rpms/selinux-policy-targeted/FC-4 policy-20050706.patch, 1.1, 1.2 selinux-policy-targeted.spec, 1.321, 1.322
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jul 11 16:58:47 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv15161
Modified Files:
policy-20050706.patch selinux-policy-targeted.spec
Log Message:
* Mon Jul 11 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-9
- Bump for FC4
policy-20050706.patch:
domains/admin.te | 5 +++++
domains/program/getty.te | 7 +++++++
domains/program/login.te | 2 +-
domains/program/netutils.te | 2 ++
domains/program/passwd.te | 5 +++++
domains/program/ssh.te | 2 +-
domains/program/tmpreaper.te | 4 ++--
domains/program/unused/apache.te | 1 +
domains/program/unused/apmd.te | 7 +++++--
domains/program/unused/bluetooth.te | 3 ++-
domains/program/unused/cups.te | 8 ++++++--
domains/program/unused/cyrus.te | 5 +----
domains/program/unused/dhcpc.te | 1 +
domains/program/unused/dovecot.te | 1 +
domains/program/unused/ftpd.te | 2 +-
domains/program/unused/hald.te | 3 ++-
domains/program/unused/hotplug.te | 4 +++-
domains/program/unused/hwclock.te | 3 ---
domains/program/unused/iceauth.te | 2 +-
domains/program/unused/nscd.te | 1 +
domains/program/unused/pppd.te | 7 ++++---
domains/program/unused/prelink.te | 7 +------
domains/program/unused/procmail.te | 1 +
domains/program/unused/radvd.te | 3 ++-
domains/program/unused/rpcd.te | 6 +++++-
domains/program/unused/rpm.te | 3 +++
domains/program/unused/samba.te | 34 ++++++++++++++++++++++++++++++++--
domains/program/unused/saslauthd.te | 8 ++++++++
domains/program/unused/squid.te | 3 +++
domains/program/unused/winbind.te | 14 +++++++++++++-
domains/program/unused/xdm.te | 2 +-
file_contexts/program/cups.fc | 2 ++
file_contexts/program/rpcd.fc | 3 ++-
file_contexts/program/samba.fc | 1 +
file_contexts/program/winbind.fc | 1 +
file_contexts/types.fc | 14 +++++++-------
macros/admin_macros.te | 3 ---
macros/base_user_macros.te | 5 ++---
macros/global_macros.te | 1 +
macros/network_macros.te | 7 +++++++
macros/program/apache_macros.te | 5 ++---
macros/program/chkpwd_macros.te | 7 +++++++
macros/program/dbusd_macros.te | 2 +-
macros/program/evolution_macros.te | 6 ------
macros/program/games_domain.te | 3 ---
macros/program/java_macros.te | 2 --
macros/program/mail_client_macros.te | 10 ++++++++--
macros/program/mozilla_macros.te | 2 --
macros/program/mplayer_macros.te | 2 +-
macros/program/xserver_macros.te | 4 ----
net_contexts | 2 ++
targeted/domains/unconfined.te | 5 +++++
tunables/distro.tun | 2 +-
tunables/tunable.tun | 4 ++--
types/network.te | 1 -
55 files changed, 173 insertions(+), 77 deletions(-)
Index: policy-20050706.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/policy-20050706.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050706.patch 7 Jul 2005 19:43:40 -0000 1.1
+++ policy-20050706.patch 11 Jul 2005 16:58:45 -0000 1.2
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.25.1/domains/admin.te
--- nsapolicy/domains/admin.te 2005-04-27 10:28:48.000000000 -0400
-+++ policy-1.25.1/domains/admin.te 2005-07-06 18:32:13.000000000 -0400
++++ policy-1.25.1/domains/admin.te 2005-07-07 21:12:02.000000000 -0400
@@ -36,3 +36,8 @@
typeattribute secadm_tty_device_t admin_tty_type;
typeattribute secadm_devpts_t admin_tty_type;
@@ -12,7 +12,7 @@
+}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.25.1/domains/program/getty.te
--- nsapolicy/domains/program/getty.te 2005-05-02 14:06:54.000000000 -0400
-+++ policy-1.25.1/domains/program/getty.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/getty.te 2005-07-07 21:12:02.000000000 -0400
@@ -52,3 +52,10 @@
# for mgetty
var_run_domain(getty)
@@ -26,7 +26,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.25.1/domains/program/login.te
