selinux-policy-default - Strict and Targeted variants of the SELinux policy

Distribution: Debian Sid
Repository: Debian Main i386
Package name: selinux-policy-default
Package version: 2.20161023.1
Package release: 10
Package architecture: all
Package type: deb
Installed size: 4.25 KB
Download size: 2.90 MB
Official Mirror:
Description: unavailable.


  • mcstrans


    Source package: refpolicy

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install selinux-policy-default deb package:
      # sudo apt-get install selinux-policy-default


    2017-09-13 - Russell Coker <> refpolicy (2:2.20161023.1-10) unstable; urgency=medium * Add patch for typebounds. This patch was rejected upstream, to quote Chris PeBenito: NAK. This has already been fixed with the upcoming nnp_transition nosuid_transition permissions in refpolicy. I'm afraid distros will have to carry policy patches until they can roll out kernels that support these permissions. Closes: #874201 * Allow systemd-tmpfiles to delete /var/lib/sudo files. Closes: #875668 * Allow brctl to create files in sysfs and correctly label /usr/lib/bridge-utils/.*\.sh Closes: #875669 * Give bootloader_t all the access it needs to create initramfs images in different situations and communicate with dpkg_t. Closes: #875676 * Allow dnsmasq_t to read it's config dir Closes: #875681 * Build-depend and depend on version 2.7 of tools and libraries. * Allow systemd_tmpfiles_t to manage lastlog_t Closes: #875726 * Allow udev_t to talk to init via dbus and get service status in strict configuration Closes: #875727

    2017-01-26 - Russell Coker <> refpolicy (2:2.20161023.1-9) unstable; urgency=medium * Dontaudit dkim_milter_t binding to labeled udp ports * Allow passwd_t to inherit fd from unconfined_t for package scripts * Allow httpd_sys_script_t to talk to itself via unix datagrams and send syslog messages * Allow logwatch_mail_t to rw system_cronjob_t pipes Allow logwatch_t to run mdadm * Label /etc/postfixadmin as httpd_config_t * Allow system_cronjob_t to create directories under /tmp * Allow spamass_milter_t to read the overcommit sysctl * Allow unconfined domains the capability2:wake_alarm. * Added ~/DovecotMail to the list of mail_home_rw_t directories * Allow systemd_logind_t to get dpkg_script_t process state and talk to it via dbus * For allow udev_t to read default_t. Still need that udev bug fixed!