Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear Release Team, Please unblock package refpolicy version 2:2.20110726-12, changes since version -11 (which is in testing atm) are: File label fixes: * Label ~/.adobe(/.*)? as mozilla_home_t for flash * Label /usr/sbin/opendkim as dkim_milter_exec_t * Label postalias as postfix_master_exec_t for newaliases * Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control * Label /usr/lib/kde4/libexec/* and /usr/lib/gvfs/* as bin_t for desktops * Label /run/pm-utils(/.*)? as devicekit_var_run_t not hald_var_run_t * Label /sbin/xtables-multi (the new iptables) * Label /usr/lib/dovecot/auth as dovecot_auth_exec_t. Label /usr/lib/dovecot/dovecot-lda as lda_exec_t Label /usr/lib/dovecot/libdovecot.*\.so.* as lib_t Closes: #690225 All the labelling corrections fix bugs which lead to some important functionality of the respective program not working if selinux is installed & enabled. No code/policy is changed, it is only about labelling the debian locations of files correctly. * Allow user roles access to mozilla_t classes shm and sem for sharing the sound device * Allow user roles access to mozilla_tmp_t Without this, a confined iceweasel won't be able to use sound properly, or it won't work at all, respectively. * Make postfix.pp not depend on unconfined.pp for "strict" configurations This fixes loading the postfix policy in strict configurations, which simply failed previously. * Allow lvm_t (systemd-cryptsetup) systemd_manage_passwd_run() access * Allow systemd_passwd_agent_t access to search selinuxfs and write to the console for getting a password for encrypted filesystems These fix booting with systemd and selinux enabled on dm-crypt root filesystems. * Allow watchdog_t to read syslog pid files for process watching Fixing one of the core functionalities of watchdog on selinux-enabled systems. Diffstat of the sources (patches applied) ignoring d/changelog and d/patches: policy/modules/apps/mozilla.fc | 1 + policy/modules/apps/mozilla.if | 21 ++++++++++++--------- policy/modules/kernel/corecommands.fc | 2 ++ policy/modules/kernel/corenetwork.te.in | 2 +- policy/modules/services/devicekit.fc | 1 + policy/modules/services/dkim.fc | 2 ++ policy/modules/services/dovecot.fc | 2 +- policy/modules/services/hal.fc | 1 - policy/modules/services/lda.fc | 1 + policy/modules/services/postfix.fc | 1 + policy/modules/services/postfix.if | 4 +++- policy/modules/services/watchdog.te | 4 ++++ policy/modules/system/iptables.fc | 1 + policy/modules/system/libraries.fc | 1 + policy/modules/system/logging.if | 18 ++++++++++++++++++ policy/modules/system/lvm.te | 4 ++++ policy/modules/system/sysnetwork.te | 1 + policy/modules/system/systemd.te | 8 +++----- 18 files changed, 57 insertions(+), 18 deletions(-) The debdiff is attached. unblock refpolicy/2:2.20110726-12 Thanks for your work + cheers, Mika
Attachment:
refpolicy_2.20110726-11,12.debdiff
Description: Binary data
Attachment:
signature.asc
Description: PGP signature