New modules:
- usbguard
- aptcacher
Changes:
- Renamed "pid" interfaces to "runtime" interfaces to match the *_var_run_t to
*_runtime_t rename
- Merge systemd generator domains
- Several systemd updates
- Set value of build options to "true" so m4 ifelse can be used
- Revise relabeling access to prevent relabeling to unlabeled_t
- Makefile, Vagrant, and m4 improvements
- First pass of cleanups from SELint
- Clean up domains that had user tty or pty access but could be used from
either
- Add various inotify watch permissions
- Add rules for apt-catcher-ng and acngtool
- Add support for generating nft tables to gennetfilter
- Many more minor fixes across the policy
Removals:
- Drop Python 2 compatibility code from genhomedircon.py
- Remove unlabeled packet access
- Remove ada module
https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818
--
Chris PeBenito