[refpolicy] ANN: Reference Policy Release

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the
Tresys OSS site, http://oss.tresys.com.  In this release, support for
init scripts with different labels was added.  For example, this enables
an Apache admin to restart only the Apache service, not all services.
The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and user-based role separation areas need attention.

* Tue Oct 14 2008 Chris PeBenito <selinux@tresys.com> - 20081014
- Debian update for NetworkManager/wpa_supplicant from Martin Orr.
- Logrotate and Bind updates from Vaclav Ovsik.
- Init script file and domain support.
- Glibc 2.7 fix from Vaclav Ovsik.
- Samba/winbind update from Mike Edenfield.
- Policy size optimization with a non-security file attribute from James
  Carter.
- Database labeled networking update from KaiGai Kohei.
- Several misc changes from the Fedora policy, cherry picked by David
  Hardeman.
- Large whitespace fix from Dominick Grift.
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
- Issuing commands to upstart is over a datagram socket, not the initctl
  named pipe.  Updated init_telinit() to match.
- Added modules:
        cyphesis (Dan Walsh)
        memcached (Dan Walsh)
        oident (Dominick Grift)
        w3c (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new, major release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  In this release, the type
enforcement-based role separation was replaced with SELinux user-based
access control (UBAC) role separation.  This support deprecates the
per-role templates and rolemap support of the policy.  It also breaks
some compatibility in the interfaces API; however, the compatibility for
types and other policy symbols has been preserved.

Due to the magnitude of this change, the Reference Policy version scheme
has slightly changed, by adding a major number (2) to the version.
Previous versions are considered 1.yyyymmdd releases.

The The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing.

* Wed Dec 10 2008 Chris PeBenito <selinux@tresys.com> - 2.20081210
- Fix consistency of audioentropy and iscsi module naming.
- Debian file context fix for xen from Russell Coker.
- Xserver MLS fix from Eamon Walsh.
- Add omapi port for dhcpcd.
- Deprecate per-role templates and rolemap support.
- Implement user-based access control for use as role separations.
- Move shared library calls from individual modules to the domain module.
- Enable open permission checks policy capability.
- Remove hierarchy from portage module as it is not a good example of
  hierarchy.
- Remove enableaudit target from modular build as semodule -DB supplants it.
- Added modules:
        milter (Paul Howarth)

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on general policy development for supporting new applications
and improving support of current ones.  In addition, support for labeled
Booleans was added.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing.

* Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
- Gentoo fixes for init scripts and system startup.
- Remove read_default_t tunable.
- Greylist milter from Paul Howarth.
- Crack db access for su to handle password expiration, from Brandon Whalen.
- Misc fixes for unix_update from Brandon Whalen.
- Add x_device permissions for XI2 functions, from Eamon Walsh.
- MLS constraints for the x_selection class, from Eamon Walsh.
- Postgresql updates from KaiGai Kohei.
- Milter state directory patch from Paul Howarth.
- Add MLS constrains for ingress/egress and secmark from Paul Moore.
- Drop write permission from fs_read_rpc_sockets().
- Remove unused udev_runtime_t type.
- Patch for RadSec port from Glen Turner.
- Enable network_peer_controls policy capability from Paul Moore.
- Btrfs xattr support from Paul Moore.
- Add db_procedure install permission from KaiGai Kohei.
- Add support for network interfaces with access controlled by a Boolean
  from the CLIP project.
- Several fixes from the CLIP project.
- Add support for labeled Booleans.
- Remove node definitions and change node usage to generic nodes.
- Add kernel_service access vectors, from Stephen Smalley.
- Added modules:
        certmaster (Dan Walsh)
        cpufreqselector (Dan Walsh)
        devicekit (Dan Walsh)
        fprintd (Dan Walsh)
        git (Dan Walsh)
        gpsd (Miroslav Grepl)
        guest (Dan Walsh)
        ifplugd (Dan Walsh)
        lircd (Miroslav Grepl)
        logadm (Dan Walsh)
        pads (Dan Walsh)
        pingd (Dan Walsh)
        policykit (Dan Walsh)
        pulseaudio (Dan Walsh)
        psad (Dan Walsh)
        portreserve (Dan Walsh)
        sssd (Dan Walsh)
        ulogd (Dan Walsh)
        varnishd (Dan Walsh)
        webadm (Dan Walsh)
        wm (Dan Walsh)
        xguest (Dan Walsh)
        zosremote (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on general policy development for supporting new applications
and improving support of current ones.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing.

* Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117
- Add separate x_pointer and x_keyboard classes inheriting from x_device. 
  From Eamon Walsh.
- Deprecated the userdom_xwindows_client_template().
- Misc Gentoo fixes from Corentin Labbe.
- Debian policykit fixes from Martin Orr.
- Fix unconfined_r use of unconfined_java_t.
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
- Add btrfs and ext4 to labeling targets.
- Fix infrastructure to expand macros in initrc_context when installing.
- Handle unix_chkpwd usage by useradd and groupadd.
- Add missing compatibility aliases for xdm_xserver*_t types.
- Added modules:
        abrt (Dan Walsh)
        dkim (Stefan Schulze Frielinghaus)
        gitosis (Miroslav Grepl)
        gnomeclock (Dan Walsh)
        hddtemp (Dan Walsh)
        kdump (Dan Walsh)
        modemmanager(Dan Walsh)
        nslcd (Dan Walsh)
        puppet (Craig Grube)
        rtkit (Dan Walsh)
        seunshare (Dan Walsh)
        shorewall (Dan Walsh)
        tgtd (Matthew Ife)
        tuned (Miroslav Grepl)
        xscreensaver (Corentin Labbe)


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on reducing the differences between the Fedora policy and
Reference Policy.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing, in addition to general
testing.

* Mon May 24 2010 Chris PeBenito <selinux@tresys.com> - 2.20100524
- Merged a significant portion of Fedora policy.
- Move rules from mta mailserver delivery from interface to .te to use
  attributes.
- Remove concept of users from terminal module interfaces since the
  attributes are not specific to users.
- Add non-drawing X client support, for consolekit usage.
- Misc Gentoo fixes from Chris Richards.
- AFS and abrt fixes from Dominick Grift.
- Improved the XML docs of 55 most-used interfaces.
- Apcupsd and amavis fixes from Dominick Grift.
- Fix network_port() in corenetwork to correctly handle port ranges.
- SE-Postgresql updates from KaiGai Kohei.
- X object manager revisions from Eamon Walsh.
- Added modules:
        chronyd (Miroslav Grepl)
        cobbler (Dominick Grift)
        dbadm (KaiGai Kohei)
        denyhosts (Dan Walsh)
        nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
        likewise (Scott Salley)
        plymouthd (Dan Walsh)
        pyicqt (Stefan Schulze Frielinghaus)
        sectoolm (Miroslav Grepl)
        usbmuxd (Dan Walsh)
        vhostmd (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on general maintenance.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing, in addition to general
testing.

* Mon Dec 13 2010 Chris PeBenito <selinux@tresys.com> - 2.20101213
- Git man page from Dominick Grift.
- Alsa and oident home content cleanup from Dominick Grift.
- Add support for custom build options.
- Unconditional staff and user oidentd home config access from Dominick
Grift.
- Conditional mmap_zero support from Dominick Grift.
- Added devtmpfs support.
- Dbadm updates from KaiGai Kohei.
- Virtio disk file context update from Mika Pfluger.
- Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
- Add JIT usage for freshclam.
- Remove ethereal module since the application was renamed to wireshark.
- Remove duplicate/redundant rules, from Russell Coker.
- Increased default number of categories to 1024, from Russell Coker.
- Added modules:
        accountsd (Dan Walsh)
        cgroup (Dominick Grift)
        hadoop (Paul Nuzzi)
        kdumpgui (Dan Walsh)
        livecd (Dan Walsh)
        mojomojo (Lain Arnell)
        sambagui (Dan Walsh)
        shutdown (Dan Walsh)
        sosreport (Dan Walsh)
        vlock (Harry Ciao)

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on general maintenance.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing, in addition to general
testing.

* Mon Dec 13 2010 Chris PeBenito <selinux@tresys.com> - 2.20101213
- Git man page from Dominick Grift.
- Alsa and oident home content cleanup from Dominick Grift.
- Add support for custom build options.
- Unconditional staff and user oidentd home config access from Dominick
Grift.
- Conditional mmap_zero support from Dominick Grift.
- Added devtmpfs support.
- Dbadm updates from KaiGai Kohei.
- Virtio disk file context update from Mika Pfluger.
- Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
- Add JIT usage for freshclam.
- Remove ethereal module since the application was renamed to wireshark.
- Remove duplicate/redundant rules, from Russell Coker.
- Increased default number of categories to 1024, from Russell Coker.
- Added modules:
        accountsd (Dan Walsh)
        cgroup (Dominick Grift)
        hadoop (Paul Nuzzi)
        kdumpgui (Dan Walsh)
        livecd (Dan Walsh)
        mojomojo (Lain Arnell)
        sambagui (Dan Walsh)
        shutdown (Dan Walsh)
        sosreport (Dan Walsh)
        vlock (Harry Ciao)

