diff options
| author |   Chris PeBenito <pebenito@ieee.org> | 2019-02-01 15:03:42 -0500 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2019-02-10 12:11:25 +0800 |
| commit | 744101042e9ae8eab4f942963b64dcaf5f2c738a (patch) | |
| tree | 304e30b1b0334626cd728a0bcb14f7d6d660c434 | |
| parent | Bump module versions for release. (diff) | |
| download | hardened-refpolicy-74410104.tar.gz hardened-refpolicy-74410104.tar.bz2 hardened-refpolicy-74410104.zip | |
Update Changelog and VERSION for release.
Signed-off-by: Jason Zaman <jason@perfinion.com>
| -rw-r--r-- | Changelog | 234 | ||||
| -rw-r--r-- | VERSION | 2 |
2 files changed, 235 insertions, 1 deletions
@@ -1,3 +1,237 @@ +* Fri Feb 01 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190201 +Alexander Miroshnichenko (16): + Add signal_perms setpgid setsched permissions to syncthing_t. + Add corecmd_exec_bin permissions to syncthing_t. + Allow syncthing_t to read network state. + Allow syncthing_t to execute ifconfig/iproute2. + Add required permissions for nsd_t to be able running. + Add nsd_admin interface to sysadm.te. + Add map permission to lvm_t on lvm_metadata_t. + Add comment for map on lvm_metadata_t. + Remove syncthing tunable_policy. + Remove unneeded braces from nsd.te. + Add new interface fs_rmw_hugetlbfs_files. + Add map permission for postgresql_t to postgresql_tmp_t files. + Add dovecot_can_connect_db boolean. + fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface + Add hostapd service module + minor updates redis module to be able to start the app + +Chris PeBenito (85): + mozilla, devices, selinux, xserver, init, iptables: Module version bump. + devices: Module version bump. + misc_patterns.spt: Remove unnecessary brackets. + ipsec: Module version bump. + fstools: Module version bump. + corecommands: Module version bump. + xserver: Module version bump. + Merge pull request #1 from bigon/fix-sepolgen-ifgen + Remove unused translate permission in context userspace class. + logrotate: Module version bump. + miscfiles: Module version bump. + Merge pull request #3 from bigon/xdp-socket + obj_perm_sets.spt: Add xdp_socket to socket_class_set. + clamav, ssh, init: Module version bump. + amavis, apache, clamav, exim, mta, udev: Module version bump. + dnsmasq: Whitespace fix in file contexts. + dnsmasq: Reorder lines in file contexts. + Merge branch 'master' of https://github.com/bigon/refpolicy + Merge branch 'resolved' of https://github.com/bigon/refpolicy + Merge branch 'iscsi' of https://github.com/bigon/refpolicy + Various modules: Version bump. + dnsmasq: Module version bump. + Merge branch 'minissdpd' of https://github.com/bigon/refpolicy + cron, minissdpd, ntp, systemd: Module version bump. + dbus, xserver, init, logging, modutils: Module version bump. + Merge branch 'syncthing' of https://github.com/alexminder/refpolicy + syncthing: Whitespace change + Merge branch 'lvm' of https://github.com/alexminder/refpolicy + lvm, syncthing: Module version bump. + sigrok: Remove extra comments. + networkmanager: Add ICMPv6 comment + sysnetwork: Move optional block in sysnet_dns_name_resolve(). + sysnetwork: Move lines. + dpkg: Rename dpkg_read_script_tmp_links(). + apt, rpm: Remove and move lines to fix fc conflicts. + sudo: Whitespace fix. + many: Module version bumps for changes from Russell Coker. + systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime(). + init: Remove inadvertent merge. + Merge branch 'nsd' of https://github.com/alexminder/refpolicy + nsd: Merge two rules into one. + Merge branch 'ssh_dac_read_search' of + git://github.com/fishilico/selinux-refpolicy + Merge branch 'restorecond_getattr_cgroupfs' of + git://github.com/fishilico/selinux-refpolicy + Merge branch 'systemd-logind-getutxent' of + git://github.com/fishilico/selinux-refpolicy + various: Module version bump. + iptables: Module version bump. + Add CONTRIBUTING file. + kernel, systemd: Move lines. + kernel, jabber, ntp, init, logging, systemd: Module version bump. + Merge branch 'systemd-journald_units_symlinks' of + git://github.com/fishilico/selinux-refpolicy + init, logging: Module version bump. + Merge branch 'services_single_usr_bin' of + git://github.com/fishilico/selinux-refpolicy + Merge branch 'init_rename_pid_interfaces' of + git://github.com/fishilico/selinux-refpolicy + various: Module name bump. + Merge branch 'systemd-rfkill' of + git://github.com/fishilico/selinux-refpolicy + systemd: Whitespace change + systemd: Module version bump. + Merge branch 'restorecond-symlinks' of + git://github.com/fishilico/selinux-refpolicy + Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy + usermanage, cron, selinuxutil: Module version bump. + logging, sysnetwork, systemd: Module version bump. + Merge branch 'restorecond-dontaudit-symlinks' of + git://github.com/fishilico/selinux-refpolicy + selinuxutil: Module version bump. + Merge branch 'dbus-dynamic-uid' of + git://github.com/fishilico/selinux-refpolicy + xserver: Move line + systemd: Move interface implementation. + various: Module version