Your message dated Tue, 27 Dec 2016 15:04:07 +0000
with message-id <e1cltin-0007j9...@fasolo.debian.org>
and subject line Bug#691283: fixed in refpolicy 2:2.20161023.1-4
has caused the Debian Bug report #691283,
regarding selinux-policy-default: monit policy package
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
691283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691283
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: selinux-policy-default
Version: 2:2.20110726-11
Severity: wishlist
Hi,
can you include a policy package for monit.
I write one which covers the monit daemon, the web interface, the
process monitoring and the monit invocation from a root console.
It does not cover connections to m/monit and file monitoring.
The only thing i could not include into the package is the port
labeling, so i'am doing it by hand with:
semanage port -a -t monit_port_t -p tcp 2812
Best regards,
Christian Göttsche
/etc/monit(/.*)? gen_context(system_u:object_r:monit_etc_t,s0)
/etc/monit/monitrc gen_context(system_u:object_r:monit_config_t,s0)
/etc/monit/conf.d(/.*)? gen_context(system_u:object_r:monit_config_t,s0)
/etc/monit/monit-config(/.*)? gen_context(system_u:object_r:monit_config_t,s0)
/usr/sbin/monit gen_context(system_u:object_r:monit_exec_t,s0)
/usr/bin/monit gen_context(system_u:object_r:monit_exec_t,s0)
/var/lib/monit(/.*)? gen_context(system_u:object_r:monit_lib_t,s0)
/var/log/monit(/.*)? gen_context(system_u:object_r:monit_log_t,s0)
/var/log/monit.* -- gen_context(system_u:object_r:monit_log_t,s0)
## <summary></summary>
policy_module(monit,1.0.0)
#### file/domain-types
type monit_t;
domain_type(monit_t)
type monit_exec_t;
files_type(monit_exec_t)
type monit_etc_t;
files_type(monit_etc_t)
type monit_config_t;
files_config_file(monit_config_t)
type monit_lib_t;
files_type(monit_lib_t)
type monit_port_t;
corenet_port(monit_port_t)
type monit_log_t;
logging_log_file(monit_log_t)
logging_log_filetrans(monit_t, monit_log_t, {file dir})
type monit_run_t;
files_pid_file(monit_run_t)
files_pid_filetrans(monit_t, monit_run_t, {file dir})
#### monit_t
init_daemon_domain(monit_t, monit_exec_t)
init_domtrans_script(monit_t)
dontaudit direct_init monit_t:fd use;
allow monit_t self:netlink_route_socket { write getattr read bind create
nlmsg_read };
allow monit_t self:tcp_socket { write read connect shutdown getopt create bind
setopt listen accept };
allow monit_t self:udp_socket { write read connect shutdown getopt create ioctl
getattr };
allow monit_t self:sem { read write unix_write };
allow monit_t self:capability { net_raw sys_ptrace dac_read_search dac_override
};
allow monit_t self:rawip_socket { write read create setopt shutdown };
allow monit_t self:process { signal getpgid };
allow monit_t self:fifo_file { ioctl getattr };
allow monit_t monit_etc_t:dir list_dir_perms;
allow monit_t monit_etc_t:file read_file_perms;
allow monit_t monit_config_t:dir list_dir_perms;
allow monit_t monit_config_t:file read_file_perms;
allow monit_t monit_config_t:lnk_file read_lnk_file_perms;
allow monit_t monit_lib_t:dir manage_dir_perms;
allow monit_t monit_lib_t:file manage_file_perms;
allow monit_t monit_log_t:file manage_file_perms;
allow monit_t monit_run_t:file manage_file_perms;
allow monit_t monit_port_t:tcp_socket name_bind;
corenet_tcp_bind_generic_node(monit_t)
corenet_tcp_connect_all_ports(monit_t)
corecmd_exec_bin(monit_t)
corecmd_exec_shell(monit_t)
miscfiles_read_localization(monit_t)
dev_read_urand(monit_t)
userdom_dontaudit_search_user_home_dirs(monit_t)
files_read_etc_files(monit_t)
files_read_all_pids(monit_t)
sysnet_read_config(monit_t)
files_search_var_lib(monit_t)
files_read_etc_runtime_files(monit_t)
dev_list_sysfs(monit_t)
kernel_read_system_state(monit_t)
storage_getattr_fixed_disk_dev(monit_t)
fs_getattr_xattr_fs(monit_t)
domain_read_all_domains_state(monit_t)
domain_getpgid_all_domains(monit_t)
## running monit from root console
domain_use_interactive_fds(monit_t)
userdom_use_user_ptys(monit_t)
--- End Message ---
--- Begin Message ---
Source: refpolicy
Source-Version: 2:2.20161023.1-4
We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 691...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russell Coker <russ...@coker.com.au> (supplier of updated refpolicy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Dec 2016 00:36:11 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20161023.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Russell Coker <russ...@coker.com.au>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building
modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 691283 739590
Changes:
refpolicy (2:2.20161023.1-4) unstable; urgency=medium
.
* Allow mon_t to read sysfs.
