[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-strict/devel policy-20050706.patch, 1.5, 1.6 selinux-policy-strict.spec, 1.347, 1.348



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26003

Modified Files:
	policy-20050706.patch selinux-policy-strict.spec 
Log Message:
* Thu Jul 7 2005 Dan Walsh <dwalsh redhat com> 1.25.1-6
- Fixes for winbind


policy-20050706.patch:
 domains/admin.te                     |    5 +++++
 domains/program/getty.te             |    7 +++++++
 domains/program/login.te             |    2 +-
 domains/program/netutils.te          |    2 ++
 domains/program/passwd.te            |    5 +++++
 domains/program/ssh.te               |    2 +-
 domains/program/tmpreaper.te         |    4 ++--
 domains/program/unused/apache.te     |    1 +
 domains/program/unused/apmd.te       |    7 +++++--
 domains/program/unused/bluetooth.te  |    3 ++-
 domains/program/unused/ciped.te      |    3 +--
 domains/program/unused/cups.te       |    8 ++++++--
 domains/program/unused/cyrus.te      |    5 +----
 domains/program/unused/dhcpc.te      |    1 +
 domains/program/unused/dovecot.te    |    1 +
 domains/program/unused/ftpd.te       |    2 +-
 domains/program/unused/hald.te       |    3 ++-
 domains/program/unused/hotplug.te    |    4 +++-
 domains/program/unused/hwclock.te    |    3 ---
 domains/program/unused/iceauth.te    |    2 +-
 domains/program/unused/nscd.te       |    1 +
 domains/program/unused/pppd.te       |    7 ++++---
 domains/program/unused/prelink.te    |    7 +------
 domains/program/unused/procmail.te   |    1 +
 domains/program/unused/radvd.te      |    3 ++-
 domains/program/unused/rpcd.te       |    6 +++++-
 domains/program/unused/rpm.te        |    3 +++
 domains/program/unused/samba.te      |   35 +++++++++++++++++++++++++++++++++--
 domains/program/unused/squid.te      |    3 +++
 domains/program/unused/winbind.te    |   14 +++++++++++++-
 domains/program/unused/xdm.te        |    2 +-
 file_contexts/program/cups.fc        |    2 ++
 file_contexts/program/rpcd.fc        |    3 ++-
 file_contexts/program/samba.fc       |    1 +
 file_contexts/program/winbind.fc     |    1 +
 file_contexts/types.fc               |   14 +++++++-------
 macros/admin_macros.te               |    3 ---
 macros/base_user_macros.te           |    5 ++---
 macros/global_macros.te              |    1 +
 macros/network_macros.te             |    7 +++++++
 macros/program/apache_macros.te      |    5 ++---
 macros/program/chkpwd_macros.te      |    7 +++++++
 macros/program/dbusd_macros.te       |    2 +-
 macros/program/evolution_macros.te   |    6 ------
 macros/program/games_domain.te       |    3 ---
 macros/program/java_macros.te        |    2 --
 macros/program/mail_client_macros.te |   10 ++++++++--
 macros/program/mozilla_macros.te     |    2 --
 macros/program/mplayer_macros.te     |    2 +-
 macros/program/xserver_macros.te     |    4 ----
 net_contexts                         |    2 ++
 targeted/domains/unconfined.te       |    5 +++++
 tunables/distro.tun                  |    2 +-
 tunables/tunable.tun                 |    4 ++--
 types/network.te                     |    1 -
 55 files changed, 167 insertions(+), 79 deletions(-)

