Your message dated Tue, 27 Dec 2016 15:04:07 +0000 with message-id <e1cltin-0007j9...@fasolo.debian.org> and subject line Bug#691283: fixed in refpolicy 2:2.20161023.1-4 has caused the Debian Bug report #691283, regarding selinux-policy-default: monit policy package to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691283 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: selinux-policy-default Version: 2:2.20110726-11 Severity: wishlist Hi, can you include a policy package for monit. I write one which covers the monit daemon, the web interface, the process monitoring and the monit invocation from a root console. It does not cover connections to m/monit and file monitoring. The only thing i could not include into the package is the port labeling, so i'am doing it by hand with: semanage port -a -t monit_port_t -p tcp 2812 Best regards, Christian Göttsche/etc/monit(/.*)? gen_context(system_u:object_r:monit_etc_t,s0) /etc/monit/monitrc gen_context(system_u:object_r:monit_config_t,s0) /etc/monit/conf.d(/.*)? gen_context(system_u:object_r:monit_config_t,s0) /etc/monit/monit-config(/.*)? gen_context(system_u:object_r:monit_config_t,s0) /usr/sbin/monit gen_context(system_u:object_r:monit_exec_t,s0) /usr/bin/monit gen_context(system_u:object_r:monit_exec_t,s0) /var/lib/monit(/.*)? gen_context(system_u:object_r:monit_lib_t,s0) /var/log/monit(/.*)? gen_context(system_u:object_r:monit_log_t,s0) /var/log/monit.* -- gen_context(system_u:object_r:monit_log_t,s0)## <summary></summary>policy_module(monit,1.0.0) #### file/domain-types type monit_t; domain_type(monit_t) type monit_exec_t; files_type(monit_exec_t) type monit_etc_t; files_type(monit_etc_t) type monit_config_t; files_config_file(monit_config_t) type monit_lib_t; files_type(monit_lib_t) type monit_port_t; corenet_port(monit_port_t) type monit_log_t; logging_log_file(monit_log_t) logging_log_filetrans(monit_t, monit_log_t, {file dir}) type monit_run_t; files_pid_file(monit_run_t) files_pid_filetrans(monit_t, monit_run_t, {file dir}) #### monit_t init_daemon_domain(monit_t, monit_exec_t) init_domtrans_script(monit_t) dontaudit direct_init monit_t:fd use; allow monit_t self:netlink_route_socket { write getattr read bind create nlmsg_read }; allow monit_t self:tcp_socket { write read connect shutdown getopt create bind setopt listen accept }; allow monit_t self:udp_socket { write read connect shutdown getopt create ioctl getattr }; allow monit_t self:sem { read write unix_write }; allow monit_t self:capability { net_raw sys_ptrace dac_read_search dac_override }; allow monit_t self:rawip_socket { write read create setopt shutdown }; allow monit_t self:process { signal getpgid }; allow monit_t self:fifo_file { ioctl getattr }; allow monit_t monit_etc_t:dir list_dir_perms; allow monit_t monit_etc_t:file read_file_perms; allow monit_t monit_config_t:dir list_dir_perms; allow monit_t monit_config_t:file read_file_perms; allow monit_t monit_config_t:lnk_file read_lnk_file_perms; allow monit_t monit_lib_t:dir manage_dir_perms; allow monit_t monit_lib_t:file manage_file_perms; allow monit_t monit_log_t:file manage_file_perms; allow monit_t monit_run_t:file manage_file_perms; allow monit_t monit_port_t:tcp_socket name_bind; corenet_tcp_bind_generic_node(monit_t) corenet_tcp_connect_all_ports(monit_t) corecmd_exec_bin(monit_t) corecmd_exec_shell(monit_t) miscfiles_read_localization(monit_t) dev_read_urand(monit_t) userdom_dontaudit_search_user_home_dirs(monit_t) files_read_etc_files(monit_t) files_read_all_pids(monit_t) sysnet_read_config(monit_t) files_search_var_lib(monit_t) files_read_etc_runtime_files(monit_t) dev_list_sysfs(monit_t) kernel_read_system_state(monit_t) storage_getattr_fixed_disk_dev(monit_t) fs_getattr_xattr_fs(monit_t) domain_read_all_domains_state(monit_t) domain_getpgid_all_domains(monit_t) ## running monit from root console domain_use_interactive_fds(monit_t) userdom_use_user_ptys(monit_t)
