1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109927: unblock: refpolicy/2:2.20250213-10 (1/2)

    From Russell Coker@21:1/5 to All on Sat Jul 26 14:00:01 2025
    XPost: linux.debian.devel.release

    Package: release.debian.org
    Severity: normal
    User: [email protected]
    Usertags: unblock

    Please unblock package refpolicy

    [ Reason ]
    The main reason for this unblock is to get graphical desktop sessions working under SE Linux. This update fixes the sddm login manager, the GNOME desktop, and some important GNOME applications. The majority of desktop users who use SE Linux will have serious problems without it.

    Also there's a minor fix for Sympa for the new version in Trixie.

    [ Impact ]
    If this isn't granted then most people can't use a graphical session on SE Linux.

    [ Tests ]
    I've done manual tests on all combinations of KDE, GNOME, and Phoc with sddm and gdm3 and they all work.

    [ Risks ]
    This just adds extra access so it's unlikely to break things and there are hardly any changes that affect non-graphical systems.

    [ Checklist ]
    [x] all changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in testing

    unblock refpolicy/2:2.20250213-10

    diff -Nru refpolicy-2.20250213/debian/changelog refpolicy-2.20250213/debian/changelog
    --- refpolicy-2.20250213/debian/changelog 2025-07-06 19:29:50.000000000 +1000
    +++ refpolicy-2.20250213/debian/changelog 2025-07-25 22:36:54.000000000 +1000
    @@ -1,3 +1,29 @@
    +refpolicy (2:2.20250213-10) unstable; urgency=medium
    +
    + * Allow user_bubblewrap_t to transition to user_t via user_home_t and
    + user_bin_t
    + * Fixes for evolution, colord, dbus, wm, and xdm. Now the GNOME desktop
    + is fully functional and sddm works as a graphical login.
    +
    + -- Russell Coker <[email protected]> Fri, 25 Jul 2025 22:36:54 +1000
    +
    +refpolicy (2:2.20250213-9) unstable; urgency=medium
    +
    + * Allow sympa_t to signal itself, create udp sockets, and bind to a generic + node
    + * Fixed labelling for /var/log/opensnitchd.log.* and
    + /var/cache/apt-xapian-index/*
    + * Allow systemd-logind to receive fds from xdm - needed for SDDM to function + * Labelled /usr/bin/efibootmgr as bootloader_exec_t
    + * Labelled /usr/bin/screendump as screen_exec_t
    + * Labelled /usr/sbin/veritysetup as lvm_exec