Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp3105189pxa; Tue, 18 Aug 2020 06:48:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxU0TrHyMGQ0+3a7IbNt03OwsN47+7gKwb8q+xmgkTz5DZZtAd+58OaqUW+j1QEeXuXq8rI X-Received: by 2002:a17:906:e0c2:: with SMTP id gl2mr20040920ejb.160.1597758533908; Tue, 18 Aug 2020 06:48:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597758533; cv=none; d=google.com; s=arc-20160816; b=wYhPQRA1Pn/w24iByxJIUqlDaVoyAf0LkW+5biigwKYdQdBTq9MSyzM7HZ8u36J1td fg7EYLI49SGBS9HpvAV9y6+ZIOpvGcwdMAi74YbK8kYiXk06DddWgSebvb2v0Gzxtazn Gh6ZVsQ7QRK3MiDsR0/F5/IHaa10qfIHFWpHt8CQhutNbxqTwuZOU/W7YrQO6xMmLfX1 BEhqrCX801qneeyMauFSHNDA3AJ6nZwQsvMzkX0JkrfBUUejmUbhouYZw2lZqacJuM9p SSMIs4TDA7Yeb6axT6OHIjjVgoXggcs/lti8KBBDzoqGqy0PmmHPZN62C2QDHgyWPjjD FgdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:to:subject :from:dkim-signature; bh=r3w2nb052zooTcuhG2HcvvuPfq7r8+zlETVVIthf9gE=; b=UY4/6b01Kc8XG+m6MTwM/7PV79/Bi0ZCZLO4r9NJC+sSt2jTX4uGMi9UucJIxp+Eod CxduH2FyZQZ3WsqsNc6Ji7EGEV7ByW++hYDvjUfXt9xLYIbTNnxt+FlcsOoxVF0n8gaF srypWjbqOBEVn9hI8Lp1rI0rYFQctS4I1RSH+aXcC35OCKk/GlZoS2NQe95ztntVtEnN FSDHZMnMHQuPcHWtD6PpfIXmri3TWWgMB7/gDVhdxEEZYiB734hQrlNV3WpjMcA8NT6p wr57/jxpo/ARXjK3ilSKelRRRdR+J2zZqaNfgsZK7nWVMKZy3jYIY7iyWbmCJzPNrIla B2DA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=P6DNSIVE; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dt1si17913372ejc.574.2020.08.18.06.48.49; Tue, 18 Aug 2020 06:48:53 -0700 (PDT) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=P6DNSIVE; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726480AbgHRNrs (ORCPT + 15 others); Tue, 18 Aug 2020 09:47:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726632AbgHRNrp (ORCPT ); Tue, 18 Aug 2020 09:47:45 -0400 Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73FB8C061342 for ; Tue, 18 Aug 2020 06:47:43 -0700 (PDT) Received: by mail-qt1-x82a.google.com with SMTP id v22so15124726qtq.8 for ; Tue, 18 Aug 2020 06:47:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=from:subject:to:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=r3w2nb052zooTcuhG2HcvvuPfq7r8+zlETVVIthf9gE=; b=P6DNSIVEUF1aZhNvwbeg5esyL0wFtG9O+6Iy+owothePE/ESY4SOmSLm+UuVvUpikf TPqnMPsSauNh2KKZ1xyU2excUWiiH+9s6QdYsqrtQb68qQBxkQkxhZzB0mfJbW67aV0v rjMmcP5mQqPuDMvRi+Lwkl+kOR4rFKD1XljQw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=r3w2nb052zooTcuhG2HcvvuPfq7r8+zlETVVIthf9gE=; b=S1zV3GB/GxhLeud0Ld1BSKJ1cyxccxeCM5I0+GdH8dKZgOtulq/I9GN7H2NcetKMIp w9bMQruMUJEHhBAfM/SQFo6pzJ72vSlO39QC/ar7J2Xd1xqY4+Bw6b68E/jPhPoYlQaD 0Yi6BKJx2G4iAk8nu2yuWPkKtHhKPMdy1v8NY7J65xb97S+K9ERumuPmwU+/yZrfuVlW E+nf2/PND2qyRzS96JJ+WQnAkhkZSHvqMKzbyndTfoDp8RheLnjF6QPxUOPyM8PUFeQn dZXWp1rPXclU3j/I1AnkBZMACdSfUUdsrk1pKI4fV7cUbKxjD7DVUWzpF/IXaRz5am5C h1Ew== X-Gm-Message-State: AOAM530KrJZjYwVGBq+WZ8bAeMV6NE09sZsEktIw1MG0LGWml5ZiC5xX 5sCr548DkSGX8rgFMjfb98Ag4mC32Ro9nQ== X-Received: by 2002:ac8:568a:: with SMTP id h10mr18175086qta.239.1597758461381; Tue, 18 Aug 2020 06:47:41 -0700 (PDT) Received: from fedora.pebenito.net (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247]) by smtp.gmail.com with ESMTPSA id h24sm20632767qkk.72.2020.08.18.06.47.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 18 Aug 2020 06:47:40 -0700 (PDT) From: Chris PeBenito Subject: ANN: Reference Policy 2.20200818 To: SElinux list , refpolicy Message-ID: Date: Tue, 18 Aug 2020 09:47:39 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org New modules: - usbguard - aptcacher Changes: - Renamed "pid" interfaces to "runtime" interfaces to match the *_var_run_t to *_runtime_t rename - Merge systemd generator domains - Several systemd updates - Set value of build options to "true" so m4 ifelse can be used - Revise relabeling access to prevent relabeling to unlabeled_t - Makefile, Vagrant, and m4 improvements - First pass of cleanups from SELint - Clean up domains that had user tty or pty access but could be used from either - Add various inotify watch permissions - Add rules for apt-catcher-ng and acngtool - Add support for generating nft tables to gennetfilter - Many more minor fixes across the policy Removals: - Drop Python 2 compatibility code from genhomedircon.py - Remove unlabeled packet access - Remove ada module https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818 -- Chris PeBenito