Your message dated Tue, 11 Dec 2012 19:59:26 +0100 with message-id <50C7828E.4090907@thykier.net> and subject line Re: Bug#695622: unblock: refpolicy/2:2.20110726-12 has caused the Debian Bug report #695622, regarding unblock: refpolicy/2:2.20110726-12 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 695622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695622 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: refpolicy/2:2.20110726-12
- From: Mika Pflüger <debian@mikapflueger.de>
- Date: Mon, 10 Dec 2012 21:59:07 +0100
- Message-id: <[🔎] 20121210215907.44bdcd75@george.anarkia>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear Release Team, Please unblock package refpolicy version 2:2.20110726-12, changes since version -11 (which is in testing atm) are: File label fixes: * Label ~/.adobe(/.*)? as mozilla_home_t for flash * Label /usr/sbin/opendkim as dkim_milter_exec_t * Label postalias as postfix_master_exec_t for newaliases * Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control * Label /usr/lib/kde4/libexec/* and /usr/lib/gvfs/* as bin_t for desktops * Label /run/pm-utils(/.*)? as devicekit_var_run_t not hald_var_run_t * Label /sbin/xtables-multi (the new iptables) * Label /usr/lib/dovecot/auth as dovecot_auth_exec_t. Label /usr/lib/dovecot/dovecot-lda as lda_exec_t Label /usr/lib/dovecot/libdovecot.*\.so.* as lib_t Closes: #690225 All the labelling corrections fix bugs which lead to some important functionality of the respective program not working if selinux is installed & enabled. No code/policy is changed, it is only about labelling the debian locations of files correctly. * Allow user roles access to mozilla_t classes shm and sem for sharing the sound device * Allow user roles access to mozilla_tmp_t Without this, a confined iceweasel won't be able to use sound properly, or it won't work at all, respectively. * Make postfix.pp not depend on unconfined.pp for "strict" configurations This fixes loading the postfix policy in strict configurations, which simply failed previously. * Allow lvm_t (systemd-cryptsetup) systemd_manage_passwd_run() access * Allow systemd_passwd_agent_t access to search selinuxfs and write to the console for getting a password for encrypted filesystems These fix booting with systemd and selinux enabled on dm-crypt root filesystems. * Allow watchdog_t to read syslog pid files for process watching Fixing one of the core functionalities of watchdog on selinux-enabled systems. Diffstat of the sources (patches applied) ignoring d/changelog and d/patches: policy/modules/apps/mozilla.fc | 1 + policy/modules/apps/mozilla.if | 21 ++++++++++++--------- policy/modules/kernel/corecommands.fc | 2 ++ policy/modules/kernel/corenetwork.te.in | 2 +- policy/modules/services/devicekit.fc | 1 + policy/modules/services/dkim.fc | 2 ++ policy/modules/services/dovecot.fc | 2 +- policy/modules/services/hal.fc | 1 - policy/modules/services/lda.fc | 1 + policy/modules/services/postfix.fc | 1 + policy/modules/services/postfix.if | 4 +++- policy/modules/services/watchdog.te | 4 ++++ policy/modules/system/iptables.fc | 1 + policy/modules/system/libraries.fc | 1 + policy/modules/system/logging.if | 18 ++++++++++++++++++ policy/modules/system/lvm.te | 4 ++++ policy/modules/system/sysnetwork.te | 1 + policy/modules/system/systemd.te | 8 +++----- 18 files changed, 57 insertions(+), 18 deletions(-) The debdiff is attached. unblock refpolicy/2:2.20110726-12 Thanks for your work + cheers, MikaAttachment: refpolicy_2.20110726-11,12.debdiff
Description: Binary dataAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Mika Pflüger <debian@mikapflueger.de>, 695622-done@bugs.debian.org
- Subject: Re: Bug#695622: unblock: refpolicy/2:2.20110726-12
- From: Niels Thykier <niels@thykier.net>
- Date: Tue, 11 Dec 2012 19:59:26 +0100
- Message-id: <50C7828E.4090907@thykier.net>
- In-reply-to: <[🔎] 20121210215907.44bdcd75@george.anarkia>
- References: <[🔎] 20121210215907.44bdcd75@george.anarkia>
On 2012-12-10 21:59, Mika Pflüger wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Dear Release Team, > > Please unblock package refpolicy version 2:2.20110726-12, changes since > version -11 (which is in testing atm) are: > > File label fixes: > * Label ~/.adobe(/.*)? as mozilla_home_t for flash > * Label /usr/sbin/opendkim as dkim_milter_exec_t > * Label postalias as postfix_master_exec_t for newaliases > * Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP > for client control > * Label /usr/lib/kde4/libexec/* and /usr/lib/gvfs/* as bin_t for > desktops > * Label /run/pm-utils(/.*)? as devicekit_var_run_t not hald_var_run_t > * Label /sbin/xtables-multi (the new iptables) > * Label /usr/lib/dovecot/auth as dovecot_auth_exec_t. > Label /usr/lib/dovecot/dovecot-lda as lda_exec_t > Label /usr/lib/dovecot/libdovecot.*\.so.* as lib_t > Closes: #690225 > > All the labelling corrections fix bugs which lead to some important > functionality of the respective program not working if selinux is > installed & enabled. No code/policy is changed, it is only about > labelling the debian locations of files correctly. > > * Allow user roles access to mozilla_t classes shm and sem for > sharing the sound device > * Allow user roles access to mozilla_tmp_t > > Without this, a confined iceweasel won't be able to use sound > properly, or it won't work at all, respectively. > > * Make postfix.pp not depend on unconfined.pp for "strict" > configurations > > This fixes loading the postfix policy in strict configurations, which > simply failed previously. > > * Allow lvm_t (systemd-cryptsetup) systemd_manage_passwd_run() access > * Allow systemd_passwd_agent_t access to search selinuxfs and write > to the console for getting a password for encrypted filesystems > > These fix booting with systemd and selinux enabled on dm-crypt root > filesystems. > > * Allow watchdog_t to read syslog pid files for process watching > > Fixing one of the core functionalities of watchdog on selinux-enabled > systems. > > > Diffstat of the sources (patches applied) ignoring d/changelog and > d/patches: > [...] > > > The debdiff is attached. > > unblock refpolicy/2:2.20110726-12 > > Thanks for your work + cheers, > > Mika > Unblocked, thanks. ~Niels
--- End Message ---