--- nsapolicy/domains/program/login.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/login.te 2005-07-07 15:31:05.000000000 -0400
++++ policy-1.25.1/domains/program/login.te 2005-07-07 21:12:02.000000000 -0400
@@ -65,7 +65,7 @@
')
@@ -38,7 +38,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/netutils.te policy-1.25.1/domains/program/netutils.te
--- nsapolicy/domains/program/netutils.te 2005-04-27 10:28:49.000000000 -0400
-+++ policy-1.25.1/domains/program/netutils.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/netutils.te 2005-07-07 21:12:02.000000000 -0400
@@ -21,7 +21,9 @@
tmp_domain(netutils)
@@ -51,7 +51,7 @@
allow netutils_t { userdomain init_t }:fd use;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/passwd.te policy-1.25.1/domains/program/passwd.te
--- nsapolicy/domains/program/passwd.te 2005-05-25 11:28:09.000000000 -0400
-+++ policy-1.25.1/domains/program/passwd.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/passwd.te 2005-07-07 21:12:02.000000000 -0400
@@ -149,3 +149,8 @@
allow passwd_t userdomain:process getattr;
@@ -63,7 +63,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.25.1/domains/program/ssh.te
--- nsapolicy/domains/program/ssh.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/ssh.te 2005-07-07 15:30:50.000000000 -0400
++++ policy-1.25.1/domains/program/ssh.te 2005-07-07 21:12:02.000000000 -0400
@@ -73,7 +73,7 @@
allow $1_t port_type:tcp_socket name_connect;
can_kerberos($1_t)
@@ -75,7 +75,7 @@
allow $1_t autofs_t:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/tmpreaper.te policy-1.25.1/domains/program/tmpreaper.te
--- nsapolicy/domains/program/tmpreaper.te 2005-04-27 10:28:49.000000000 -0400
-+++ policy-1.25.1/domains/program/tmpreaper.te 2005-07-07 11:54:03.000000000 -0400
++++ policy-1.25.1/domains/program/tmpreaper.te 2005-07-07 21:12:02.000000000 -0400
@@ -16,8 +16,8 @@
system_crond_entry(tmpreaper_exec_t, tmpreaper_t)
uses_shlib(tmpreaper_t)
@@ -89,7 +89,7 @@
allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.25.1/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/apache.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/apache.te 2005-07-07 21:12:02.000000000 -0400
@@ -114,6 +114,7 @@
can_kerberos(httpd_t)
can_resolve(httpd_t)
@@ -100,7 +100,7 @@
if (httpd_can_network_connect) {
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.25.1/domains/program/unused/apmd.te
--- nsapolicy/domains/program/unused/apmd.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/apmd.te 2005-07-06 18:19:50.000000000 -0400
++++ policy-1.25.1/domains/program/unused/apmd.te 2005-07-07 21:12:02.000000000 -0400
@@ -21,7 +21,7 @@
allow apm_t privfd:fd use;
allow apm_t admin_tty_type:chr_file rw_file_perms;
@@ -132,7 +132,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.25.1/domains/program/unused/bluetooth.te
--- nsapolicy/domains/program/unused/bluetooth.te 2005-05-25 11:28:09.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/bluetooth.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/bluetooth.te 2005-07-07 21:12:02.000000000 -0400
@@ -26,7 +26,8 @@
dbusd_client(system, bluetooth)
allow bluetooth_t system_dbusd_t:dbus send_msg;
@@ -143,22 +143,9 @@
allow bluetooth_t self:unix_dgram_socket create_socket_perms;
allow bluetooth_t self:unix_stream_socket create_stream_socket_perms;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ciped.te policy-1.25.1/domains/program/unused/ciped.te
---- nsapolicy/domains/program/unused/ciped.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/ciped.te 2005-07-06 17:29:15.000000000 -0400
-@@ -5,8 +5,7 @@
- # for SSP
- allow ciped_t urandom_device_t:chr_file read;
-
--# cipe uses the afs3-bos port (udp 7007)
--allow ciped_t afs_bos_port_t:udp_socket name_bind;
-+allow ciped_t cipe_port_t:udp_socket name_bind;
-
- can_network_udp(ciped_t)
- can_ypbind(ciped_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.25.1/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/cups.te 2005-07-07 13:58:28.000000000 -0400
++++ policy-1.25.1/domains/program/unused/cups.te 2005-07-07 21:12:02.000000000 -0400
@@ -77,7 +77,7 @@
allow cupsd_t self:fifo_file rw_file_perms;
@@ -195,7 +182,7 @@
allow cupsd_lpd_t ipp_port_t:tcp_socket name_connect;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.1/domains/program/unused/cyrus.te
--- nsapolicy/domains/program/unused/cyrus.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/cyrus.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/cyrus.te 2005-07-07 21:12:02.000000000 -0400
@@ -26,9 +26,7 @@
read_locale(cyrus_t)
read_sysctl(cyrus_t)
@@ -216,7 +203,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.25.1/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/dhcpc.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/dhcpc.te 2005-07-07 21:12:02.000000000 -0400
@@ -153,6 +153,7 @@
domain_auto_trans(sysadm_t, dhcpc_exec_t, dhcpc_t)
ifdef(`dbusd.te', `
@@ -227,7 +214,7 @@
allow { NetworkManager_t initrc_t } dhcpc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dovecot.te policy-1.25.1/domains/program/unused/dovecot.te
--- nsapolicy/domains/program/unused/dovecot.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/dovecot.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/dovecot.te 2005-07-07 21:12:02.000000000 -0400
@@ -35,6 +35,7 @@
allow dovecot_t urandom_device_t:chr_file { getattr read };
allow dovecot_t cert_t:dir search;
@@ -238,7 +225,7 @@
allow dovecot_t self:fifo_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.25.1/domains/program/unused/ftpd.te
--- nsapolicy/domains/program/unused/ftpd.te 2005-05-25 11:28:09.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/ftpd.te 2005-07-07 15:30:28.000000000 -0400
++++ policy-1.25.1/domains/program/unused/ftpd.te 2005-07-07 21:12:02.000000000 -0400
@@ -69,7 +69,7 @@
tmpfs_domain(ftpd)
@@ -250,7 +237,7 @@
allow ftpd_t wtmp_t:file { getattr append };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.25.1/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2005-05-25 11:28:10.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/hald.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/hald.te 2005-07-07 21:12:02.000000000 -0400
@@ -65,7 +65,8 @@
r_dir_file(hald_t, hotplug_etc_t)
')
@@ -263,7 +250,7 @@
allow hald_t initrc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.25.1/domains/program/unused/hotplug.te
--- nsapolicy/domains/program/unused/hotplug.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/hotplug.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/hotplug.te 2005-07-07 21:12:02.000000000 -0400
@@ -65,7 +65,7 @@
allow hotplug_t etc_t:dir r_dir_perms;
allow hotplug_t etc_t:{ file lnk_file } r_file_perms;
@@ -281,7 +268,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hwclock.te policy-1.25.1/domains/program/unused/hwclock.te
--- nsapolicy/domains/program/unused/hwclock.te 2005-04-27 10:28:51.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/hwclock.te 2005-07-06 18:29:56.000000000 -0400
++++ policy-1.25.1/domains/program/unused/hwclock.te 2005-07-07 21:12:02.000000000 -0400
@@ -19,9 +19,6 @@
role sysadm_r types hwclock_t;
domain_auto_trans(sysadm_t, hwclock_exec_t, hwclock_t)
@@ -294,7 +281,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/iceauth.te policy-1.25.1/domains/program/unused/iceauth.te
--- nsapolicy/domains/program/unused/iceauth.te 2005-07-05 15:25:46.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/iceauth.te 2005-07-07 11:52:45.000000000 -0400
++++ policy-1.25.1/domains/program/unused/iceauth.te 2005-07-07 21:12:02.000000000 -0400
