[gentoo-commits] proj/hardened-refpolicy:master commit in: /

["Jason Zaman" <perfinion@gentoo.org>]

commit:     744101042e9ae8eab4f942963b64dcaf5f2c738a
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Fri Feb  1 20:03:42 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 04:11:25 2019 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=74410104

Update Changelog and VERSION for release.

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 Changelog | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 VERSION   |   2 +-
 2 files changed, 235 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index 116e228a..75d5fae0 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,237 @@
+* Fri Feb 01 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190201
+Alexander Miroshnichenko (16):
+      Add signal_perms setpgid setsched permissions to syncthing_t.
+      Add corecmd_exec_bin permissions to syncthing_t.
+      Allow syncthing_t to read network state.
+      Allow syncthing_t to execute ifconfig/iproute2.
+      Add required permissions for nsd_t to be able running.
+      Add nsd_admin interface to sysadm.te.
+      Add map permission to lvm_t on lvm_metadata_t.
+      Add comment for map on lvm_metadata_t.
+      Remove syncthing tunable_policy.
+      Remove unneeded braces from nsd.te.
+      Add new interface fs_rmw_hugetlbfs_files.
+      Add map permission for postgresql_t to postgresql_tmp_t files.
+      Add dovecot_can_connect_db boolean.
+      fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface
+      Add hostapd service module
+      minor updates redis module to be able to start the app
+
+Chris PeBenito (85):
+      mozilla, devices, selinux, xserver, init, iptables: Module version bump.
+      devices: Module version bump.
+      misc_patterns.spt: Remove unnecessary brackets.
+      ipsec: Module version bump.
+      fstools: Module version bump.
+      corecommands: Module version bump.
+      xserver: Module version bump.
+      Merge pull request #1 from bigon/fix-sepolgen-ifgen
+      Remove unused translate permission in context userspace class.
+      logrotate: Module version bump.
+      miscfiles: Module version bump.
+      Merge pull request #3 from bigon/xdp-socket
+      obj_perm_sets.spt: Add xdp_socket to socket_class_set.
+      clamav, ssh, init: Module version bump.
+      amavis, apache, clamav, exim, mta, udev: Module version bump.
+      dnsmasq: Whitespace fix in file contexts.
+      dnsmasq: Reorder lines in file contexts.
+      Merge branch 'master' of https://github.com/bigon/refpolicy
+      Merge branch 'resolved' of https://github.com/bigon/refpolicy
+      Merge branch 'iscsi' of https://github.com/bigon/refpolicy
+      Various modules: Version bump.
+      dnsmasq: Module version bump.
+      Merge branch 'minissdpd' of https://github.com/bigon/refpolicy
+      cron, minissdpd, ntp, systemd: Module version bump.
+      dbus, xserver, init, logging, modutils: Module version bump.
+      Merge branch 'syncthing' of https://github.com/alexminder/refpolicy
+      syncthing: Whitespace change
+      Merge branch 'lvm' of https://github.com/alexminder/refpolicy
+      lvm, syncthing: Module version bump.
+      sigrok: Remove extra comments.
+      networkmanager: Add ICMPv6 comment
+      sysnetwork: Move optional block in sysnet_dns_name_resolve().
+      sysnetwork: Move lines.
+      dpkg: Rename dpkg_read_script_tmp_links().
+      apt, rpm: Remove and move lines to fix fc conflicts.
+      sudo: Whitespace fix.
+      many: Module version bumps for changes from Russell Coker.
+      systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().
+      init: Remove inadvertent merge.
+      Merge branch 'nsd' of https://github.com/alexminder/refpolicy
+      nsd: Merge two rules into one.
+      Merge branch 'ssh_dac_read_search' of
+         git://github.com/fishilico/selinux-refpolicy
+      Merge branch 'restorecond_getattr_cgroupfs' of
+         git://github.com/fishilico/selinux-refpolicy
+      Merge branch 'systemd-logind-getutxent' of
+         git://github.com/fishilico/selinux-refpolicy
+      various: Module version bump.
+      iptables: Module version bump.
+      Add CONTRIBUTING file.
+      kernel, systemd: Move lines.
+      kernel, jabber, ntp, init, logging, systemd: Module version bump.
+      Merge branch 'systemd-journald_units_symlinks' of
+         git://github.com/fishilico/selinux-refpolicy
+      init, logging: Module version bump.
+      Merge branch 'services_single_usr_bin' of
+         git://github.com/fishilico/selinux-refpolicy
+      Merge branch 'init_rename_pid_interfaces' of
+         git://github.com/fishilico/selinux-refpolicy
+      various: Module name bump.
+      Merge branch 'systemd-rfkill' of
+         git://github.com/fishilico/selinux-refpolicy
+      systemd: Whitespace change
+      systemd: Module version bump.
+      Merge branch 'restorecond-symlinks' of
+         git://github.com/fishilico/selinux-refpolicy
+      Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy
+      usermanage, cron, selinuxutil: Module version bump.
+      logging, sysnetwork, systemd: Module version bump.
+      Merge branch 'restorecond-dontaudit-symlinks' of
+         git://github.com/fishilico/selinux-refpolicy
+      selinuxutil: Module version bump.
+      Merge branch 'dbus-dynamic-uid' of
+         git://github.com/fishilico/selinux-refpolicy
+      xserver: Move line
+      systemd: Move interface implementation.
+      various: Module version bump.
+      dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().
+      dpkg: Move interface implementations.
+      init: Rename init_read_generic_units_links() to
+         init_read_generic_units_symlinks().
+      init: Drop unnecessary userspace class dependence in
+         init_read_generic_units_symlinks().
+      chromium: Whitespace fixes.
+      chromium: Move line.
+      Merge branch 'dovecot' of git://github.com/alexminder/refpolicy
+      dovecot: Move lines.
+      various: Module version bump.
+      Merge branch 'postgres' of git://github.com/alexminder/refpolicy
+      filesystem, postgresql: Module version bump.
+      hostapd: Whitespace change.
+      hostapd: Move line.
+      various: Module version bump.
+      redis: Move line.
+      redis: Module version bump.
+      corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version
+         bump.
+      Bump module versions for release.
+
+David Sugar (15):
+      Interface to allow reading of virus signature files.
+      Update CUSTOM_BUILDOPT
+      Add interface udev_run_domain
+      Allow clamd_t to read /proc/sys/crypt/fips_enabled
+      Interface to add domain allowed to be read by ClamAV for scanning.
+      Add interfaces to control clamav_unit_t systemd services
+      Allow clamd to use sent file descriptor
+      Add interfaces to control ntpd_unit_t systemd services
+      interface to enable/disable systemd_networkd service
+      Interface to read cron_system_spool_t
+      Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled
+      Allow kmod to read /proc/sys/crypto/fips_enabled
+      Allow dbus to access /proc/sys/crypto/fips_enabled
+      Add missing require for 'daemon' attribute.
+      Allow auditctl_t to read bin_t symlinks.
+
+Dominick Grift (1):
+      unconfined: add a note about DBUS
+
+Guido Trentalancia (1):
+      Add sigrok contrib module
+
+Jagannathan Raman (1):
+      vhost: Add /dev/vhost-scsi device of type vhost_device_t.
+
+Jason Zaman (10):
+      selinux: compute_access_vector requires creating netlink_selinux_sockets
+      mozilla: xdg updates
+      xserver: label .cache/fontconfig as user_fonts_cache_t
+      Allow map xserver_misc_device_t for nvidia driver
+      iptables: fcontexts for 1.8.0
+      devices: introduce dev_dontaudit_read_sysfs
+      files: introduce files_dontaudit_read_etc_files
+      kernel: introduce kernel_dontaudit_read_kernel_sysctl
+      userdomain: introduce userdom_user_home_dir_filetrans_user_cert
+      Add chromium policy upstreamed from Gentoo
+
+Laurent Bigonville (10):
+      policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to
+         make sepolgen-ifgen happy
+      Add xdp_socket security class and access vectors
+      irqbalance now creates an abstract socket
+      Allow semanage_t to connect to system D-Bus bus
+      Allow ntpd_t to read init state
+      Add systemd_dbus_chat_resolved() interface
+      Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names
+      Allow systemd_resolved_t to bind to port 53 and use net_raw
+      Allow iscsid_t to create a netlink_iscsi_socket
+      Allow minissdpd_t to create a unix_stream_socket
+
+Luis Ressel (7):
+      corecommands: Fix /usr/share/apr* fc
+      xserver: Allow user fonts (and caches) to be mmap()ed.
+      Add fc for /var/lib/misc/logrotate.status
+      Realign logrotate.fc, remove an obvious comment
+      miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t
+      services/ssh: Don't audit accesses from ssh_t to /dev/random
+      system/init: Give init_spec_daemon_domain()s the "daemon" attribute
+
+Lukas Vrabec (1):
+      Improve domain_transition_pattern to allow mmap entrypoint bin file.
+
+Nicolas Iooss (11):
+      fstools: label e2mmpstatus as fsadm_exec_t
+      ssh: use dac_read_search instead of dac_override
+      selinuxutil: allow restorecond to try counting the number of files in
+         cgroup fs
+      systemd: allow systemd-logind to use getutxent()
+      Allow systemd-journald to read systemd unit symlinks
+      Label service binaries in /usr/bin like /usr/sbin
+      init: rename *_pid_* interfaces to use "runtime"
+      systemd: add policy for systemd-rfkill
+      selinuxutil: allow restorecond to read symlinks
+      selinuxutil: restorecond is buggy when it dereferencies symlinks
+      dbus: allow using dynamic UID
+
+Petr Vorel (1):
+      dnsmasq: Require log files to have .log suffix
+
+Russell Coker (19):
+      misc services patches
+      misc interfaces
+      last misc stuff
+      systemd related interfaces
+      systemd misc
+      missing from previous
+      cron trivial
+      mls stuff
+      logging
+      some little stuff
+      trivial system cronjob
+      another trivial
+      more tiny stuff
+      map systemd private dirs
+      tiny stuff for today
+      yet more tiny stuff
+      yet another little patch
+      chromium
+      more misc stuff
+
+Sugar, David (9):
+      Allow greeter to start dbus
+      pam_faillock creates files in /run/faillock
+      Add interface to get status of iptables service
+      Add interface to start/stop iptables service
+      label journald configuraiton files syslog_conf_t
+      Interface with systemd_hostnamed over dbus to set hostname
+      Modify type for /etc/hostname
+      Add interface clamav_run
+      Add interface to read journal files
+
+Yuli Khodorkovskiy (1):
+      ipsec: add missing permissions for pluto
+
 * Sun Jul 01 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180701
 Chris PeBenito (28):
       Enable cgroup_seclabel and nnp_nosuid_transition.

diff --git a/VERSION b/VERSION
index b40612cc..b93d30a8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.20180701
+2.20190201