[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
rpms/selinux-policy-strict/devel policy-20050706.patch, 1.2, 1.3 selinux-policy-strict.spec, 1.344, 1.345

From: fedora-cvs-commits redhat com
To: fedora-cvs-commits redhat com
Subject: rpms/selinux-policy-strict/devel policy-20050706.patch, 1.2, 1.3 selinux-policy-strict.spec, 1.344, 1.345
Date: Wed, 6 Jul 2005 18:34:11 -0400
Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23814

Modified Files:
	policy-20050706.patch selinux-policy-strict.spec 
Log Message:
* Wed Jul 6 2005 Dan Walsh <dwalsh redhat com> 1.25.1-3
- Add boolean to allow sysadm_t to ptrace


policy-20050706.patch:
 domains/admin.te                     |    5 +++++
 domains/program/getty.te             |    7 +++++++
 domains/program/netutils.te          |    2 ++
 domains/program/passwd.te            |    5 +++++
 domains/program/unused/apache.te     |    1 +
 domains/program/unused/apmd.te       |    7 +++++--
 domains/program/unused/bluetooth.te  |    3 ++-
 domains/program/unused/ciped.te      |    3 +--
 domains/program/unused/cups.te       |    7 +++++--
 domains/program/unused/cyrus.te      |    5 +----
 domains/program/unused/dhcpc.te      |    1 +
 domains/program/unused/dovecot.te    |    1 +
 domains/program/unused/hald.te       |    3 ++-
 domains/program/unused/hotplug.te    |    4 +++-
 domains/program/unused/hwclock.te    |    3 ---
 domains/program/unused/nscd.te       |    1 +
 domains/program/unused/prelink.te    |    3 ---
 domains/program/unused/radvd.te      |    3 ++-
 domains/program/unused/rpcd.te       |    6 +++++-
 domains/program/unused/squid.te      |    3 +++
 domains/program/unused/winbind.te    |   10 ++++++++++
 file_contexts/program/cups.fc        |    2 ++
 file_contexts/program/winbind.fc     |    1 +
 file_contexts/types.fc               |   14 +++++++-------
 macros/admin_macros.te               |    3 ---
 macros/base_user_macros.te           |    4 +---
 macros/global_macros.te              |    1 +
 macros/program/apache_macros.te      |    1 +
 macros/program/chkpwd_macros.te      |    2 ++
 macros/program/dbusd_macros.te       |    2 +-
 macros/program/evolution_macros.te   |    6 ------
 macros/program/games_domain.te       |    3 ---
 macros/program/java_macros.te        |    2 --
 macros/program/mail_client_macros.te |   10 ++++++++--
 macros/program/mozilla_macros.te     |    2 --
 macros/program/mplayer_macros.te     |    2 +-
 macros/program/xserver_macros.te     |    4 ----
 net_contexts                         |    2 ++
 targeted/domains/unconfined.te       |    5 +++++
 tunables/distro.tun                  |    2 +-
 tunables/tunable.tun                 |    4 ++--
 types/network.te                     |    1 -
 42 files changed, 97 insertions(+), 59 deletions(-)

Index: policy-20050706.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050706.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20050706.patch	6 Jul 2005 22:07:57 -0000	1.2
+++ policy-20050706.patch	6 Jul 2005 22:34:05 -0000	1.3
@@ -1,11 +1,11 @@
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.25.1/domains/admin.te
 --- nsapolicy/domains/admin.te	2005-04-27 10:28:48.000000000 -0400
-+++ policy-1.25.1/domains/admin.te	2005-07-06 18:05:44.000000000 -0400
++++ policy-1.25.1/domains/admin.te	2005-07-06 18:32:13.000000000 -0400
 @@ -36,3 +36,8 @@
  typeattribute secadm_tty_device_t admin_tty_type;
  typeattribute secadm_devpts_t admin_tty_type;
  
-+boolean allow_ptrace false;
++bool allow_ptrace false;
 +
 +if (allow_ptrace) {
 +can_ptrace(sysadm_t, domain)
@@ -62,7 +62,7 @@
  if (httpd_can_network_connect) {
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.25.1/domains/program/unused/apmd.te
 --- nsapolicy/domains/program/unused/apmd.te	2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/apmd.te	2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/apmd.te	2005-07-06 18:19:50.000000000 -0400
 @@ -21,7 +21,7 @@
  allow apm_t privfd:fd use;
  allow apm_t admin_tty_type:chr_file rw_file_perms;
@@ -81,6 +81,17 @@
  
  # controlling an orderly resume of PCMCIA requires creating device
  # nodes 254,{0,1,2} for some reason.
+@@ -69,7 +69,10 @@
+ # apmd calls hwclock.sh on suspend and resume
+ allow apmd_t clock_device_t:chr_file r_file_perms;
+ ifdef(`hwclock.te', `
++domain_auto_trans(apmd_t, hwclock_exec_t, hwclock_t)
+ allow apmd_t adjtime_t:file rw_file_perms;
++allow hwclock_t apmd_log_t:file append;
++allow hwclock_t apmd_t:unix_stream_socket { read write };
+ ')
+ 
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.25.1/domains/program/unused/bluetooth.te
 --- nsapolicy/domains/program/unused/bluetooth.te	2005-05-25 11:28:09.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/bluetooth.te	2005-07-06 17:29:15.000000000 -0400
@@ -212,6 +223,19 @@
  allow { insmod_t kernel_t } hotplug_etc_t:dir { search getattr };
 +allow hotplug_t self:netlink_route_socket r_netlink_socket_perms;
 +
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hwclock.te policy-1.25.1/domains/program/unused/hwclock.te
+--- nsapolicy/domains/program/unused/hwclock.te	2005-04-27 10:28:51.000000000 -0400
++++ policy-1.25.1/domains/program/unused/hwclock.te	2005-07-06 18:29:56.000000000 -0400
+@@ -19,9 +19,6 @@
+ role sysadm_r types hwclock_t;
+ domain_auto_trans(sysadm_t, hwclock_exec_t, hwclock_t)
+ type adjtime_t, file_type, sysadmfile;
+-ifdef(`apmd.te', `
+-domain_auto_trans(apmd_t, hwclock_exec_t, hwclock_t)
+-')
+ 
+ allow hwclock_t fs_t:filesystem getattr;
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.25.1/domains/program/unused/nscd.te
 --- nsapolicy/domains/program/unused/nscd.te	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/nscd.te	2005-07-06 17:29:15.000000000 -0400


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.344
retrieving revision 1.345
diff -u -r1.344 -r1.345
--- selinux-policy-strict.spec	6 Jul 2005 22:07:57 -0000	1.344
+++ selinux-policy-strict.spec	6 Jul 2005 22:34:06 -0000	1.345
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.1
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,7 +229,7 @@
 exit 0
 
 %changelog
-* Wed Jul 6 2005 Dan Walsh <dwalsh redhat com> 1.25.1-2
+* Wed Jul 6 2005 Dan Walsh <dwalsh redhat com> 1.25.1-3
 - Add boolean to allow sysadm_t to ptrace
 
 * Wed Jul 6 2005 Dan Walsh <dwalsh redhat com> 1.25.1-1
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]