@@ -6,7 +6,7 @@
#
# iceauth_exec_t is the type of the xauth executable.
@@ -306,7 +293,7 @@
# macros/program/iceauth_macros.te.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.25.1/domains/program/unused/nscd.te
--- nsapolicy/domains/program/unused/nscd.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/nscd.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/nscd.te 2005-07-07 21:12:02.000000000 -0400
@@ -75,3 +75,4 @@
allow nscd_t { urandom_device_t random_device_t }:chr_file { getattr read };
log_domain(nscd)
@@ -314,7 +301,7 @@
+allow nscd_t tun_tap_device_t:chr_file { read write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.1/domains/program/unused/pppd.te
--- nsapolicy/domains/program/unused/pppd.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/pppd.te 2005-07-07 07:09:25.000000000 -0400
++++ policy-1.25.1/domains/program/unused/pppd.te 2005-07-07 21:12:02.000000000 -0400
@@ -36,8 +36,7 @@
can_ypbind(pppd_t)
@@ -342,7 +329,7 @@
+dontaudit pppd_t initrc_var_run_t:file { lock write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/prelink.te policy-1.25.1/domains/program/unused/prelink.te
--- nsapolicy/domains/program/unused/prelink.te 2005-04-27 10:28:52.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/prelink.te 2005-07-07 11:52:57.000000000 -0400
++++ policy-1.25.1/domains/program/unused/prelink.te 2005-07-07 21:12:02.000000000 -0400
@@ -11,13 +11,8 @@
#
daemon_base_domain(prelink, `, admin, privowner')
@@ -360,7 +347,7 @@
ifdef(`crond.te', `
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.25.1/domains/program/unused/procmail.te
--- nsapolicy/domains/program/unused/procmail.te 2005-05-25 11:28:10.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/procmail.te 2005-07-07 15:34:31.000000000 -0400
++++ policy-1.25.1/domains/program/unused/procmail.te 2005-07-07 21:12:02.000000000 -0400
@@ -20,6 +20,7 @@
allow procmail_t device_t:dir search;
can_network_server(procmail_t)
@@ -371,7 +358,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.1/domains/program/unused/radvd.te
--- nsapolicy/domains/program/unused/radvd.te 2005-04-27 10:28:52.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/radvd.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/radvd.te 2005-07-07 21:12:02.000000000 -0400
@@ -15,11 +15,12 @@
allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;
@@ -388,7 +375,7 @@
allow radvd_t proc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.25.1/domains/program/unused/rpcd.te
--- nsapolicy/domains/program/unused/rpcd.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/rpcd.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/rpcd.te 2005-07-07 21:12:02.000000000 -0400
@@ -11,7 +11,11 @@
# Rules for the rpcd_t and nfsd_t domain.
#
@@ -412,7 +399,7 @@
can_udp_send(portmap_t, nfsd_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpm.te policy-1.25.1/domains/program/unused/rpm.te
--- nsapolicy/domains/program/unused/rpm.te 2005-04-27 10:28:52.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/rpm.te 2005-07-07 11:53:36.000000000 -0400
++++ policy-1.25.1/domains/program/unused/rpm.te 2005-07-07 21:12:02.000000000 -0400
@@ -253,4 +253,7 @@
typeattribute rpm_script_t auth_write;
unconfined_domain(rpm_script_t)
@@ -423,7 +410,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.25.1/domains/program/unused/samba.te
--- nsapolicy/domains/program/unused/samba.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/samba.te 2005-07-07 15:30:06.000000000 -0400
++++ policy-1.25.1/domains/program/unused/samba.te 2005-07-07 21:12:02.000000000 -0400
@@ -47,6 +47,9 @@
# Use the network.
@@ -476,9 +463,24 @@
+tmp_domain(samba_net)
+dontaudit samba_net_t sysadm_home_dir_t:dir search;
+allow samba_net_t privfd:fd use;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/saslauthd.te policy-1.25.1/domains/program/unused/saslauthd.te
+--- nsapolicy/domains/program/unused/saslauthd.te 2005-05-25 11:28:10.000000000 -0400
++++ policy-1.25.1/domains/program/unused/saslauthd.te 2005-07-08 15:50:42.000000000 -0400
+@@ -21,3 +21,11 @@
+
+ # Needs investigation
+ dontaudit saslauthd_t home_root_t:dir getattr;
++can_network_client_tcp(saslauthd_t)
++allow saslauthd_t pop_port_t:tcp_socket name_connect;
++
++bool allow_saslauthd_read_shadow false;
++
++if (allow_saslauthd_read_shadow) {
++allow saslauthd_t shadow_t:file r_file_perms;
++}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.25.1/domains/program/unused/squid.te
--- nsapolicy/domains/program/unused/squid.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/squid.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/domains/program/unused/squid.te 2005-07-07 21:12:02.000000000 -0400
@@ -78,3 +78,6 @@
#squid requires the following when run in diskd mode, the recommended setting
allow squid_t tmpfs_t:file { read write };
@@ -488,7 +490,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.1/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 2005-05-25 11:28:10.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/winbind.te 2005-07-07 15:29:38.000000000 -0400
++++ policy-1.25.1/domains/program/unused/winbind.te 2005-07-07 21:12:02.000000000 -0400
@@ -22,7 +22,7 @@
type samba_var_t, file_type, sysadmfile;
type samba_secrets_t, file_type, sysadmfile;
@@ -516,7 +518,7 @@
+allow winbind_helper_t privfd:fd use;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.25.1/domains/program/unused/xdm.te
--- nsapolicy/domains/program/unused/xdm.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/xdm.te 2005-07-07 15:29:37.000000000 -0400
++++ policy-1.25.1/domains/program/unused/xdm.te 2005-07-07 21:12:02.000000000 -0400
@@ -69,7 +69,7 @@
#
@@ -528,7 +530,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cups.fc policy-1.25.1/file_contexts/program/cups.fc
--- nsapolicy/file_contexts/program/cups.fc 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/file_contexts/program/cups.fc 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/file_contexts/program/cups.fc 2005-07-07 21:12:02.000000000 -0400
@@ -41,3 +41,5 @@
/usr/share/hplip/hpssd.py -- system_u:object_r:hplip_exec_t
/usr/share/foomatic/db/oldprinterids -- system_u:object_r:cupsd_rw_etc_t
@@ -537,7 +539,7 @@
+/var/run/hp.*\.port -- system_u:object_r:hplip_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rpcd.fc policy-1.25.1/file_contexts/program/rpcd.fc
--- nsapolicy/file_contexts/program/rpcd.fc 2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.25.1/file_contexts/program/rpcd.fc 2005-07-07 08:36:47.000000000 -0400
++++ policy-1.25.1/file_contexts/program/rpcd.fc 2005-07-07 21:12:02.000000000 -0400
@@ -1,6 +1,6 @@
# RPC daemons
/sbin/rpc\..* -- system_u:object_r:rpcd_exec_t
@@ -553,7 +555,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/samba.fc policy-1.25.1/file_contexts/program/samba.fc
--- nsapolicy/file_contexts/program/samba.fc 2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.25.1/file_contexts/program/samba.fc 2005-07-06 18:52:13.000000000 -0400
++++ policy-1.25.1/file_contexts/program/samba.fc 2005-07-07 21:12:02.000000000 -0400
@@ -1,6 +1,7 @@
# samba scripts
/usr/sbin/smbd -- system_u:object_r:smbd_exec_t
@@ -564,7 +566,7 @@
/var/cache/samba(/.*)? system_u:object_r:samba_var_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/winbind.fc policy-1.25.1/file_contexts/program/winbind.fc
--- nsapolicy/file_contexts/program/winbind.fc 2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.25.1/file_contexts/program/winbind.fc 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/file_contexts/program/winbind.fc 2005-07-07 21:12:02.000000000 -0400
@@ -8,3 +8,4 @@
/var/cache/samba(/.*)? system_u:object_r:samba_var_t
')
@@ -572,7 +574,7 @@
+/usr/bin/ntlm_auth -- system_u:object_r:winbind_helper_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.25.1/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/file_contexts/types.fc 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/file_contexts/types.fc 2005-07-07 21:12:02.000000000 -0400
@@ -261,13 +261,13 @@
# /opt
#
@@ -596,7 +598,7 @@
# /etc
diff --exclude-from=exclude -N -u -r nsapolicy/macros/admin_macros.te policy-1.25.1/macros/admin_macros.te
--- nsapolicy/macros/admin_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/admin_macros.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/macros/admin_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -49,9 +49,6 @@
# Allow system log read
allow $1_t kernel_t:system syslog_read;
@@ -609,7 +611,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.25.1/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/base_user_macros.te 2005-07-07 15:34:59.000000000 -0400
++++ policy-1.25.1/macros/base_user_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -63,10 +63,8 @@
allow $1_t self:process execstack;
}
@@ -640,7 +642,7 @@
#
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.25.1/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/global_macros.te 2005-07-06 17:33:15.000000000 -0400
++++ policy-1.25.1/macros/global_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -106,6 +106,7 @@
allow $1 ld_so_t:lnk_file r_file_perms;
allow $1 { texrel_shlib_t shlib_t }:file rx_file_perms;
@@ -651,7 +653,7 @@
allow $1 null_device_t:chr_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/network_macros.te policy-1.25.1/macros/network_macros.te
--- nsapolicy/macros/network_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/network_macros.te 2005-07-07 15:33:57.000000000 -0400
++++ policy-1.25.1/macros/network_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -168,3 +168,10 @@
allow $1 ldap_port_t:tcp_socket name_connect;
')
@@ -665,7 +667,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.25.1/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/apache_macros.te 2005-07-07 06:44:49.000000000 -0400
++++ policy-1.25.1/macros/program/apache_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -78,9 +78,6 @@
allow httpd_$1_script_t { urandom_device_t random_device_t }:chr_file r_file_perms;
@@ -694,7 +696,7 @@
# apache should set close-on-exec
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.1/macros/program/chkpwd_macros.te
--- nsapolicy/macros/program/chkpwd_macros.te 2005-06-01 06:11:23.000000000 -0400
-+++ policy-1.25.1/macros/program/chkpwd_macros.te 2005-07-07 15:32:40.000000000 -0400
++++ policy-1.25.1/macros/program/chkpwd_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -32,9 +32,16 @@
domain_auto_trans(auth_chkpwd, chkpwd_exec_t, system_chkpwd_t)
allow auth_chkpwd sbin_t:dir search;
@@ -714,7 +716,7 @@
allow $1_t sbin_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.25.1/macros/program/dbusd_macros.te
--- nsapolicy/macros/program/dbusd_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/dbusd_macros.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/macros/program/dbusd_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -37,7 +37,7 @@
allow $1_dbusd_t self:unix_dgram_socket create_socket_perms;
@@ -726,7 +728,7 @@
can_getsecurity($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/evolution_macros.te policy-1.25.1/macros/program/evolution_macros.te
--- nsapolicy/macros/program/evolution_macros.te 2005-07-05 15:25:49.000000000 -0400
-+++ policy-1.25.1/macros/program/evolution_macros.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/macros/program/evolution_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -221,12 +221,6 @@
domain_auto_trans($1_evolution_t, spamassassin_exec_t, $1_spamassassin_t)
') dnl spamassasin.te
@@ -742,7 +744,7 @@
#################################
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/games_domain.te policy-1.25.1/macros/program/games_domain.te
--- nsapolicy/macros/program/games_domain.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/games_domain.te 2005-07-06 17:34:46.000000000 -0400
++++ policy-1.25.1/macros/program/games_domain.te 2005-07-07 21:12:02.000000000 -0400
@@ -33,10 +33,7 @@
allow $1_games_t self:process execmem;
}
@@ -756,7 +758,7 @@
allow $1_games_t sound_device_t:chr_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/java_macros.te policy-1.25.1/macros/program/java_macros.te
--- nsapolicy/macros/program/java_macros.te 2005-06-01 06:11:23.000000000 -0400
-+++ policy-1.25.1/macros/program/java_macros.te 2005-07-06 17:32:24.000000000 -0400
++++ policy-1.25.1/macros/program/java_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -52,9 +52,7 @@
can_exec($1_javaplugin_t, java_exec_t)
@@ -769,7 +771,7 @@
}
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mail_client_macros.te policy-1.25.1/macros/program/mail_client_macros.te