* Made gpm_getattr_gpmctl also allow getattr on the fifo_file
* Allow mount_t to getattr tmpfs_t and rpc_pipefs_t filesystems
* Allow systemd_logind_t to change identities of files
* Allow systemd_logind_t to read the cgroups files of all login processes
* Added monit policy from cgzones <cgzo...@googlemail.com>. Closes: #691283
* Allow udev_t to transition to initrc_t for hotplug scripts, and label
/etc/network/ip-ip.d/* etc as initrc_exec_t. Policy taken from Wheezy at
the recommendation of Devin Carraway <de...@debian.org>
Closes: #739590
Checksums-Sha1:
189499816c07f12a7f22442e8161be26f0156070 2459 refpolicy_2.20161023.1-4.dsc
15e3e677fa6775ad78f6559a20fe4ca1244b473f 92148
refpolicy_2.20161023.1-4.debian.tar.xz
1b9ae1b1eebc7c0d93d4adf5ec16357c4a09cbb6 6808
refpolicy_2.20161023.1-4_amd64.buildinfo
2a5ac782f1bd9fb908fc1b865ff466735b124042 3018858
selinux-policy-default_2.20161023.1-4_all.deb
e88b981e8c7319b4439a0a6eaebe8d242b6fd66d 463366
selinux-policy-dev_2.20161023.1-4_all.deb
6ee154ade4cbc5708884606a098a4120037a0f37 443532
selinux-policy-doc_2.20161023.1-4_all.deb
a846d0986bbb4a86ff1c39739d13496cb0a9e407 3053374
selinux-policy-mls_2.20161023.1-4_all.deb
3af0da62533e5fe3fd44edfc887377b17b766453 1255246
selinux-policy-src_2.20161023.1-4_all.deb
Checksums-Sha256:
83edada4e484e9c15e7459fe3296e066734a54ed9866aa081b5588a4652a228f 2459
refpolicy_2.20161023.1-4.dsc
acc91b5f643404328df9a4fcfab34930706b62891190943748ed54c770958404 92148
refpolicy_2.20161023.1-4.debian.tar.xz
4d116529c0f503fa30fbef09d413c46ede3d0794c91097fdd651929b5f1dd9d1 6808
refpolicy_2.20161023.1-4_amd64.buildinfo
bd8727a26b5e563fdc6453e6a3de0e5eae16815b8a404f226163e2e7b4b96132 3018858
selinux-policy-default_2.20161023.1-4_all.deb
044f336c879e4f41c80dae8bc5f32f96b6726384aef74b7010d6b604f42af433 463366
selinux-policy-dev_2.20161023.1-4_all.deb
c4299e8222d1ef0fdef2920096aa4af0d7fea2cb3dd75362f42237060098d076 443532
selinux-policy-doc_2.20161023.1-4_all.deb
2566c29480be009324402cecff33a23b0a0591d05e466036fa2bbc359d7e3cbd 3053374
selinux-policy-mls_2.20161023.1-4_all.deb
a49d705eda1260dd33026997a9465fcc33de932afa22122cb535cfd4f29c440a 1255246
selinux-policy-src_2.20161023.1-4_all.deb
Files:
85af5d7068806f3d768dfd4189938024 2459 admin optional
refpolicy_2.20161023.1-4.dsc
5522f1f67806dab02aa4578a79348542 92148 admin optional
refpolicy_2.20161023.1-4.debian.tar.xz
6dbebf637ed47e8386494aa65967cf2b 6808 admin optional
refpolicy_2.20161023.1-4_amd64.buildinfo
b861e3432a4a42c9a5c5f89e52d7c0fa 3018858 admin optional
selinux-policy-default_2.20161023.1-4_all.deb
56dcb8f22a94d4c783ab11c81143a802 463366 admin optional
selinux-policy-dev_2.20161023.1-4_all.deb
48aa236e31785e11440132dcc2528a5e 443532 doc optional
selinux-policy-doc_2.20161023.1-4_all.deb
00696b51436912f8b8d49448a10c99c3 3053374 admin extra
selinux-policy-mls_2.20161023.1-4_all.deb
c32f304a057b35342538e8191c3fc803 1255246 admin optional
selinux-policy-src_2.20161023.1-4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlhibz8ACgkQ0UHNMPxL
j3klZRAAjCxJoLw163bF8WbqvfenGwYmbUrEWJ49EvcWLyn/o0iCcYttI3mWVB1f
ODdOCc82UdhpLzy8ImpzyUzkZKOW/o9uBIoSRkmBQVbrmLylbUCTbR2i3ySNcDvG
bYeU9D4tISK3zh5wBPofcluNkR8s+DdYBwEGASFh4drrODXDIzyN/JzrrKcB6uzE
WPk5O/q7LOd5Rr/1oCkTFTIptFjQyrG4iz1R8MhplncAdyVuvA9mqgx8vBqbm71R
zswNK7vtRSQEaaJ5rwczu3n9C5k8h3Hk2UHXHQjWsNfMtT7zamkocVQx1YKXJKLt
8uQVlZKjSWKESUvVeFJck5zE6sQs4kJJ/3JM5S9YzOZpiqXzJDqT6fTgT6qdFqLz
4CoZHZk9j8ejnXy6i9XWqRwaPFMpnBn4VN4wNMO1lcdzWB1mH/icBeZQk3nb4hGl
N4LKScL0DpGb6d90Q7Zho+4GjTa7CcQgRTxY4BIaUM9xQ28uSIo6VshkVlrsq+7p
nTt2qvOtxLaJkMb4LEs55EOkNxp5O6lhZi7xuhak3xj7dVHFJsTZFoae1+Wggs2v
yYldcX161xPyTxDP6JseBLDgIVKSEe550NmZGCBQFwT5ZG47AQnMgoTfZNLnEc6Z
8ZM5ZBXeRZ6zlTMkfjofwSDYTtms7T9Iem167zKDR54qBE/TUN8=
=sZHm
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel