From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1071336-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id D0FAF138334
for <garchives@archives.gentoo.org>; Sun, 10 Feb 2019 04:15:03 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 5C624E0B47;
Sun, 10 Feb 2019 04:14:52 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 1B552E0B34
for <gentoo-commits@lists.gentoo.org>; Sun, 10 Feb 2019 04:14:52 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id AB8CF335D53
for <gentoo-commits@lists.gentoo.org>; Sun, 10 Feb 2019 04:14:50 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id AF001553
for <gentoo-commits@lists.gentoo.org>; Sun, 10 Feb 2019 04:14:46 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1549771885.744101042e9ae8eab4f942963b64dcaf5f2c738a.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: /
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: Changelog VERSION
X-VCS-Directories: /
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 744101042e9ae8eab4f942963b64dcaf5f2c738a
X-VCS-Branch: master
Date: Sun, 10 Feb 2019 04:14:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 7944e0ae-fc37-4ef1-8927-64c5b913d0da
X-Archives-Hash: 08e68144a3dea77f0a021bcaf1cb7cdd
commit: 744101042e9ae8eab4f942963b64dcaf5f2c738a
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Fri Feb 1 20:03:42 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 04:11:25 2019 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=74410104
Update Changelog and VERSION for release.
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
Changelog | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
VERSION | 2 +-
2 files changed, 235 insertions(+), 1 deletion(-)
diff --git a/Changelog b/Changelog
index 116e228a..75d5fae0 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,237 @@
+* Fri Feb 01 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190201
+Alexander Miroshnichenko (16):
+ Add signal_perms setpgid setsched permissions to syncthing_t.
+ Add corecmd_exec_bin permissions to syncthing_t.
+ Allow syncthing_t to read network state.
+ Allow syncthing_t to execute ifconfig/iproute2.
+ Add required permissions for nsd_t to be able running.
+ Add nsd_admin interface to sysadm.te.
+ Add map permission to lvm_t on lvm_metadata_t.
+ Add comment for map on lvm_metadata_t.
+ Remove syncthing tunable_policy.
+ Remove unneeded braces from nsd.te.
+ Add new interface fs_rmw_hugetlbfs_files.
+ Add map permission for postgresql_t to postgresql_tmp_t files.
+ Add dovecot_can_connect_db boolean.
+ fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface
+ Add hostapd service module
+ minor updates redis module to be able to start the app
+
+Chris PeBenito (85):
+ mozilla, devices, selinux, xserver, init, iptables: Module version bump.
+ devices: Module version bump.
+ misc_patterns.spt: Remove unnecessary brackets.
+ ipsec: Module version bump.
+ fstools: Module version bump.
+ corecommands: Module version bump.
+ xserver: Module version bump.
+ Merge pull request #1 from bigon/fix-sepolgen-ifgen
+ Remove unused translate permission in context userspace class.
+ logrotate: Module version bump.
+ miscfiles: Module version bump.
+ Merge pull request #3 from bigon/xdp-socket
+ obj_perm_sets.spt: Add xdp_socket to socket_class_set.
+ clamav, ssh, init: Module version bump.
+ amavis, apache, clamav, exim, mta, udev: Module version bump.
+ dnsmasq: Whitespace fix in file contexts.
+ dnsmasq: Reorder lines in file contexts.
+ Merge branch 'master' of https://github.com/bigon/refpolicy
+ Merge branch 'resolved' of https://github.com/bigon/refpolicy
+ Merge branch 'iscsi' of https://github.com/bigon/refpolicy
+ Various modules: Version bump.
+ dnsmasq: Module version bump.
+ Merge branch 'minissdpd' of https://github.com/bigon/refpolicy
+ cron, minissdpd, ntp, systemd: Module version bump.
+ dbus, xserver, init, logging, modutils: Module version bump.
+ Merge branch 'syncthing' of https://github.com/alexminder/refpolicy
+ syncthing: Whitespace change
+ Merge branch 'lvm' of https://github.com/alexminder/refpolicy
+ lvm, syncthing: Module version bump.
+ sigrok: Remove extra comments.
+ networkmanager: Add ICMPv6 comment
+ sysnetwork: Move optional block in sysnet_dns_name_resolve().
+ sysnetwork: Move lines.
+ dpkg: Rename dpkg_read_script_tmp_links().
+ apt, rpm: Remove and move lines to fix fc conflicts.
+ sudo: Whitespace fix.
+ many: Module version bumps for changes from Russell Coker.
+ systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().
+ init: Remove inadvertent merge.
+ Merge branch 'nsd' of https://github.com/alexminder/refpolicy
+ nsd: Merge two rules into one.
+ Merge branch 'ssh_dac_read_search' of
+ git://github.com/fishilico/selinux-refpolicy
+ Merge branch 'restorecond_getattr_cgroupfs' of
+ git://github.com/fishilico/selinux-refpolicy
+ Merge branch 'systemd-logind-getutxent' of
+ git://github.com/fishilico/selinux-refpolicy
+ various: Module version bump.
+ iptables: Module version bump.
+ Add CONTRIBUTING file.
+ kernel, systemd: Move lines.
+ kernel, jabber, ntp, init, logging, systemd: Module version bump.
+ Merge branch 'systemd-journald_units_symlinks' of
+ git://github.com/fishilico/selinux-refpolicy
+ init, logging: Module version bump.
+ Merge branch 'services_single_usr_bin' of
+ git://github.com/fishilico/selinux-refpolicy
+ Merge branch 'init_rename_pid_interfaces' of
+ git://github.com/fishilico/selinux-refpolicy
+ various: Module name bump.
+ Merge branch 'systemd-rfkill' of
+ git://github.com/fishilico/selinux-refpolicy
+ systemd: Whitespace change
+ systemd: Module version bump.
+ Merge branch 'restorecond-symlinks' of
+ git://github.com/fishilico/selinux-refpolicy
+ Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy
+ usermanage, cron, selinuxutil: Module version bump.
+ logging, sysnetwork, systemd: Module version bump.
+ Merge branch 'restorecond-dontaudit-symlinks' of
+ git://github.com/fishilico/selinux-refpolicy
+ selinuxutil: Module version bump.
+ Merge branch 'dbus-dynamic-uid' of
+ git://github.com/fishilico/selinux-refpolicy
+ xserver: Move line
+ systemd: Move interface implementation.
+ various: Module version bump.
+ dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().
+ dpkg: Move interface implementations.
+ init: Rename init_read_generic_units_links() to
+ init_read_generic_units_symlinks().
+ init: Drop unnecessary userspace class dependence in
+ init_read_generic_units_symlinks().
+ chromium: Whitespace fixes.
+ chromium: Move line.
+ Merge branch 'dovecot' of git://github.com/alexminder/refpolicy
+ dovecot: Move lines.
+ various: Module version bump.
+ Merge branch 'postgres' of git://github.com/alexminder/refpolicy
+ filesystem, postgresql: Module version bump.
+ hostapd: Whitespace change.
+ hostapd: Move line.
+ various: Module version bump.
+ redis: Move line.
+ redis: Module version bump.
+ corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version
+ bump.
+ Bump module versions for release.
+
+David Sugar (15):
+ Interface to allow reading of virus signature files.
+ Update CUSTOM_BUILDOPT
+ Add interface udev_run_domain
+ Allow clamd_t to read /proc/sys/crypt/fips_enabled
+ Interface to add domain allowed to be read by ClamAV for scanning.
+ Add interfaces to control clamav_unit_t systemd services
+ Allow clamd to use sent file descriptor
+ Add interfaces to control ntpd_unit_t systemd services
+ interface to enable/disable systemd_networkd service
+ Interface to read cron_system_spool_t
+ Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled
+ Allow kmod to read /proc/sys/crypto/fips_enabled
+ Allow dbus to access /proc/sys/crypto/fips_enabled
+ Add missing require for 'daemon' attribute.
+ Allow auditctl_t to read bin_t symlinks.
+
+Dominick Grift (1):
+ unconfined: add a note about DBUS
+
+Guido Trentalancia (1):
+ Add sigrok contrib module
+
+Jagannathan Raman (1):
+ vhost: Add /dev/vhost-scsi device of type vhost_device_t.
+
+Jason Zaman (10):
+ selinux: compute_access_vector requires creating netlink_selinux_sockets
+ mozilla: xdg updates
+ xserver: label .cache/fontconfig as user_fonts_cache_t
+ Allow map xserver_misc_device_t for nvidia driver
+ iptables: fcontexts for 1.8.0
+ devices: introduce dev_dontaudit_read_sysfs
+ files: introduce files_dontaudit_read_etc_files
+ kernel: introduce kernel_dontaudit_read_kernel_sysctl
+ userdomain: introduce userdom_user_home_dir_filetrans_user_cert
+ Add chromium policy upstreamed from Gentoo
+
+Laurent Bigonville (10):
+ policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to
+ make sepolgen-ifgen happy
+ Add xdp_socket security class and access vectors
+ irqbalance now creates an abstract socket
+ Allow semanage_t to connect to system D-Bus bus
+ Allow ntpd_t to read init state
+ Add systemd_dbus_chat_resolved() interface
+ Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names
+ Allow systemd_resolved_t to bind to port 53 and use net_raw
+ Allow iscsid_t to create a netlink_iscsi_socket
+ Allow minissdpd_t to create a unix_stream_socket
+
+Luis Ressel (7):
+ corecommands: Fix /usr/share/apr* fc
+ xserver: Allow user fonts (and caches) to be mmap()ed.
+ Add fc for /var/lib/misc/logrotate.status
+ Realign logrotate.fc, remove an obvious comment
+ miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t
+ services/ssh: Don't audit accesses from ssh_t to /dev/random
+ system/init: Give init_spec_daemon_domain()s the "daemon" attribute
+
+Lukas Vrabec (1):
+ Improve domain_transition_pattern to allow mmap entrypoint bin file.
+
+Nicolas Iooss (11):
+ fstools: label e2mmpstatus as fsadm_exec_t
+ ssh: use dac_read_search instead of dac_override
+ selinuxutil: allow restorecond to try counting the number of files in
+ cgroup fs
+ systemd: allow systemd-logind to use getutxent()
+ Allow systemd-journald to read systemd unit symlinks
+ Label service binaries in /usr/bin like /usr/sbin
+ init: rename *_pid_* interfaces to use "runtime"
+ systemd: add policy for systemd-rfkill
+ selinuxutil: allow restorecond to read symlinks
+ selinuxutil: restorecond is buggy when it dereferencies symlinks
+ dbus: allow using dynamic UID
+
+Petr Vorel (1):
+ dnsmasq: Require log files to have .log suffix
+
+Russell Coker (19):
+ misc services patches
+ misc interfaces
+ last misc stuff
+ systemd related interfaces
+ systemd misc
+ missing from previous
+ cron trivial
+ mls stuff
+ logging
+ some little stuff
+ trivial system cronjob
+ another trivial
+ more tiny stuff
+ map systemd private dirs
+ tiny stuff for today
+ yet more tiny stuff
+ yet another little patch
+ chromium
+ more misc stuff
+
+Sugar, David (9):
+ Allow greeter to start dbus
+ pam_faillock creates files in /run/faillock
+ Add interface to get status of iptables service
+ Add interface to start/stop iptables service
+ label journald configuraiton files syslog_conf_t
+ Interface with systemd_hostnamed over dbus to set hostname
+ Modify type for /etc/hostname
+ Add interface clamav_run
+ Add interface to read journal files
+
+Yuli Khodorkovskiy (1):
+ ipsec: add missing permissions for pluto
+
* Sun Jul 01 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180701
Chris PeBenito (28):
Enable cgroup_seclabel and nnp_nosuid_transition.
diff --git a/VERSION b/VERSION
index b40612cc..b93d30a8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.20180701
+2.20190201