Index: policy-20050706.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050706.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20050706.patch	7 Jul 2005 12:38:27 -0000	1.5
+++ policy-20050706.patch	7 Jul 2005 19:37:31 -0000	1.6
@@ -24,6 +24,18 @@
 +ifdef(`pppd.te', `
 +domain_auto_trans(getty_t, pppd_exec_t, pppd_t)
 +')
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.25.1/domains/program/login.te
+--- nsapolicy/domains/program/login.te	2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.1/domains/program/login.te	2005-07-07 15:31:05.000000000 -0400
+@@ -65,7 +65,7 @@
+ ')
+ 
+ # Use capabilities
+-allow $1_login_t self:capability { audit_control dac_override chown fowner fsetid kill setgid setuid net_bind_service sys_nice sys_resource sys_tty_config };
++allow $1_login_t self:capability { dac_override chown fowner fsetid kill setgid setuid net_bind_service sys_nice sys_resource sys_tty_config };
+ allow $1_login_t self:process setrlimit;
+ dontaudit $1_login_t sysfs_t:dir search;
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/netutils.te policy-1.25.1/domains/program/netutils.te
 --- nsapolicy/domains/program/netutils.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.25.1/domains/program/netutils.te	2005-07-06 17:29:15.000000000 -0400
@@ -49,6 +61,32 @@
 +role system_r types sysadm_passwd_t;
 +allow sysadm_passwd_t devpts_t:chr_file { read write };
 +')
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.25.1/domains/program/ssh.te
+--- nsapolicy/domains/program/ssh.te	2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.1/domains/program/ssh.te	2005-07-07 15:30:50.000000000 -0400
+@@ -73,7 +73,7 @@
+ allow $1_t port_type:tcp_socket name_connect;
+ can_kerberos($1_t)
+ 
+-allow $1_t self:capability { audit_control kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
++allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
+ allow $1_t { home_root_t home_dir_type }:dir { search getattr };
+ if (use_nfs_home_dirs) {
+ allow $1_t autofs_t:dir { search getattr };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/tmpreaper.te policy-1.25.1/domains/program/tmpreaper.te
+--- nsapolicy/domains/program/tmpreaper.te	2005-04-27 10:28:49.000000000 -0400
++++ policy-1.25.1/domains/program/tmpreaper.te	2005-07-07 11:54:03.000000000 -0400
+@@ -16,8 +16,8 @@
+ system_crond_entry(tmpreaper_exec_t, tmpreaper_t)
+ uses_shlib(tmpreaper_t)
+ # why does it need setattr?
+-allow tmpreaper_t tmpfile:dir { setattr rw_dir_perms rmdir };
+-allow tmpreaper_t tmpfile:notdevfile_class_set { getattr unlink };
++allow tmpreaper_t { man_t tmpfile }:dir { setattr rw_dir_perms rmdir };
++allow tmpreaper_t { man_t tmpfile }:notdevfile_class_set { getattr unlink };
+ allow tmpreaper_t { home_type file_t }:notdevfile_class_set { getattr unlink };
+ allow tmpreaper_t self:process { fork sigchld };
+ allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.25.1/domains/program/unused/apache.te
 --- nsapolicy/domains/program/unused/apache.te	2005-07-06 17:15:06.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/apache.te	2005-07-06 17:29:15.000000000 -0400
@@ -120,7 +158,7 @@
  can_ypbind(ciped_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.25.1/domains/program/unused/cups.te
 --- nsapolicy/domains/program/unused/cups.te	2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/cups.te	2005-07-06 17:48:40.000000000 -0400
++++ policy-1.25.1/domains/program/unused/cups.te	2005-07-07 13:58:28.000000000 -0400
 @@ -77,7 +77,7 @@
  allow cupsd_t self:fifo_file rw_file_perms;
  
@@ -149,6 +187,12 @@
  allow hplip_t printer_device_t:chr_file rw_file_perms;
  allow cupsd_t hplip_var_run_t:file { read getattr };
  allow hplip_t cupsd_etc_t:dir search;
+@@ -305,4 +308,5 @@
+ inetd_child_domain(cupsd_lpd)
+ allow inetd_t printer_port_t:tcp_socket name_bind;
+ r_dir_file(cupsd_lpd_t, cupsd_etc_t)
++r_dir_file(cupsd_lpd_t, cupsd_rw_etc_t)
+ allow cupsd_lpd_t ipp_port_t:tcp_socket name_connect;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.1/domains/program/unused/cyrus.te
 --- nsapolicy/domains/program/unused/cyrus.te	2005-07-06 17:15:06.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/cyrus.te	2005-07-06 17:29:15.000000000 -0400
@@ -192,6 +236,18 @@
  
