From: Dominick Grift Date: Thu, 19 May 2022 16:50:16 +0000 (+0200) Subject: selinux-policy: update to version 1.2.3 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=e01b1c22dfb669abb0ad14c83ec9b3e35ff3d15c;p=openwrt%2Fstaging%2Fnbd.git selinux-policy: update to version 1.2.3 86ca9c6 devstatus: prints to terminal 95de949 deal with /rom/dev/console label inconsistencies ab6b6ee uci: hack to deal with potentially mislabeled char files acf9172 dnsmasq this can't be right 021db5b luci-app-tinyproxy cf3a9c4 support/secmark: removes duplicate loopback rules eeb2610 dhcp servers: recv dhcp client packets d5a5fc3 more support/secmark "fixes" 35d8604 update support secmark 4c155c0 packets these were caused by labeling issues with loopback fad35a5 nftables reads routing table f9c5a04 umurmur: kill an mumur instance that does not run as root 10a10c6 mmc stordev make this consistent ab3ec5b Makefile: sort with LC_ALL=C b34eaa5 fwenv rules 8c2960f adds rfkill nodedev and some mmc partitions to stordev 5a9ffe9 rcboot runs fwenv with a transition 9954bf6 dnsmasq in case of tcp ab66468 dnsmasq try this 5bfcb88 dnsmasq stubby not sure why this is happening 863f549 luci not sure why it recv and send server packets d5cddb0 uhttpd sends sigkill luci cgi 44cc04d stubby: it does not maintain anything in there db730b4 Adds stubby ccbcf0e tor simplify network access a308065 tor basic a9c0163 znc loose ends 327a9af acme: allow acme_cleanup.sh to restart znc 4015614 basic znc 7ef14a2 support/secmark: clarify some things 3107afe README: todo qrencode 943035a README and secmark doc 4c90937 ttyd: fix that socket leak again 3239adf dnsmasq icmp packets and fix a tty leak issue b41d38f Makefile: optimize 95d05b1 sandbox dontaudit ttyd leak 0b7d670 rpcd: reads mtu e754bf1 opkg-lists try this 35fb530 opkg-lists: custom 4328754 opkg try to address mislabeled /tmp/opkg-lists 3e2385c rcnftqos 95eae2d ucode c86d366 luci diagnostics e10b443 rpcd packets and wireguard/luci a25e020 igmpproxt packets 0106f00 luci dcef79c nftqos related 3c9bc90 related to nft-qos and luci f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh 29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh 0c5805a some nft-qos 1100b41 adds a label for /tmp/.ujailnoafile e141a83 initscript: i labeled ujail procd.execfile a3b0302 Makefile: adds a default target + packets target 6a3f8ef label usign as opkg and label fwtool and sysupgrade 04d1cc7 sysupgrade: i meant don't do the fc spec 763bec0 sysupgrade: dont do /tmp/sysupgrade.img af2306f adds a failsafe.tmpfile and labels validate_firmware_image 5b15760 fwenv: comment doesnt make sense 370ac3b fwenv: executes shell 67e3fcb fwenv: adds fw_setsys 544d211 adds procd execfile module to label procd related exec files 99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local 4dfd662 label uclient-fetch the same as wget 75d8212 osreleasemiscfile: adds /etc/device_info 0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files) ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox) f790600 adds a libattr.conffile for /etc/xattr.conf fcc028e fwenv: adds fwsys 1255470 xtables: various iptables alternatives a7c4035 Revert "sqm: runs xtables, so also allow nftables" 0d331c3 sqm: runs xtables, so also allow nftables f34076b acme: will run nftables in the near future 6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf d0deea3 fixes dns packets 8399efc Revert "sandbox: see if dontauditing this affects things" 73d716a sandbox: see if dontauditing this affects things b5ee097 sandbox: also allow readinherited dropbear pipes 12ee46b iwinfo traverses /tmp/run/wpa_supplicant 4a4d724 agent.cil: also reads inherited dropbear pipes d48013f support/secmark: i tightened my dns packet policy 645ad9e dns packets redone 4790b25 dnsnetpacket: fix obj macro template d9fafff redo dns packets 0a68498 ttyd: leaks a netlink route socket 1d2e6be .gitattributes: remove todo e1bb954 usbutil: reads bus sysfile symlinks d275a32 support/secmark: clean it up a little af5ce12 Makefile: exclude packet types in default make target 3caacdf support/secmark: document tunable/boolean e3dd3e6 invalidpacketselinuxbool: make it build-time again 54f0ccf odhcpd packet fix 4a864ba contrib/secmark: add a big FAT warning bead937 contrib/secmark: adds note about secmark support 146ae16 netpacket remove test 2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod 070a45f chrony and unbound packets eba894f rawip socket packets cannot be labeled 656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types 35325db adds igmp packet type 5cf444c adds icmp packet type 2e41304 sandbox some more packet access for sandbox net 12caad6 packet accesses b8eb9a8 adds a trunkload of packet types a42a336 move rules related to invalid netpeers and ipsec associations a9e40e0 xtables/nftables allow relabelto all packet types aa5a52c README: adds item to wish list 3a96eec experiment: simple label based packet filtering 26d6f95 nftables reads/writes fw pipes Signed-off-by: Dominick Grift --- diff --git a/package/system/selinux-policy/Makefile b/package/system/selinux-policy/Makefile index 10eff7be57..bcf6b4a3c2 100644 --- a/package/system/selinux-policy/Makefile +++ b/package/system/selinux-policy/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=selinux-policy PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://git.defensec.nl/selinux-policy.git -PKG_VERSION:=1.1 -PKG_MIRROR_HASH:=657ec1ff51ab946753fb3559384511a536ac1e018691f3e49cbab21c55d23e08 +PKG_VERSION:=1.2.3 +PKG_MIRROR_HASH:=ff1ddca168a6631aeac34352657f424bc4acf5d50b8aa7ff8dfa8c9663ba8538 PKG_SOURCE_VERSION:=v$(PKG_VERSION) PKG_BUILD_DEPENDS:=secilc/host policycoreutils/host