bump. + dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans(). + dpkg: Move interface implementations. + init: Rename init_read_generic_units_links() to + init_read_generic_units_symlinks(). + init: Drop unnecessary userspace class dependence in + init_read_generic_units_symlinks(). + chromium: Whitespace fixes. + chromium: Move line. + Merge branch 'dovecot' of git://github.com/alexminder/refpolicy + dovecot: Move lines. + various: Module version bump. + Merge branch 'postgres' of git://github.com/alexminder/refpolicy + filesystem, postgresql: Module version bump. + hostapd: Whitespace change. + hostapd: Move line. + various: Module version bump. + redis: Move line. + redis: Module version bump. + corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version + bump. + Bump module versions for release. + +David Sugar (15): + Interface to allow reading of virus signature files. + Update CUSTOM_BUILDOPT + Add interface udev_run_domain + Allow clamd_t to read /proc/sys/crypt/fips_enabled + Interface to add domain allowed to be read by ClamAV for scanning. + Add interfaces to control clamav_unit_t systemd services + Allow clamd to use sent file descriptor + Add interfaces to control ntpd_unit_t systemd services + interface to enable/disable systemd_networkd service + Interface to read cron_system_spool_t + Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled + Allow kmod to read /proc/sys/crypto/fips_enabled + Allow dbus to access /proc/sys/crypto/fips_enabled + Add missing require for 'daemon' attribute. + Allow auditctl_t to read bin_t symlinks. + +Dominick Grift (1): + unconfined: add a note about DBUS + +Guido Trentalancia (1): + Add sigrok contrib module + +Jagannathan Raman (1): + vhost: Add /dev/vhost-scsi device of type vhost_device_t. + +Jason Zaman (10): + selinux: compute_access_vector requires creating netlink_selinux_sockets + mozilla: xdg updates + xserver: label .cache/fontconfig as user_fonts_cache_t + Allow map xserver_misc_device_t for nvidia driver + iptables: fcontexts for 1.8.0 + devices: introduce dev_dontaudit_read_sysfs + files: introduce files_dontaudit_read_etc_files + kernel: introduce kernel_dontaudit_read_kernel_sysctl + userdomain: introduce userdom_user_home_dir_filetrans_user_cert + Add chromium policy upstreamed from Gentoo + +Laurent Bigonville (10): + policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to + make sepolgen-ifgen happy + Add xdp_socket security class and access vectors + irqbalance now creates an abstract socket + Allow semanage_t to connect to system D-Bus bus + Allow ntpd_t to read init state + Add systemd_dbus_chat_resolved() interface + Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names + Allow systemd_resolved_t to bind to port 53 and use net_raw + Allow iscsid_t to create a netlink_iscsi_socket + Allow minissdpd_t to create a unix_stream_socket + +Luis Ressel (7): + corecommands: Fix /usr/share/apr* fc + xserver: Allow user fonts (and caches) to be mmap()ed. + Add fc for /var/lib/misc/logrotate.status + Realign logrotate.fc, remove an obvious comment + miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t + services/ssh: Don't audit accesses from ssh_t to /dev/random + system/init: Give init_spec_daemon_domain()s the "daemon" attribute + +Lukas Vrabec (1): + Improve domain_transition_pattern to allow mmap entrypoint bin file. + +Nicolas Iooss (11): + fstools: label e2mmpstatus as fsadm_exec_t + ssh: use dac_read_search instead of dac_override + selinuxutil: allow restorecond to try counting the number of files in + cgroup fs + systemd: allow systemd-logind to use getutxent() + Allow systemd-journald to read systemd unit symlinks + Label service binaries in /usr/bin like /usr/sbin + init: rename *_pid_* interfaces to use "runtime" + systemd: add policy for systemd-rfkill + selinuxutil: allow restorecond to read symlinks + selinuxutil: restorecond is buggy when it dereferencies symlinks + dbus: allow using dynamic UID + +Petr Vorel (1): + dnsmasq: Require log files to have .log suffix + +Russell Coker (19): + misc services patches + misc interfaces + last misc stuff + systemd related interfaces + systemd misc + missing from previous + cron trivial + mls stuff + logging + some little stuff + trivial system cronjob + another trivial + more tiny stuff + map systemd private dirs + tiny stuff for today + yet more tiny stuff + yet another little patch + chromium + more misc stuff + +Sugar, David (9): + Allow greeter to start dbus + pam_faillock creates files in /run/faillock + Add interface to get status of iptables service + Add interface to start/stop iptables service + label journald configuraiton files syslog_conf_t + Interface with systemd_hostnamed over dbus to set hostname + Modify type for /etc/hostname + Add interface clamav_run + Add interface to read journal files + +Yuli Khodorkovskiy (1): + ipsec: add missing permissions for pluto + * Sun Jul 01 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180701 Chris PeBenito (28): Enable cgroup_seclabel and nnp_nosuid_transition. @@ -1 +1 @@ -2.20180701 +2.20190201 |