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 2:2.20161023.1-4 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 691...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russell Coker <russ...@coker.com.au> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Dec 2016 00:36:11 +1100 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:2.20161023.1-4 Distribution: unstable Urgency: medium Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org> Changed-By: Russell Coker <russ...@coker.com.au> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 691283 739590 Changes: refpolicy (2:2.20161023.1-4) unstable; urgency=medium . * Allow mon_t to read sysfs. * Made gpm_getattr_gpmctl also allow getattr on the fifo_file * Allow mount_t to getattr tmpfs_t and rpc_pipefs_t filesystems * Allow systemd_logind_t to change identities of files * Allow systemd_logind_t to read the cgroups files of all login processes * Added monit policy from cgzones <cgzo...@googlemail.com>. Closes: #691283 * Allow udev_t to transition to initrc_t for hotplug scripts, and label /etc/network/ip-ip.d/* etc as initrc_exec_t. Policy taken from Wheezy at the recommendation of Devin Carraway <de...@debian.org> Closes: #739590 Checksums-Sha1: 189499816c07f12a7f22442e8161be26f0156070 2459 refpolicy_2.20161023.1-4.dsc 15e3e677fa6775ad78f6559a20fe4ca1244b473f 92148 refpolicy_2.20161023.1-4.debian.tar.xz 1b9ae1b1eebc7c0d93d4adf5ec16357c4a09cbb6 6808 refpolicy_2.20161023.1-4_amd64.buildinfo 2a5ac782f1bd9fb908fc1b865ff466735b124042 3018858 selinux-policy-default_2.20161023.1-4_all.deb e88b981e8c7319b4439a0a6eaebe8d242b6fd66d 463366 selinux-policy-dev_2.20161023.1-4_all.deb 6ee154ade4cbc5708884606a098a4120037a0f37 443532 selinux-policy-doc_2.20161023.1-4_all.deb a846d0986bbb4a86ff1c39739d13496cb0a9e407 3053374 selinux-policy-mls_2.20161023.1-4_all.deb 3af0da62533e5fe3fd44edfc887377b17b766453 1255246 selinux-policy-src_2.20161023.1-4_all.deb Checksums-Sha256: 83edada4e484e9c15e7459fe3296e066734a54ed9866aa081b5588a4652a228f 2459 refpolicy_2.20161023.1-4.dsc acc91b5f643404328df9a4fcfab34930706b62891190943748ed54c770958404 92148 refpolicy_2.20161023.1-4.debian.tar.xz 4d116529c0f503fa30fbef09d413c46ede3d0794c91097fdd651929b5f1dd9d1 6808 refpolicy_2.20161023.1-4_amd64.buildinfo bd8727a26b5e563fdc6453e6a3de0e5eae16815b8a404f226163e2e7b4b96132 3018858 selinux-policy-default_2.20161023.1-4_all.deb 044f336c879e4f41c80dae8bc5f32f96b6726384aef74b7010d6b604f42af433 463366 selinux-policy-dev_2.20161023.1-4_all.deb c4299e8222d1ef0fdef2920096aa4af0d7fea2cb3dd75362f42237060098d076 443532 selinux-policy-doc_2.20161023.1-4_all.deb 2566c29480be009324402cecff33a23b0a0591d05e466036fa2bbc359d7e3cbd 3053374 selinux-policy-mls_2.20161023.1-4_all.deb a49d705eda1260dd33026997a9465fcc33de932afa22122cb535cfd4f29c440a 1255246 selinux-policy-src_2.20161023.1-4_all.deb Files: 85af5d7068806f3d768dfd4189938024 2459 admin optional refpolicy_2.20161023.1-4.dsc 5522f1f67806dab02aa4578a79348542 92148 admin optional refpolicy_2.20161023.1-4.debian.tar.xz 6dbebf637ed47e8386494aa65967cf2b 6808 admin optional refpolicy_2.20161023.1-4_amd64.buildinfo b861e3432a4a42c9a5c5f89e52d7c0fa 3018858 admin optional selinux-policy-default_2.20161023.1-4_all.deb 56dcb8f22a94d4c783ab11c81143a802 463366 admin optional selinux-policy-dev_2.20161023.1-4_all.deb 48aa236e31785e11440132dcc2528a5e 443532 doc optional selinux-policy-doc_2.20161023.1-4_all.deb 00696b51436912f8b8d49448a10c99c3 3053374 admin extra selinux-policy-mls_2.20161023.1-4_all.deb c32f304a057b35342538e8191c3fc803 1255246 admin optional selinux-policy-src_2.20161023.1-4_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlhibz8ACgkQ0UHNMPxL j3klZRAAjCxJoLw163bF8WbqvfenGwYmbUrEWJ49EvcWLyn/o0iCcYttI3mWVB1f ODdOCc82UdhpLzy8ImpzyUzkZKOW/o9uBIoSRkmBQVbrmLylbUCTbR2i3ySNcDvG bYeU9D4tISK3zh5wBPofcluNkR8s+DdYBwEGASFh4drrODXDIzyN/JzrrKcB6uzE WPk5O/q7LOd5Rr/1oCkTFTIptFjQyrG4iz1R8MhplncAdyVuvA9mqgx8vBqbm71R zswNK7vtRSQEaaJ5rwczu3n9C5k8h3Hk2UHXHQjWsNfMtT7zamkocVQx1YKXJKLt 8uQVlZKjSWKESUvVeFJck5zE6sQs4kJJ/3JM5S9YzOZpiqXzJDqT6fTgT6qdFqLz 4CoZHZk9j8ejnXy6i9XWqRwaPFMpnBn4VN4wNMO1lcdzWB1mH/icBeZQk3nb4hGl N4LKScL0DpGb6d90Q7Zho+4GjTa7CcQgRTxY4BIaUM9xQ28uSIo6VshkVlrsq+7p nTt2qvOtxLaJkMb4LEs55EOkNxp5O6lhZi7xuhak3xj7dVHFJsTZFoae1+Wggs2v yYldcX161xPyTxDP6JseBLDgIVKSEe550NmZGCBQFwT5ZG47AQnMgoTfZNLnEc6Z 8ZM5ZBXeRZ6zlTMkfjofwSDYTtms7T9Iem167zKDR54qBE/TUN8= =sZHm -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
