Your message dated Fri, 13 May 2016 22:27:37 +0000
with message-id <e1b1lyx-0005cq...@franck.debian.org>
and subject line Bug#805492: fixed in refpolicy 2:2.20140421-10
has caused the Debian Bug report #805492,
regarding selinux-basics: System cannot boot with SELinux enabled after upgrade
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
805492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: selinux-basics
Version: 0.5.4
Severity: grave
Justification: renders package unusable
Dear Maintainer,
Thank you for your work bringing SELinux to Debian!
I regret that my knowledge of both SELinux and systemd is limited, so I do not
know what diagnostics to collect or how to collect it. That said, I can
reproduce this problem at will, and I'm happy to collect whatever diagnostics
you need.
* What led up to the situation?
I upgraded my system doing full-upgrade. My system is mainly 'testing' with
some packages coming from 'unstable' (I tried updating to the newer
selinux-utils in unstable, but to no avail).
Unfortunately there are not much diagnostics provided during boot, and I
could not find any trace of the failed boots in journalctl or in files
in /var/log, presumably because the problems occurred at such an early
stage of boot. I checked /var/log/syslog, but did not find much informative.
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
Removing the "selinux=1 security=selinux" flags from grub allowed me to boot.
I then used "selinux-activate disabled" to disable SELinux while we sort
these issues out.
I also tried running "selinux-activate disabled" and re-activating it again,
as it seems to do something with restorecond on first boot after activation.
Unfortunately this did not change anything :(
* What outcome did you expect instead?
I expected that my system could continue booting. I've never had significant
issues with Debian upgrades (thanks to careful maintainers like you :) and
guess that there must be something strange about the way my system is
configured.
There was some interesting-looking output in /var/log/audit; here's a
section:
May 2 20:31:38 theory systemd[1]: Listening on CUPS Scheduler.
May 2 20:31:38 theory systemd[1]: Listening on D-Bus System Message Bus Socket.
May 2 20:31:38 theory systemd[1]: apt-daily.timer: Adding 7h 21min 31.345143s
random time.
May 2 20:31:38 theory systemd[1]: Started Daily apt activities.
May 2 20:31:38 theory systemd[1]: Started Daily Cleanup of Temporary
Directories.
May 2 20:31:38 theory systemd[1]: Reached target Timers.
May 2 20:31:38 theory systemd[1]: Started CUPS Scheduler.
May 2 20:31:38 theory systemd[1]: Reached target Paths.
May 2 20:31:38 theory systemd[1]: Listening on Virtual machine lock manager
socket.
May 2 20:31:38 theory systemd[1]: Listening on mpd.socket.
May 2 20:31:38 theory systemd[1]: Listening on Virtual machine log manager
socket.
May 2 20:31:38 theory systemd[1]: Reached target Sockets.
May 2 20:31:38 theory systemd[1]: Reached target Basic System.
May 2 20:31:38 theory systemd[1]: Started Run anacron jobs.
May 2 20:31:38 theory systemd[1]: Starting Accounts Service...
May 2 20:31:38 theory systemd[1]: Starting IIO Sensor Proxy service...
May 2 20:31:38 theory systemd[1]: Starting Restore /etc/resolv.conf if the
system crashed before the ppp link was shut down...
May 2 20:31:38 theory systemd[1]: Starting Thermal Daemon Service...
May 2 20:31:38 theory systemd[1]: Starting Modem Manager...
May 2 20:31:38 theory systemd[1]: Started CUPS Scheduler.
May 2 20:31:38 theory systemd[1]: Started D-Bus System Message Bus.
May 2 20:31:38 theory ModemManager[1176]: <info> ModemManager (version
1.4.14) starting in system bus...
May 2 20:31:38 theory dbus-daemon[1183]: Failed to start message bus: Failed
to open "/etc/selinux/default/contexts/dbus_contexts": No such file or directory
May 2 20:31:38 theory systemd-udevd[823]: Process '/usr/sbin/alsactl -E
HOME=/run/alsa restore 2' failed with exit code 99.
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'org.freedesktop.thermald': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'org.freedesktop.ModemManager1': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'net.hadess.SensorProxy': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'org.freedesktop.NetworkManager': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'org.freedesktop.login1': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to NameOwnerChanged
signal for 'org.freedesktop.Accounts': Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to subscribe to activation signal:
Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to register name: Connection timed out
May 2 20:31:38 theory systemd[1]: Failed to set up API bus: Connection timed
out
May 2 20:31:38 theory systemd[1]: Starting Network Manager...