  allow dovecot_t { self proc_t }:file { getattr read };
  allow dovecot_t self:fifo_file rw_file_perms;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.25.1/domains/program/unused/ftpd.te
+--- nsapolicy/domains/program/unused/ftpd.te	2005-05-25 11:28:09.000000000 -0400
++++ policy-1.25.1/domains/program/unused/ftpd.te	2005-07-07 15:30:28.000000000 -0400
+@@ -69,7 +69,7 @@
+ tmpfs_domain(ftpd)
+ 
+ # Use capabilities.
+-allow ftpd_t self:capability { chown fowner fsetid setgid setuid net_bind_service sys_chroot sys_nice sys_resource audit_control };
++allow ftpd_t self:capability { chown fowner fsetid setgid setuid net_bind_service sys_chroot sys_nice sys_resource };
+ 
+ # Append to /var/log/wtmp.
+ allow ftpd_t wtmp_t:file { getattr append };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.25.1/domains/program/unused/hald.te
 --- nsapolicy/domains/program/unused/hald.te	2005-05-25 11:28:10.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/hald.te	2005-07-06 17:29:15.000000000 -0400
@@ -236,6 +292,18 @@
  
  allow hwclock_t fs_t:filesystem getattr;
  
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/iceauth.te policy-1.25.1/domains/program/unused/iceauth.te
+--- nsapolicy/domains/program/unused/iceauth.te	2005-07-05 15:25:46.000000000 -0400
++++ policy-1.25.1/domains/program/unused/iceauth.te	2005-07-07 11:52:45.000000000 -0400
+@@ -6,7 +6,7 @@
+ #
+ # iceauth_exec_t is the type of the xauth executable.
+ #
+-type iceauth_exec_t, file_type, sysadmfile;
++type iceauth_exec_t, file_type, exec_type, sysadmfile;
+ 
+ # Everything else is in the iceauth_domain macro in
+ # macros/program/iceauth_macros.te.
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.25.1/domains/program/unused/nscd.te
 --- nsapolicy/domains/program/unused/nscd.te	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/nscd.te	2005-07-06 17:29:15.000000000 -0400
@@ -274,18 +342,33 @@
 +dontaudit pppd_t initrc_var_run_t:file { lock write };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/prelink.te policy-1.25.1/domains/program/unused/prelink.te
 --- nsapolicy/domains/program/unused/prelink.te	2005-04-27 10:28:52.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/prelink.te	2005-07-06 17:34:19.000000000 -0400
-@@ -14,10 +14,7 @@
- if (allow_execmem) {
- allow prelink_t self:process execmem;
- }
++++ policy-1.25.1/domains/program/unused/prelink.te	2005-07-07 11:52:57.000000000 -0400
+@@ -11,13 +11,8 @@
+ #
+ daemon_base_domain(prelink, `, admin, privowner')
+ 
+-if (allow_execmem) {
+-allow prelink_t self:process execmem;
+-}
 -if (allow_execmod) {
++allow prelink_t self:process { execheap execmem execstack };
  allow prelink_t texrel_shlib_t:file execmod;
 -}
 -
  allow prelink_t fs_t:filesystem getattr;
  
  ifdef(`crond.te', `
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.25.1/domains/program/unused/procmail.te
+--- nsapolicy/domains/program/unused/procmail.te	2005-05-25 11:28:10.000000000 -0400
++++ policy-1.25.1/domains/program/unused/procmail.te	2005-07-07 15:34:31.000000000 -0400
+@@ -20,6 +20,7 @@
+ allow procmail_t device_t:dir search;
+ can_network_server(procmail_t)
+ can_ypbind(procmail_t)
++can_winbind(procmail_t)
+ 
+ allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.1/domains/program/unused/radvd.te
 --- nsapolicy/domains/program/unused/radvd.te	2005-04-27 10:28:52.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/radvd.te	2005-07-06 17:29:15.000000000 -0400
@@ -327,19 +410,31 @@
  
  can_udp_send(nfsd_t, portmap_t)
  can_udp_send(portmap_t, nfsd_t)
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpm.te policy-1.25.1/domains/program/unused/rpm.te
+--- nsapolicy/domains/program/unused/rpm.te	2005-04-27 10:28:52.000000000 -0400
++++ policy-1.25.1/domains/program/unused/rpm.te	2005-07-07 11:53:36.000000000 -0400
+@@ -253,4 +253,7 @@
+ typeattribute rpm_script_t auth_write;
+ unconfined_domain(rpm_script_t)
+ ')
++if (allow_execmem) {
++allow rpm_script_t self:process execmem;
++}
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.25.1/domains/program/unused/samba.te
 --- nsapolicy/domains/program/unused/samba.te	2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/samba.te	2005-07-07 06:25:59.000000000 -0400
-@@ -47,6 +47,8 @@
++++ policy-1.25.1/domains/program/unused/samba.te	2005-07-07 15:30:06.000000000 -0400
+@@ -47,6 +47,9 @@
  
