Please unblock refpolicy/0.0.20061018-4
Hi,
This does not impact debian installer, since the new and old
policy packages are almost bit-for-bit identical, modulo version
number change, and one change that allows the TCP based openvpn
products to work.
The major addition in this upload, apart from a README.Debian
change, is the creation of a new binary package (which does not
conflict with any of the old packages) that allows people to build
local policy modules.
I confess that I did not initially see the need for this,
since everyone I know who builds policy modules also hacks at the
policy source, but with the wider deployment of SELinux I think it is
important to let local policy module building for site specific
policy more usable.
Also, in the new -dev package, lives a SELinux policy version
of deb_make, called policygentool, that greatly simplifies creation
of a policy module interactively. I think this is very useful for our
Etch users.
manoj
refpolicy (0.0.20061018-4) unstable; urgency=low
* Bug fix: "selinux-policy-refpolicy-targeted: does not suggest a way to
fix the 'maybe failing' attempt in postinst", thanks to Eddy Petrisor.
While this does not belong in the postinst, I have addedthis to the
README.Debian file. This should be a low risk change. (Closes: #407691).
* Bug fix: "Default build.conf doesn't match default strict/targeted
policy", thanks to Stefan.The build.conf included in the reference
source policy describe to build a policy of the type "strict". The
default binary policies coming with Debian are build with the policy
type "strict-mcs" or "targeted-mcs". Change the build.conf shipped in
source to conform to what we really use. (changes TYPE=strict to
TYPE=strict-mcs, very low risk change. (Closes: #411256).
* Bug fix: "selinux-policy-refpolicy-targeted: openvpn policy do not
allow tcp connection mode", thanks to Rafal Kupka. This bug really
should be at least important, and we should fully support a class of
security product like OpenVPN on machines which are running SELinux,
and this is a very low risk change. (Closes: #409041).
* Install header files required for policy building for both strict and
targeted policies in a new -dev package, so it becomes really useful
to work with the source package. Moved the examples from the -src
package to this new -dev package, since the example is only useful in
with the headers provided. This is a new package, but it contains only
files already in the sources (No upstream changes at all), and is the
result of make install-headers. This new package has no rdepends, and
should be a very low risk addition to Debian.
* This release should be a whole lot better for building local policies,
including the policygentool for creating a new policy from scratch,
and ability to build local policy modular packages. The build.conf
files have been cleaned up, and the source policy defaults to targeted
policy, which is standard in Debian, as opposed to the strict policy,
which has priority optional.
-- Manoj Srivastava <srivasta@debian.org> Mon, 26 Feb 2007 22:37:17 -0600
--
Business will be either better or worse. Calvin Coolidge
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: