Accepted: refpolicy 0.0.20071214-0ubuntu1 (source)

Caleb Case ccase at tresys.com
Fri Feb 15 02:21:01 GMT 2008 

Accepted:
 OK: refpolicy_0.0.20071214.orig.tar.gz
 OK: refpolicy_0.0.20071214-0ubuntu1.diff.gz
 OK: refpolicy_0.0.20071214-0ubuntu1.dsc
     -> Component: universe Section: admin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 08 Feb 2008 03:22:20 -0500
Source: refpolicy
Binary: selinux-policy-refpolicy selinux-policy-refpolicy-cups selinux-policy-refpolicy-unconfined selinux-policy-refpolicy-dev selinux-policy-refpolicy-doc
Architecture: source
Version: 0.0.20071214-0ubuntu1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu Hardened Developers <ubuntu-hardened at lists.ubuntu.com>
Changed-By: Caleb Case <ccase at tresys.com>
Description: 
 selinux-policy-refpolicy - Security-Enhanced Linux Reference Policy Base Module
 selinux-policy-refpolicy-cups - Security-Enhanced Linux Reference Policy Cups Module
 selinux-policy-refpolicy-dev - Security-Enhanced Linux Reference Policy Development Headers
 selinux-policy-refpolicy-doc - Security-Enhanced Linux Reference Policy Documentation
 selinux-policy-refpolicy-unconfined - Security-Enhanced Linux Reference Policy Unconfined Module
Changes: 
 refpolicy (0.0.20071214-0ubuntu1) hardy; urgency=low
 .
   [ Caleb Case ]
   * New upstream SVN HEAD.
    - Labeled networking peer object class updates.
    - Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
    - Improve several tunables descriptions from Dan Walsh.
    - Patch to clean up ns switch usage in the policy from Dan Walsh.
    - More complete labeled networking infrastructure from KaiGai Kohei.
    - Add interface for libselinux constructor, for libselinux-linked
      SELinux-enabled programs.
    - Patch to restructure user role templates to create restricted user roles
      from Dan Walsh.
    - Russian man page translations from Andrey Markelov.
    - Remove unused types from dbus.
    - Add infrastructure for managing all user web content.
    - Deprecate some old file and dir permission set macros in favor of the
      newer, more consistently-named macros.
    - Patch to clean up unescaped periods in several file context entries from
      Jan-Frode Myklebust.
    - Merge shlib_t into lib_t.
    - Merge strict and targeted policies.  The policy will now behave like the
      strict policy if the unconfined module is not present.  If it is, it will
      behave like the targeted policy.  Added an unconfined role to have a mix
      of confined and unconfined users.
    - Added modules:
    	exim (Dan Walsh)
    	postfixpolicyd (Jan-Frode Myklebust)
    - Add support for setting the unknown permissions handling.
    - Fix XML building for external reference builds and headers builds.
    - Patch to add missing requirements in userdomain interfaces from Shintaro
      Fujiwara.
    - Add tcpd_wrapped_domain() for services that use tcp wrappers.
    - Update MLS constraints from LSPP evaluated policy.
    - Allow initrc_t file descriptors to be inherited regardless of MLS level.
      Accordingly drop MLS permissions from daemons that inherit from any level.
    - Files and radvd updates from Stefan Schulze Frielinghaus.
    - Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
      mls_write_all_levels() and mls_read_all_levels(), for consistency.
    - Add make kernel and init ranged interfaces pass the range transition MLS
      constraints.  Also remove calls to mls_rangetrans_target() in modules that
      use the kernel and init interfaces, since its redundant.
    - Add interfaces for all MLS attributes except X object classes.
    - Require all sensitivities and categories for MLS and MCS policies, not just
      the low and high sensitivity and category.
    - Database userspace object manager classes from KaiGai Kohei.
    - Add third-party interface for Apache CGI.
    - Add getserv and shmemserv nscd permissions.
    - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
    - Added modules:
    	application
    	awstats (Stefan Schulze Frielinghaus)
    	bitlbee (Devin Carraway)
    	brctl (Dan Walsh)
    - Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
      libraries module.
    - Unified labeled networking policy from Paul Moore.
    - Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
    - Xen updates from Dan Walsh.
    - Filesystem updates from Dan Walsh.
    - Large samba update from Dan Walsh.
    - Drop snmpd_etc_t.
    - Confine sendmail and logrotate on targeted.
    - Tunable connection to postgresql for users from KaiGai Kohei.
    - Memprotect support patch from Stephen Smalley.
    - Add logging_send_audit_msgs() interface and deprecate
      send_audit_msgs_pattern().
    - Openct updates patch from Dan Walsh.
    - Merge restorecon into setfiles.
    - Patch to begin separating out hald helper programs from Dan Walsh.
    - Fixes for squid, dovecot, and snmp from Dan Walsh.
    - Miscellaneous consolekit fixes from Dan Walsh.
    - Patch to have avahi use the nsswitch interface rather than individual
      permissions from Dan Walsh.
    - Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
    - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
      to handle usage from userhelper from Dan Walsh.
    - Patch to allow amavis to read spamassassin libraries from Dan Walsh.
    - Patch to allow slocate to getattr other filesystems and directories on those
      filesystems from Dan Walsh.
    - Fixes for RHEL4 from the CLIP project.
    - Replace the old lrrd fc entries with munin ones.
    - Move program admin template usage out of userdom_admin_user_template() to
      sysadm policy in userdomain.te to fix usage of the template for third
      parties.
    - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
      template instead of an interface.
    - Added modules:
    	amtu (Dan Walsh)
    	apcupsd (Dan Walsh)
    	rpcbind (Dan Walsh)
    	rwho (Nalin Dahyabhai)
   * debian/control
     * selinux-policy-refpolicy depends on *-cups an *-unconfined policies.
     * selinux-policy-refpolicy-(cups|unconfined) provide
       selinux-policy-(cups|unconfined) (potentially allowing a user to install
       a dummy package to satisfy).
   * debian/patches/conf.patch
     * added seusers patch that makes all users unconfined by default.
   * debian/selinux-policy-refpolicy.*
     * adding in dbus policy
 .
   [ Joseph Jackson IV ]
   * debian/control
     - Update Debian Maintainer field
 .
   [ J. Tang ]
   * debian/postinst
     - Invoke /usr/sbin/update-selinux-policy to change the policy
     to refpolicy, if possible.
   * debian/selinux-policy-refpolicy.*postrrm
     - Handle purging correctly.
Files: 
 800b12780d0c3a42f82ab4c37da6a4db 914 admin optional refpolicy_0.0.20071214-0ubuntu1.dsc
 f57eca5fad8d5ae6d1a71434342a4388 460851 admin optional refpolicy_0.0.20071214.orig.tar.gz
 3acb6a544055897e0c2cad24ef2eebc0 23316 admin optional refpolicy_0.0.20071214-0ubuntu1.diff.gz
Original-Maintainer: Caleb Case <ccase at tresys.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHtPZcH/9LqRcGPm0RAqTCAJ424S+5t0SJKNc7ajO2RVNxgpOeMQCeLGWm
FUG6XVtSJBYNvRrAnCLEMvQ=
=lsHb
-----END PGP SIGNATURE-----

More information about the Hardy-changes mailing list