  # Use the network.
  can_network(smbd_t)
 +can_ldap(smbd_t)
 +can_kerberos(smbd_t)
++can_winbind(smbd_t)
  allow smbd_t ipp_port_t:tcp_socket name_connect;
  
  allow smbd_t urandom_device_t:chr_file { getattr read };
-@@ -61,8 +63,10 @@
+@@ -61,8 +64,10 @@
  
  # Permissions for Samba cache files in /var/cache/samba and /var/lib/samba
  allow smbd_t var_lib_t:dir search;
@@ -352,12 +447,12 @@
  
  # Permissions to write log files.
  allow smbd_t samba_log_t:file { create ra_file_perms };
-@@ -182,3 +186,28 @@
+@@ -182,3 +187,29 @@
  allow smbmount_t userdomain:fd use;
  allow smbmount_t local_login_t:fd use;
  ')
 +# Derive from app. domain. Transition from mount.
-+application_domain(samba_net, `, nscd_client_domain, privfd')
++application_domain(samba_net, `, nscd_client_domain')
 +file_type_auto_trans(samba_net_t, samba_etc_t, samba_secrets_t, file)
 +read_locale(samba_net_t) 
 +allow samba_net_t samba_etc_t:file r_file_perms;
@@ -381,6 +476,7 @@
 +allow samba_net_t self:process signal;
 +tmp_domain(samba_net)
 +dontaudit samba_net_t sysadm_home_dir_t:dir search;
++allow samba_net_t privfd:fd use;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.25.1/domains/program/unused/squid.te
 --- nsapolicy/domains/program/unused/squid.te	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/squid.te	2005-07-06 17:29:15.000000000 -0400
@@ -393,31 +489,44 @@
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.1/domains/program/unused/winbind.te
 --- nsapolicy/domains/program/unused/winbind.te	2005-05-25 11:28:10.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/winbind.te	2005-07-06 19:23:53.000000000 -0400
-@@ -21,8 +21,11 @@
- type samba_log_t, file_type, sysadmfile, logfile;
++++ policy-1.25.1/domains/program/unused/winbind.te	2005-07-07 15:29:38.000000000 -0400
+@@ -22,7 +22,7 @@
  type samba_var_t, file_type, sysadmfile;
  type samba_secrets_t, file_type, sysadmfile;
-+allow smbd_t winbind_t:unix_stream_socket connectto;
-+allow smbd_t winbind_var_run_t:dir r_dir_perms;
-+allow smbd_t winbind_var_run_t:sock_file getattr;
  ')
 -rw_dir_file(winbind_t, samba_etc_t)
 +file_type_auto_trans(winbind_t, samba_etc_t, samba_secrets_t, file)
  rw_dir_create_file(winbind_t, samba_log_t)
  allow winbind_t samba_secrets_t:file rw_file_perms;
  allow winbind_t self:unix_dgram_socket create_socket_perms;
-@@ -33,3 +36,10 @@
+@@ -33,3 +33,15 @@
  can_kerberos(winbind_t)
  allow winbind_t self:netlink_route_socket r_netlink_socket_perms;
  allow winbind_t winbind_var_run_t:sock_file create_file_perms;
++allow initrc_t winbind_var_run_t:file r_file_perms;
 +
 +application_domain(winbind_helper, `, nscd_client_domain')
 +access_terminal(winbind_helper_t, sysadm)
 +read_locale(winbind_helper_t) 
 +r_dir_file(winbind_helper_t, samba_etc_t)
++r_dir_file(winbind_t, samba_etc_t)
 +allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
++allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
 +allow winbind_helper_t winbind_var_run_t:dir r_dir_perms;
++can_winbind(winbind_helper_t)
++allow winbind_helper_t privfd:fd use;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.25.1/domains/program/unused/xdm.te
+--- nsapolicy/domains/program/unused/xdm.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.1/domains/program/unused/xdm.te	2005-07-07 15:29:37.000000000 -0400
+@@ -69,7 +69,7 @@
+ 
+ #
+ # Use capabilities.
+-allow xdm_t self:capability { audit_control setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner };
++allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner };
+ 
+ allow xdm_t { urandom_device_t random_device_t }:chr_file { getattr read ioctl };
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cups.fc policy-1.25.1/file_contexts/program/cups.fc
 --- nsapolicy/file_contexts/program/cups.fc	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.1/file_contexts/program/cups.fc	2005-07-06 17:29:15.000000000 -0400
@@ -501,7 +610,7 @@
  