--- nsapolicy/macros/program/mail_client_macros.te 2005-07-05 15:25:49.000000000 -0400
-+++ policy-1.25.1/macros/program/mail_client_macros.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/macros/program/mail_client_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -21,8 +21,8 @@
# Allow POP/IMAP/SMTP/NNTP/LDAP/IPP(printing)
@@ -794,7 +796,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.25.1/macros/program/mozilla_macros.te
--- nsapolicy/macros/program/mozilla_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/mozilla_macros.te 2005-07-06 17:31:56.000000000 -0400
++++ policy-1.25.1/macros/program/mozilla_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -133,9 +133,7 @@
if (allow_execmem) {
allow $1_mozilla_t self:process execmem;
@@ -807,7 +809,7 @@
ifdef(`apache.te', `
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mplayer_macros.te policy-1.25.1/macros/program/mplayer_macros.te
--- nsapolicy/macros/program/mplayer_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/mplayer_macros.te 2005-07-06 17:33:44.000000000 -0400
++++ policy-1.25.1/macros/program/mplayer_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -44,8 +44,8 @@
if (allow_execmod) {
@@ -820,7 +822,7 @@
allow $1_$2_t device_t:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xserver_macros.te policy-1.25.1/macros/program/xserver_macros.te
--- nsapolicy/macros/program/xserver_macros.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/macros/program/xserver_macros.te 2005-07-06 17:30:59.000000000 -0400
++++ policy-1.25.1/macros/program/xserver_macros.te 2005-07-07 21:12:02.000000000 -0400
@@ -52,9 +52,7 @@
uses_shlib($1_xserver_t)
@@ -845,7 +847,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.25.1/net_contexts
--- nsapolicy/net_contexts 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/net_contexts 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/net_contexts 2005-07-07 21:12:02.000000000 -0400
@@ -58,6 +58,8 @@
portcon tcp 80 system_u:object_r:http_port_t
@@ -857,7 +859,7 @@
portcon tcp 109 system_u:object_r:pop_port_t
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.25.1/targeted/domains/unconfined.te
--- nsapolicy/targeted/domains/unconfined.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/targeted/domains/unconfined.te 2005-07-06 17:30:17.000000000 -0400
++++ policy-1.25.1/targeted/domains/unconfined.te 2005-07-07 21:12:02.000000000 -0400
@@ -72,3 +72,8 @@
# allow reading of default file context
@@ -869,7 +871,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.25.1/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.25.1/tunables/distro.tun 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/tunables/distro.tun 2005-07-07 21:12:02.000000000 -0400
@@ -5,7 +5,7 @@
# appropriate ifdefs.
@@ -881,7 +883,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.25.1/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2005-05-25 11:28:11.000000000 -0400
-+++ policy-1.25.1/tunables/tunable.tun 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/tunables/tunable.tun 2005-07-07 21:12:02.000000000 -0400
@@ -2,7 +2,7 @@
dnl define(`user_can_mount')
@@ -902,7 +904,7 @@
# Otherwise, only staff_r can do so.
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.25.1/types/network.te
--- nsapolicy/types/network.te 2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/types/network.te 2005-07-06 17:29:15.000000000 -0400
++++ policy-1.25.1/types/network.te 2005-07-07 21:12:02.000000000 -0400
@@ -158,7 +158,6 @@
type snmp_port_t, port_type, reserved_port_type;
type biff_port_t, port_type, reserved_port_type;
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/selinux-policy-targeted.spec,v
retrieving revision 1.321
retrieving revision 1.322
diff -u -r1.321 -r1.322
--- selinux-policy-targeted.spec 7 Jul 2005 19:46:09 -0000 1.321
+++ selinux-policy-targeted.spec 11 Jul 2005 16:58:45 -0000 1.322
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.25.1
-Release: 7
+Release: 9
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -237,6 +237,12 @@
exit 0
%changelog
+* Mon Jul 11 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-9
+- Bump for FC4
+
+* Fri Jul 8 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-8
+- Fix saslauthd policy to allow imapd and shadow.
+
* Thu Jul 7 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-7
- Bump for FC4
More information about the fedora-cvs-commits
mailing list