentoo specifics downwards |
56 |
a642219 Add file transition for /dev/.lvm created by lvm_t |
57 |
cb6cc4d Move Gentoo specifics downwards |
58 |
8b82a9a Mark /run/udev/rules.d as udev_rules_t |
59 |
22c79cd Move gentoo specifics down |
60 |
94f9528 Fix specification collision |
61 |
30716f7 Allow qemu to create TCP sockets (VNC support) |
62 |
a52c5eb Move distro_gentoo stuff towards the end of the file (easier upstream patching) |
63 |
1d5cee4 Allow restorecon/setfiles to read all symlinks |
64 |
3733985 Puppet runs statfs against selinuxfs |
65 |
4a0681d Puppet initscript creates /run/puppet |
66 |
08e4126 Support netlink_route_socket creation for puppet |
67 |
a21e705 Puppet module helper scripts are puppet_var_lib_t |
68 |
8317266 Grant sys_admin capability to puppet |
69 |
1ff5050 Mark sysadm as rpc_admin |
70 |
acc84cf Allow rpc admin to run exportfs |
71 |
f990dd9 Allow sysadmin to call rpcinfo |
72 |
6e18623 Remove redundant net_bind_service capabilities in various modules |
73 |
aa3d987 Changes to the apcupsd policy module |
74 |
2689d76 Changes to the dbus policy module |
75 |
3ed388d Changes to the cups policy module |
76 |
05cc79c Module version bumps for fixes in various policy modules by Laurent Bigonville |
77 |
0608e67 Allow cupsd_t to read cupsd_log_t |
78 |
768a51c Allow virsh_t context to read sysctl_crypto_t |
79 |
0d6cad3 Allow networkmanager_t to read crypto_sysctl_t |
80 |
f155aab Allow pcscd the fsetid capability |
81 |
319156b cups.fc: Properly label cups-pk-helper-mechanism on Debian |
82 |
9f4c32e policykit.fc: Properly label polkit-agent-helper-1 on Debian |
83 |
9831e61 Changes to the dbus policy module |
84 |
bdfa170 Properly label nm-dispatcher.action on Debian |
85 |
04c3a35 Changes to the nscd policy module and relevant dependencies |
86 |
4348e22 Changes to the wdmd policy module and relevant dependencies |
87 |
6b6e45c Changes to the logwatch policy module |
88 |
75f29a2 Changes to the userhelper policy module |
89 |
ff3ed95 Changes to the cobbler policy module |
90 |
975a174 Changes to the dovecot policy module |
91 |
0b82370 Changes to the munin policy module |
92 |
cd61d48 Changes to the virt policy module |
93 |
ec537ce Changes to the dkim policy module |