May 2 20:31:38 theory systemd[1]: Starting LSB: Start the GNUstep distributed
object mapper...
May 2 20:31:38 theory systemd[1]: Started Regular background program
processing daemon.
May 2 20:31:38 theory systemd[1]: Started Deferred execution scheduler.
May 2 20:31:38 theory ifup[1053]: run-parts: /etc/network/if-up.d/upstart
exited with return code 1
May 2 20:31:38 theory systemd[1]: Starting Restorecon maintaining path file
context...
May 2 20:31:38 theory ifup[1053]: /sbin/ifup: post-up script failed.
May 2 20:31:38 theory systemd[1]: Starting Initialize hardware monitoring
sensors...
May 2 20:31:38 theory systemd[1]: Starting LSB: Load kernel modules needed to
enable cpufreq scaling...
May 2 20:31:38 theory systemd[1]: Starting Login Service...
May 2 20:31:38 theory systemd[1]: Starting System Logging Service...
May 2 20:31:38 theory systemd[1]: Starting Permit User Sessions...
May 2 20:31:38 theory systemd[1]: Started Bumblebee C Daemon.
May 2 20:31:38 theory systemd[1]: networking.service: Main process exited,
code=exited, status=1/FAILURE
May 2 20:31:38 theory restorecond[1222]: No such file or directory
May 2 20:31:38 theory systemd[1]: Failed to start Raise network interfaces.
May 2 20:31:38 theory systemd[1]: networking.service: Unit entered failed
state.
May 2 20:31:38 theory systemd[1]: networking.service: Failed with result
'exit-code'.
May 2 20:31:38 theory systemd[1]: Started IIO Sensor Proxy service.
May 2 20:31:38 theory systemd[1]: Started Restore /etc/resolv.conf if the
system crashed before the ppp link was shut down.
May 2 20:31:38 theory systemd[1]: dbus.service: Main process exited,
code=exited, status=1/FAILURE
May 2 20:31:38 theory systemd[1]: dbus.service: Unit entered failed state.
May 2 20:31:38 theory systemd[1]: dbus.service: Failed with result 'exit-code'.
May 2 20:31:38 theory systemd[1]: restorecond.service: Control process exited,
code=exited status=1
May 2 20:31:38 theory systemd[1]: Failed to start Restorecon maintaining path
file context.
May 2 20:31:38 theory systemd[1]: restorecond.service: Unit entered failed
state.
May 2 20:31:38 theory systemd[1]: restorecond.service: Failed with result
'exit-code'.
May 2 20:31:38 theory systemd[1]: Started Permit User Sessions.
May 2 20:31:38 theory sensors[1255]: acpitz-virtual-0
May 2 20:31:38 theory sensors[1255]: Adapter: Virtual device
May 2 20:31:38 theory sensors[1255]: temp1: +51.0°C (crit = +200.0°C)
May 2 20:31:38 theory sensors[1255]: thinkpad-isa-0000
May 2 20:31:38 theory sensors[1255]: Adapter: ISA adapter
May 2 20:31:38 theory sensors[1255]: fan1: 1675 RPM
May 2 20:31:38 theory sensors[1255]: coretemp-isa-0000
May 2 20:31:38 theory sensors[1255]: Adapter: ISA adapter
May 2 20:31:38 theory sensors[1255]: Physical id 0: +52.0°C (high = +84.0°C,
crit = +100.0°C)
May 2 20:31:38 theory sensors[1255]: Core 0: +52.0°C (high = +84.0°C,
crit = +100.0°C)
May 2 20:31:38 theory sensors[1255]: Core 1: +50.0°C (high = +84.0°C,
crit = +100.0°C)
May 2 20:31:38 theory sensors[1255]: Core 2: +49.0°C (high = +84.0°C,
crit = +100.0°C)
May 2 20:31:38 theory sensors[1255]: Core 3: +50.0°C (high = +84.0°C,
crit = +100.0°C)
May 2 20:31:38 theory systemd[1]: Started Initialize hardware monitoring
sensors.
May 2 20:31:38 theory systemd[1]: Started System Logging Service.
May 2 20:31:38 theory bumblebeed[1240]: [ 32.356754]
[INFO]/usr/sbin/bumblebeed 3.2.1 started
May 2 20:31:38 theory gdomap[1213]: GNUstep distributed object mapper
disabled, see /etc/default/gdomap.
May 2 20:31:38 theory systemd[1]: Started LSB: Start the GNUstep distributed
object mapper.
May 2 20:31:38 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:38 theory loadcpufreq[1227]: Loading cpufreq kernel modules...done
(acpi-cpufreq).
May 2 20:31:39 theory systemd[1]: Started LSB: Load kernel modules needed to
enable cpufreq scaling.
May 2 20:31:39 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:40 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:41 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:42 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:43 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:45 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:46 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:47 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:48 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:49 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:50 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:51 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:52 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:53 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:54 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:55 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:57 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:58 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:31:59 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:00 theory systemd[1]: Received SIGRTMIN+20 from PID 298
(plymouthd).
May 2 20:32:00 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:01 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:02 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:03 theory systemd[1]: systemd-logind.service: Main process exited,
code=exited, status=1/FAILURE
May 2 20:32:03 theory systemd[1]: Failed to start Login Service.
May 2 20:32:03 theory systemd[1]: systemd-logind.service: Unit entered failed
state.
May 2 20:32:03 theory systemd[1]: systemd-logind.service: Failed with result
'exit-code'.
May 2 20:32:03 theory systemd[1]: systemd-logind.service: Service has no
hold-off time, scheduling restart.
May 2 20:32:03 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:05 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:06 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:07 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:08 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:09 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:10 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:11 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:12 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:13 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:15 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:16 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:17 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:18 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:19 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:20 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:21 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:22 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:23 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:24 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:25 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:26 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:28 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:29 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:30 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:31 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:32 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:33 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:35 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:36 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:37 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:38 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:39 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:40 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:42 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:43 theory systemd[1]: Looping too fast. Throttling execution a
little.
May 2 20:32:44 theory systemd[1]: accounts-daemon.service: Start operation
timed out. Terminating.
May 2 20:32:44 theory systemd[1]: thermald.service: Start operation timed out.
Terminating.
May 2 20:32:44 theory systemd[1]: ModemManager.service: Start operation timed
out. Terminating.
May 2 20:32:44 theory ModemManager[1176]: <info> Caught signal, shutting
down...
May 2 20:32:44 theory ModemManager[1176]: <info> ModemManager is shut down
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages selinux-basics depends on:
ii checkpolicy 2.5-1
ii perl 5.22.1-10
ii policycoreutils 2.4-4
pn python3:any <none>
ii selinux-utils 2.5-2
Versions of packages selinux-basics recommends:
ii policycoreutils-python-utils 2.4-4
pn selinux-policy-default <none>
ii setools 3.3.8+20151215-3
Versions of packages selinux-basics suggests:
pn logcheck <none>
pn syslog-summary <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: refpolicy
Source-Version: 2:2.20140421-10
We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 805...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laurent Bigonville <bi...@debian.org> (supplier of updated refpolicy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 13 May 2016 22:29:59 +0200
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140421-10
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-de...@lists.alioth.debian.org>
Changed-By: Laurent Bigonville <bi...@debian.org>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building
modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 585355 697843 756729 778232 780934 781670 805492 805496
Changes:
refpolicy (2:2.20140421-10) unstable; urgency=medium
.
* Team upload.
[ Laurent Bigonville ]
* Fix the maintainer script to support the new policy store from libsemnage
2.4 (Closes: #805492)
* debian/gbp.conf: Sign tags by default (Closes: #781670)
* debian/control: Adjust and cleanup the {build-}dependencies (Closes:
#805496)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/rules: Make the build reproducible (Closes: #778232)
* Remove deprecated system.users and local.users files
* debian/control: Update Homepage URL (Closes: #780934)
* debian/rules: Allow parallel build now that the build system is supporting
it, see #677689
* debian/policygentool: Remove string exceptions so the script is Python >=
2.6 compatible (Closes: #585355)
* Do not install semanage.read.LOCK, semanage.trans.LOCK and
file_contexts.local in /etc/selinux/* this is not needed anymore with the
new policy store.
* debian/control: Use https for the Vcs-* URL's to please lintian
* debian/watch: Fix watch file URL now that the project has moved to github
.
[ Russell Coker ]
* Allow init_t to manage init_var_run_t symlinks and self getsched
to relabel files and dirs to etc_runtime_t for /run/blkid
to read/write init_var_run_t fifos for /run/initctl
kernel_rw_unix_sysctls() for setting max_dgram_qlen (and eventually other
sysctls)
* Allow restorecond_t and setfiles_t to getattr pstore_t and debugfs_t
filesystems
* Allow kernel_t to setattr/getattr/unlink tty_device_t for kdevtmpfs
* Label /usr/share/bug/.* files as bin_t for reportbug in strict
configuration
* Label /run/tmpfiles.d/kmod.conf as kmod_var_run_t and allow insmod_t to
create it
* apache_unlink_var_lib() now includes write access to httpd_var_lib_t:dir
* Allow apache to read sysctl_vm_t for overcommit_memory Allow
httpd_sys_script_t to read sysfs_t. allow httpd_t to manage httpd_log_t
files and directories for mod_pagespeed.