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

Re: [refpolicy] ANN: Reference Policy Release

[Paul Howarth]

On Tue, 14 Dec 2010 11:39:39 -0500
"Christopher J. PeBenito" <cpebenito@tresys.com> wrote:
> - Added modules:
>         accountsd (Dan Walsh)
>         cgroup (Dominick Grift)
>         hadoop (Paul Nuzzi)
>         kdumpgui (Dan Walsh)
>         livecd (Dan Walsh)
>         mojomojo (Lain Arnell)

I believe that was Iain Arnell, not Lain Arnell.

https://bugzilla.redhat.com/show_bug.cgi?id=502358#c19

Paul.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[refpolicy] ANN: Reference Policy Release

[Paul Howarth]

On Tue, 14 Dec 2010 11:39:39 -0500
"Christopher J. PeBenito" <cpebenito@tresys.com> wrote:
> - Added modules:
>         accountsd (Dan Walsh)
>         cgroup (Dominick Grift)
>         hadoop (Paul Nuzzi)
>         kdumpgui (Dan Walsh)
>         livecd (Dan Walsh)
>         mojomojo (Lain Arnell)

I believe that was Iain Arnell, not Lain Arnell.

https://bugzilla.redhat.com/show_bug.cgi?id=502358#c19

Paul.

Re: [refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

On 12/14/10 16:21, Paul Howarth wrote:
> On Tue, 14 Dec 2010 11:39:39 -0500
> "Christopher J. PeBenito" <cpebenito@tresys.com> wrote:
>> - Added modules:
>>         accountsd (Dan Walsh)
>>         cgroup (Dominick Grift)
>>         hadoop (Paul Nuzzi)
>>         kdumpgui (Dan Walsh)
>>         livecd (Dan Walsh)
>>         mojomojo (Lain Arnell)
> 
> I believe that was Iain Arnell, not Lain Arnell.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=502358#c19

So it is.  My apologies to Iain.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

On 12/14/10 16:21, Paul Howarth wrote:
> On Tue, 14 Dec 2010 11:39:39 -0500
> "Christopher J. PeBenito" <cpebenito@tresys.com> wrote:
>> - Added modules:
>>         accountsd (Dan Walsh)
>>         cgroup (Dominick Grift)
>>         hadoop (Paul Nuzzi)
>>         kdumpgui (Dan Walsh)
>>         livecd (Dan Walsh)
>>         mojomojo (Lain Arnell)
> 
> I believe that was Iain Arnell, not Lain Arnell.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=502358#c19

So it is.  My apologies to Iain.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on
the Tresys OSS site, http://oss.tresys.com.  This release primarily
focused on general maintenance.

The complete change log for this release follows at the end of the
email.

For people interested in helping Reference Policy development, the X
desktop and role separation needs testing, in addition to general
testing.

* Tue Jul 26 2011 Chris PeBenito <selinux@tresys.com> - 2.20110726
- Fix role declarations to handle role attribute compilers.
- Rename audioentropy module to entropyd due to haveged support.
- Add haveged support from Sven Vermeulen.
- Authentication file patch from Matthew Ife.
- Add agent support to zabbix from Sven Vermeulen.
- Cyrus file context update for Gentoo from Corentin Labbe.
- Portage updates from Sven Vermeulen.
- Fix init_system_domain() description, pointed out by Elia Pinto.
- Postgresql selabel_lookup update from KaiGai Kohei.
- Dovecot managesieve support from Mika Pfluger.
- Semicolon after interface/template calls cleanup from Elia Pinto.
- Gentoo courier updates from Sven Vermeulen.
- Amavis patch for connecting to nslcd from Miroslav Grepl.
- Shorewall patch from Miroslav Grepl.
- Cpufreqselector dbus patch from Guido Trentalancia.
- Cron pam_namespace and pam_loginuid support from Harry Ciao.
- Xserver update for startx from Sven Vermeulen.
- Fix MLS constraint for contains permission from Harry Ciao.
- Apache user webpages fix from Dominick Grift.
- Change default build.conf to modular policy from Stephen Smalley.
- Xen refinement patch from Stephen Smalley.
- Sudo timestamp file location update from Sven Vermeulen.
- XServer keyboard event patch from Sven Vermeulen.
- RAID uevent patch from Sven Vermeulen.
- Gentoo ALSA init script usage patch from Sven Vermeulen.
- LVM semaphore usage patch from Sven Vermeulen.
- Module load request patch for insmod from Sven Vermeulen.
- Cron default contexts fix from Harry Ciao.
- Man page fixes from Justin Mattock.
- Add syslog capability.
- Support for logging in to /dev/console, from Harry Ciao.
- Database object class updates and associated SEPostgreSQL changes from
   KaiGai Kohei.
- IPSEC SPD and Hadoop IPSEC updates from Paul Nuzzi.
- Mount updates from Harry Ciao.
- Semanage update for MLS systems from Harry Ciao.
- Vlock terminal use update from Harry Ciao.
- Hadoop CDH3 updates from Paul Nuzzi.
- Add sepgsql_contexts appconfig files from KaiGai Kohei.
- Added modules:
         aiccu
         bugzilla (Dan Walsh)
         colord (Dan Walsh)
         cmirrord (Miroslav Grepl)
         mediawiki (Miroslav Grepl)
         mpd (Miroslav Grepl)
         ncftool
         passenger (Miroslav Grepl)
         qpid (Dan Walsh)
         samhain (Harry Ciao)
         telepathy (Dominick Grift)
         tcsd (Stephen Smalley)
         vnstatd (Dan Walsh)
         zarafa (Miroslav Grepl)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com.  This release reflects the git repository restructuring for core/contrib modules[1].

The complete change log for this release follows at the end of the email.

For people interested in helping Reference Policy development, the X desktop and role separation needs testing, in addition to general testing.

[1] http://oss.tresys.com/pipermail/refpolicy/2011-September/004619.html

* Wed Feb 15 2012 Chris PeBenito <selinux@tresys.com> - 2.20120215
- Sshd usage of mkhomedir_helper via oddjob, from Sven Vermeulen.
- Add slim and lxdm file contexts to xserver, from Sven Vermeulen.
- Add userdom interfaces for user application domains, user tmp files,
  and user tmpfs files.
- Asterisk administration fixes from Sven Vermeulen.
- Fix makefiles to install files with the correct DAC permissions if the
  umask is not 022.
- Remove deprecated support macros.
- Remove rolemap and per-role template support.
- Change corenetwork port declaration to apply the reserved port type
  attribute only, when the type has ports above and below 1024.
- Change secure_mode_policyload to disable only toggling of this Boolean
  rather than disabling all Boolean toggling permissions.
- Use role attributes to assist with domain transitions in interactive
  programs.
- Milter ports patch from Paul Howarth.
- Separate portage fetch rules out of portage_run() and portage_domtrans()
  from Sven Vermeulen.
- Enhance corenetwork network_port() macro to support ports that do not have
  a well defined port number, such as stunnel.
- Opendkim support in dkim module from Paul Howarth.
- Wireshark updates from Sven Vermeulen.
- Change secure_mode_insmod to control sys_module capability rather than
  controlling domain transitions to insmod.
- Openrc and portage updates from Sven Vermeulen.
- Allow user and role changes on dynamic transitions with the same
  constraints as regular transitions.
- New git service features from Dominick Grift.
- Corenetwork policy size optimization from Dan Walsh.
- Silence spurious udp_socket listen denials.
- Fix unexpanded MLS/MCS fields in monolithic seusers file.
- Type transition fix in Postgresql database objects from KaiGai Kohei.
- Support for file context path substitutions (file_contexts.subs).
- Added contrib modules:
        glance (Dan Walsh)
        rhsmcertd (Dan Walsh)
        sanlock (Dan Walsh)
        sblim (Dan Walsh)
        uuidd (Dan Walsh)
        vdagent (Dan Walsh)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com.

* Wed Jul 25 2012 Chris PeBenito <selinux@tresys.com> - 2.20120725
- Rename epollwakeup capability2 permission to block_suspend to match the
  corresponding kernel capability rename.
- Udev and init changes to support /run, from Sven Vermeulen.
- auth_use_nsswitch updates from Miroslav Grepl.
- Mount runtime files fix from Guido Trentalancia.
- Update Python scripts to support Python 3, from Sven Vermeulen.
- Update capability2 object class for new wake_alarm and epollwakeup
  capabilities.
- SEPostgresql updates from Kohei KaiGai.
- Simplify file contexts based on file context path substitutions, from Sven
  Vermeulen.
- Add optional name for kernel and system filetrans interfaces.
- Non-auth file attribute to eliminate set expressions, from James Carter.
- Virt updates from Sven Vermeulen.
- Various dontaudits from Sven Vermeulen.
- Fix base module and monolithic role declaration ordering issue now that
  role declarations must be explicit, from Harry Ciao.
- Added contrib modules:
        bacula (Stan Sander/Sven Vermeulen)
        bcfg2 (Miroslav Grepl)
        blueman (Miroslav Grepl)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com.

The major change is by Dominick Grift merging a significant amount of the Fedora policy.

The full change log is too long to include in this email, so here's the diffstat instead:

Core:
79 files changed, 2233 insertions(+), 1153 deletions(-)

Contrib:
1031 files changed, 37796 insertions(+), 16448 deletions(-)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the Tresys OSS site, http://oss.tresys.com.

The full change log is too long to include in this email, so here's the diffstat instead:

Core:
77 files changed, 1176 insertions(+), 349 deletions(-)

Contrib:
212 files changed, 2509 insertions(+), 370 deletions(-)


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the
Tresys GitHub site, https://github.com/TresysTechnology/refpolicy.

The full changelog is too long to include in this email, so here's the
diffstat instead:

Core:
87 files changed, 897 insertions(+), 321 deletions(-)

Contrib:
104 files changed, 558 insertions(+), 137 deletions(-)

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Christopher J. PeBenito]

A new release of the SELinux Reference Policy is now available on the
Tresys GitHub site, https://github.com/TresysTechnology/refpolicy.

The full changelog is too long to include in this email, so here's the
diffstat instead:

Core:
81 files changed, 3566 insertions(+), 204 deletions(-)

Contrib:
451 files changed, 957 insertions(+), 1092 deletions(-)

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

[refpolicy] ANN: Reference Policy Release

[Chris PeBenito]

A new release of the SELinux Reference Policy is now available on the
GitHub site, https://github.com/TresysTechnology/refpolicy.

The full changelog is too long to include in this email, so here's the
diffstat instead:

Core:
82 files changed, 1411 insertions(+), 225 deletions(-)

Contrib:
125 files changed, 1275 insertions(+), 133 deletions(-)

-- 
Chris PeBenito

[refpolicy] ANN: Reference Policy Release

[Russell Coker]

On Sunday, 23 October 2016 5:29:25 PM AEDT Chris PeBenito wrote:
> A new release of the SELinux Reference Policy is now available on the
> GitHub site, https://github.com/TresysTechnology/refpolicy.

https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease

The archive at the above page has the files policy.28 and policy.30.orig which 
comprise more than half the compressed archive size.

Could you make a new release without them?  Otherwise we are going to have 
that in all the distribution archives and mirror sites.

Also in future could we have more frequent releases?  More frequent upstream 
releases makes it easier for distribution people to send changes upstream and 
gives a greater incentive to do so.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

[refpolicy] ANN: Reference Policy Release

[Chris PeBenito]

On 11/02/16 00:13, Russell Coker wrote:
> On Sunday, 23 October 2016 5:29:25 PM AEDT Chris PeBenito wrote:
>> A new release of the SELinux Reference Policy is now available on the
>> GitHub site, https://github.com/TresysTechnology/refpolicy.
>
> https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
>
> The archive at the above page has the files policy.28 and policy.30.orig which
> comprise more than half the compressed archive size.
>
> Could you make a new release without them?  Otherwise we are going to have
> that in all the distribution archives and mirror sites.

I've fixed the release package; sorry about that.

> Also in future could we have more frequent releases?  More frequent upstream
> releases makes it easier for distribution people to send changes upstream and
> gives a greater incentive to do so.

Yes, I'd like to get back closer to 4/year at least.

-- 
Chris PeBenito

[refpolicy] ANN: Reference Policy Release

[Chris PeBenito]

A new release, 2.20170204, of the SELinux Reference Policy is now 
available on the GitHub site:

https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease

The full changelog is too long to include in this email, so here's the
diffstat instead:

Core:
155 files changed, 1930 insertions(+), 813 deletions(-)

Contrib:
505 files changed, 1840 insertions(+), 903 deletions(-)

-- 
Chris PeBenito

[refpolicy] ANN: Reference Policy release

[Chris PeBenito]

In this release, the refpolicy and refpolicy-contrib repositories were 
remerged; the modules were moved out of the contrib layer. It also 
includes a large update for the X Desktop Group base directory 
specification and SCTP support, among various other fixes.

Refpolicy now requires SELinux userspace v2.8 to compile.

<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20180701>

-- 
Chris PeBenito