refpolicy 2:2.20131214-1 source package in Ubuntu
Changelog
refpolicy (2:2.20131214-1) unstable; urgency=low
* Team upload.
[ Laurent Bigonville ]
* New GIT snapshot of the policy
- Drop all the Debian specific patches, some of the patches have been
merged upstream, but the rest was making it really difficult to upgrade
the policy to the new upstream versions.
- Add block_suspend access vectors (Closes: #722700)
- libvirt should now run when compiled with selinux support
(Closes: #559356)
- Allow smartd daemon to write in /var/lib/smartmontools directory
(Closes: #720631)
- NetworkManager should now be able to write /run/network/ifstate
(Closes: #711083)
- Allow dovecot self:process setsched permission (Closes: #716753)
- Add denyhosts policy package (Closes: #700403)
- deny_ptrace boolean is now gone (Closes: #691284)
- Allow fail2ban dac_read_search and dac_override capabilities
(Closes: #700326)
- irqbalance has now the getsched permission (Closes: #707243)
* Refresh debian/modules.conf.* for new release, build all the policy
packages as modules now
* Drop debian/file_contexts.subs_dist, install upstream one instead
* debian/rules: policy/rolemap file is gone
* debian/control: Bump {build-}dependencies to the last userspace release
* debian/rules: Disable UBAC for the default policy
* debian/rules: Build the default policy with UNK_PERMS=allow
* debian/control: Add dependency against selinux-utils for selinuxenabled
* debian/NEWS: Add some information about the proper way to permanently
disable a module
* d/p/0004-init-startpar-initrc_t-gets-attributes-of-dev-dm-0-d.patch:
Fix FTBFS and allow startpar can getattr of some devices
* Add d/p/0005-add-missing-newline.patch: Add missing newline at the end of
the file, this is causing weird behaviour, thanks M4
* d/p/0006-allow-udev-write-rulesd.patch: Allow udev to write in
/etc/udev/rules.d (Closes: #712970)
[ Mika Pflüger ]
* debian/postinst.policy: Rewrite the postinst script for the
selinux-policy-* packages to automatically upgrade the running policy.
(Closes: #552147)
* debian/copyright: Update to machine-readable copyright format.
* debian/postrm.policy: Use common postrm script for selinux-policy-*
packages.
-- Laurent Bigonville <email address hidden> Sun, 15 Dec 2013 22:53:06 +0100
Upload details
- Uploaded by:
- Debian SELinux maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian SELinux maintainers
- Architectures:
- all
- Section:
- admin
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| refpolicy_2.20131214-1.dsc | 2.0 KiB | fd63c3b718d882256f58929959338966586ee2e1240b04bbaa40951fcbd760ef |
| refpolicy_2.20131214.orig.tar.bz2 | 474.0 KiB | 6f1c759c2599699e45630dc15542c481c4877818ce2ee0dfcae6d765e5669ff4 |
| refpolicy_2.20131214-1.debian.tar.gz | 58.4 KiB | 71842f684e160735bbf76c12ab7e4bd760e8f34a4e2fc50ec85b735089f84b4c |
Available diffs
No changes file available.
Binary packages built by this source
- selinux-policy-default: Strict and Targeted variants of the SELinux policy
This is the reference policy for SE Linux. In the default configuration it
will provide the functionality previously known as the "targeted" policy. If
the module "unconfined" is removed then it provides the functionality
previously known as the "strict" policy.
.
This uses the MMCS system of categories.
- selinux-policy-dev: Headers from the SELinux reference policy for building modules
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This package provides header files for building your own SELinux
policy packages compatible with official policy packages.
- selinux-policy-doc: Documentation for the SELinux reference policy
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This package contains the documentation for the reference policy.
- selinux-policy-mls: MLS (Multi Level Security) variant of the SELinux policy
This is the reference policy for SE Linux built with MLS support. It allows
giving data labels such as "Top Secret" and preventing such data from leaking
to processes or files with lower classification.
.
It was developed for Common Criteria LSPP certification for RHEL. It will
probably never be well supported in Debian and is only recommended for
students who want to learn about the security features used by the military.
- selinux-policy-src: Source of the SELinux reference policy for customization
The SELinux Reference Policy (refpolicy) is a complete SELinux
policy, as an alternative to the existing strict and targeted
policies available from http://selinux. sf.net. The goal is to have
this policy as the system policy, be and used as the basis for
creating other policies. Refpolicy is based on the current strict and
targeted policies, but aims to accomplish many additional
goals:
+ Strong Modularity
+ Clearly stated security Goals
+ Documentation
+ Development Tool Support
+ Forward Looking
+ Configurability
+ Flexible Base Policy
+ Application Policy Variations
+ Multi-Level Security
.
This is the source of the policy, provided so that local variations of
SELinux policy may be created.