* Removed bogus .* in mailman file context that was breaking the regex
* Lots of mailman changes
* Allow system_mail_t read/write access to crond_tmp_t
* Allow postfix_pipe_t to write to postfix_public_t sockets
* Label /usr/share/mdadm/checkarray as bin_t
* Let systemd_passwd_agent_t, chkpwd_t, and dovecot_auth_t get enforcing
status
* Allow systemd_tmpfiles_t to create the cpu_device_t device
* Allow init_t to manage init_var_run_t links
* Allow groupadd_t the fsetid capability
* Allow dpkg_script_t to transition to passwd_t. Label dpkg-statoverride as
setfiles_exec_t for changing SE Linux context. Allow setfiles_t to read
dpkg_var_lib_t so dpkg-statoverride can do it's job
* Allow initrc_t to write to fsadm_log_t for logsave in strict configuration
* Allow webalizer to read fonts and allow logrotate to manage
webaliser_usage_t files also allow it to be run by logrotate_t.
* Allow jabber to read ssl certs and give it full access to it's log files
Don't audit jabber running ps.
* Made logging_search_logs() allow reading var_log_t:lnk_file for symlinks
in log dir
* Allow webalizer to read usr_t and created webalizer_log_t for it's logs
* Made logging_log_filetrans and several other logging macros also allow
reading var_log_t links so a variety of sysadmin symlinks in /var/log
won't break things
* Allow postfix_policyd_t to execute bin_t, read urandom, and capability
chown.
New type postfix_policyd_tmp_t
* Added user_udp_server boolean
* Allow apt_t to manage dirs of type apt_var_cache_t
* Allow jabber to connect to the jabber_interserver_port_t TCP port
Closes: #697843
* Allow xm_t to create xen_lock_t files for creating the first Xen DomU
* Allow init_t to manage init_var_run_t for service file symlinks
* Add init_telinit(dpkg_script_t) for upgrading systemd
* Allow dpkg_script_t the setfcap capability for systemd postinst.
* Add domain_getattr_all_domains(init_t) for upgrading strict mode systems
* Allow *_systemctl_t domains read initrc_var_run_t (/run/utmp), read proc_t,
and have capability net_admin. Allow logrotate_systemctl_t to manage all
services.
* Give init_t the audit_read capability for systemd
* Allow iodined_t access to netlink_route_socket.
* add init_read_state(systemd_cgroups_t) and
init_read_state(systemd_tmpfiles_t) for /proc/1/environ
* Label /etc/openvpn/openvpn-status.log as openvpn_status_t as it seems to
be some
sort of default location. /var/log is a better directory for this
* Allow syslogd_t to write to a netlink_audit_socket for systemd-journal
* Allow mandb_t to get filesystem attributes
* Allow syslogd to rename and unlink init_var_run_t files for systemd
temporary files
* Allow ntpd_t to delete files for peerstats and loopstats
* Add correct file labels for squid3 and tunable for squid pinger raw net
access (default true)
* Allow qemu_t to read crypto sysctls, rw xenfs files, and connect to
xenstored unix sockets
* Allow qemu_t to read sysfs files for cpu online
* Allow qemu to append xend_var_log_t for /var/log/xen/qemu-dm-*
* Allow xm_t (xl program) to create and rename xend_var_log_t files, read
kernel images, execute qemu, and inherit fds from sshd etc.
* Allow xm_t and iptables_t to manage udev_var_run_t to communicate via
/run/xen-hotplug/iptables for when vif-bridge runs iptables
* Allow xm_t to write to xen_lock_t files not var_lock_t
* Allow xm_t to load kernel modules
* Allow xm_t to signal qemu_t, talk to it by unix domain sockets, and unlink
it's sockets
* dontaudit xm_t searching home dir content
* Label /run/xen as xend_var_run_t and allow qemu_t to create sock_files in
xend_var_run_t directory
* Label /var/lock/xl as xen_lock_t
* allow unconfined_t to execute xl/xm in xm_t domain.