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.25.1/macros/base_user_macros.te
 --- nsapolicy/macros/base_user_macros.te	2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/base_user_macros.te	2005-07-06 17:35:02.000000000 -0400
++++ policy-1.25.1/macros/base_user_macros.te	2005-07-07 15:34:59.000000000 -0400
 @@ -63,10 +63,8 @@
  allow $1_t self:process execstack;
  }
@@ -513,7 +622,15 @@
  
  #
  # kdeinit wants this access
-@@ -349,7 +347,7 @@
+@@ -244,6 +242,7 @@
+ can_network($1_t)
+ allow $1_t port_type:tcp_socket name_connect;
+ can_ypbind($1_t)
++can_winbind($1_t)
+ 
+ ifdef(`pamconsole.te', `
+ allow $1_t pam_var_console_t:dir search;
+@@ -349,7 +348,7 @@
  allow $1_t devtty_t:chr_file rw_file_perms;
  allow $1_t null_device_t:chr_file rw_file_perms;
  allow $1_t zero_device_t:chr_file { rw_file_perms execute };
@@ -533,6 +650,20 @@
  allow $1 ld_so_cache_t:file r_file_perms;
  allow $1 device_t:dir search;
  allow $1 null_device_t:chr_file rw_file_perms;
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/network_macros.te policy-1.25.1/macros/network_macros.te
+--- nsapolicy/macros/network_macros.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.1/macros/network_macros.te	2005-07-07 15:33:57.000000000 -0400
+@@ -168,3 +168,10 @@
+ allow $1 ldap_port_t:tcp_socket name_connect;
+ ')
+ 
++define(`can_winbind',`
++ifdef(`winbind.te', `
++allow $1 winbind_var_run_t:dir { getattr search };
++allow $1 winbind_t:unix_stream_socket connectto;
++allow $1 winbind_var_run_t:sock_file { getattr read write };
++')
++')
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.25.1/macros/program/apache_macros.te
 --- nsapolicy/macros/program/apache_macros.te	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.1/macros/program/apache_macros.te	2005-07-07 06:44:49.000000000 -0400
@@ -564,12 +695,12 @@
  # apache should set close-on-exec
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.1/macros/program/chkpwd_macros.te
 --- nsapolicy/macros/program/chkpwd_macros.te	2005-06-01 06:11:23.000000000 -0400
-+++ policy-1.25.1/macros/program/chkpwd_macros.te	2005-07-06 19:35:03.000000000 -0400
++++ policy-1.25.1/macros/program/chkpwd_macros.te	2005-07-07 15:32:40.000000000 -0400
 @@ -32,9 +32,16 @@
  domain_auto_trans(auth_chkpwd, chkpwd_exec_t, system_chkpwd_t)
  allow auth_chkpwd sbin_t:dir search;
  allow auth_chkpwd self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+allow auth_chkpwd self:capability audit_write;
++allow auth_chkpwd self:capability { audit_write audit_control };
 +
  dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
  dontaudit auth_chkpwd shadow_t:file { getattr read };


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.347
retrieving revision 1.348
diff -u -r1.347 -r1.348
--- selinux-policy-strict.spec	7 Jul 2005 12:38:27 -0000	1.347
+++ selinux-policy-strict.spec	7 Jul 2005 19:37:31 -0000	1.348
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.1
-Release: 5
+Release: 6
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,6 +229,9 @@
 exit 0
 
 %changelog
+* Thu Jul 7 2005 Dan Walsh <dwalsh redhat com> 1.25.1-6
+- Fixes for winbind
+
 * Thu Jul 7 2005 Dan Walsh <dwalsh redhat com> 1.25.1-5
 - Allow cgi script to append to httpd_log_t
 - More fixes for samba net command


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]