* Allow system_cronjob_t to configure all systemd services (restart all
daemons)
* Allow dpkg_script_t and unconfined_t to manage systemd service files of
type null_device_t (symlinks to /dev/null)
* Label /var/run/lwresd/lwresd.pid as named_var_run_t
* Label /run/xen/qmp* as qemu_var_run_t
* Also label squid3.pid
* Allow iptables_t to be in unconfined_r (for Xen)
* Allow udev_t to restart systemd services
Closes: #756729
* Merge Laurent's changes with mine
Checksums-Sha1:
6274875f7fdd38d056f1e86a03017fb3549560df 2089 refpolicy_2.20140421-10.dsc
4c4f27df1524bbf2a9db69ba250cb945f8a5f479 90016
refpolicy_2.20140421-10.debian.tar.xz
433730c9090b856c1d6dfaaac32e7604717f893e 2821672
selinux-policy-default_2.20140421-10_all.deb
029ed851edd6d45c11b9fab474f701cfac435959 443666
selinux-policy-dev_2.20140421-10_all.deb
82df1c4e0a456118dcb670f881b0b2347e93530e 423478
selinux-policy-doc_2.20140421-10_all.deb
ada7d89622cb470fce3dd6f5e0bc5da63a21fd3b 2871900
selinux-policy-mls_2.20140421-10_all.deb
8b8a042e4f7d5e2af769a2bd7318b9dc3828c4c2 1183880
selinux-policy-src_2.20140421-10_all.deb
Checksums-Sha256:
0b83e4e05e8c672b86e928128071727cd152d580b721817ce1a883bb92f85cd6 2089
refpolicy_2.20140421-10.dsc
e07227169bf110bc045b977dd545a6a84864e431c745696102907b571188036b 90016
refpolicy_2.20140421-10.debian.tar.xz
274656801d596f8ff71c6745a36c56867f0c9e7f9f3d0e2cea98bb12dec0baea 2821672
selinux-policy-default_2.20140421-10_all.deb
7a8dbdd541378bdf0c6a66f6d27393a64d1de573672dee5feb8fb053b8b5bec6 443666
selinux-policy-dev_2.20140421-10_all.deb
987384487836b46863ed20c30864a4b1600af836b762ad3f6489da4c04168a40 423478
selinux-policy-doc_2.20140421-10_all.deb
ecd9622ede56aabb40370a0bd01d151f5ec09e06a7259783428793fb9847fde4 2871900
selinux-policy-mls_2.20140421-10_all.deb
1b9c76e0e3521a51698bc5d299ad385cc5b94074e7c477c25a7b3ce4f1f2f276 1183880
selinux-policy-src_2.20140421-10_all.deb
Files:
cd12eda70b44ee8d827288a8f037c90d 2089 admin optional
refpolicy_2.20140421-10.dsc
daa9bad41935fa9966514a77207ae47e 90016 admin optional
refpolicy_2.20140421-10.debian.tar.xz
26a6719a2e8035f1df277de7da5960a4 2821672 admin optional
selinux-policy-default_2.20140421-10_all.deb
c65f722a18d0225b2e70428a2343fbce 443666 admin optional
selinux-policy-dev_2.20140421-10_all.deb
c75fdf3e201c0fbc03f97c91fb24f679 423478 doc optional
selinux-policy-doc_2.20140421-10_all.deb
6fc180e9a11b5994f09a24b515b973dc 2871900 admin extra
selinux-policy-mls_2.20140421-10_all.deb
744b4acc08ea65d4f9083102e86fb8d3 1183880 admin optional
selinux-policy-src_2.20140421-10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJXNj1bAAoJEB/FiR66sEPVcGEH/15Pp3PP25YP8g/3KJks5/xG
9CCAfqY0NNMXbonrJVALIRdMn8RJ/9ILP7VqretxuE3WW8hWJ3rgkDwuEJoY/IRt
Wayx6knfJuxz0fuLVmHiKfMt2S2lp4AF5zPpan2bn1VgHYwkGfx3w7orm5TaG2OM
I6p4tLVR9ZArdFObVysOOypg4mzeGzoz1VIjVqgHvnml9kZ7ItfsQ0vWh2GMdl0V
/nbaXG7nLBQA4gR6o8CxS4wZdrBfUkv7WbR8UioYggr5NSytrSpzZd4+C6+nUtnu
ErOp7pSeIudQ08v6yCyEuERQHg4w3lI32mKYIQLiE39pQRk73fT4NHCCgV5QxLU=
=AnqX
-----END PGP SIGNATURE-----
--- End Message ---
