[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-targeted/devel policy-20050712.patch, 1.1, 1.2 selinux-policy-targeted.spec, 1.345, 1.346



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv19076

Modified Files:
	policy-20050712.patch selinux-policy-targeted.spec 
Log Message:
* Wed Jul 13 2005 Dan Walsh <dwalsh redhat com> 1.25.2-2
- Allow klogin to read keytab file.
- Allow cvs to send mail


policy-20050712.patch:
 assert.te                           |    2 +-
 attrib.te                           |    4 ++++
 domains/program/ifconfig.te         |    1 +
 domains/program/unused/cvs.te       |    2 ++
 domains/program/unused/pppd.te      |    8 ++++++++
 domains/program/unused/radvd.te     |    6 +++---
 domains/program/unused/rlogind.te   |    1 +
 domains/program/unused/rpcd.te      |    7 ++++---
 domains/program/unused/saslauthd.te |   10 +++++++++-
 domains/program/unused/winbind.te   |    1 +
 file_contexts/program/apache.fc     |    2 ++
 file_contexts/program/i18n_input.fc |    2 +-
 macros/program/chkpwd_macros.te     |    3 +++
 targeted/domains/program/crond.te   |    9 ++++++---
 tunables/distro.tun                 |    2 +-
 tunables/tunable.tun                |    4 ++--
 16 files changed, 49 insertions(+), 15 deletions(-)

Index: policy-20050712.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050712.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050712.patch	12 Jul 2005 19:17:42 -0000	1.1
+++ policy-20050712.patch	13 Jul 2005 11:01:11 -0000	1.2
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicy/assert.te policy-1.25.1/assert.te
+diff --exclude-from=exclude -N -u -r nsapolicy/assert.te policy-1.25.2/assert.te
 --- nsapolicy/assert.te	2005-05-25 11:28:09.000000000 -0400
-+++ policy-1.25.1/assert.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/assert.te	2005-07-12 16:12:07.000000000 -0400
 @@ -41,7 +41,7 @@
  
  #
@@ -10,9 +10,9 @@
  neverallow { domain -auth_write -unrestricted } shadow_t:file ~r_file_perms;
  
  #
-diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.25.1/attrib.te
+diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.25.2/attrib.te
 --- nsapolicy/attrib.te	2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/attrib.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/attrib.te	2005-07-12 16:12:07.000000000 -0400
 @@ -141,6 +141,10 @@
  # to read /etc/shadow, and grants the permission.
  attribute auth;
@@ -24,9 +24,9 @@
  # The auth_write attribute identifies every domain that can have write or
  # relabel access to /etc/shadow, but does not grant it.
  attribute auth_write;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.25.1/domains/program/ifconfig.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.25.2/domains/program/ifconfig.te
 --- nsapolicy/domains/program/ifconfig.te	2005-05-07 00:41:08.000000000 -0400
-+++ policy-1.25.1/domains/program/ifconfig.te	2005-07-11 14:36:20.000000000 -0400
++++ policy-1.25.2/domains/program/ifconfig.te	2005-07-12 16:12:07.000000000 -0400
 @@ -26,6 +26,7 @@
  ')
  
@@ -35,9 +35,18 @@
  allow ifconfig_t self:netlink_route_socket rw_netlink_socket_perms;
  allow ifconfig_t self:tcp_socket { create ioctl };
  allow ifconfig_t etc_t:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.1/domains/program/unused/pppd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cvs.te policy-1.25.2/domains/program/unused/cvs.te
+--- nsapolicy/domains/program/unused/cvs.te	2005-04-27 10:28:50.000000000 -0400
++++ policy-1.25.2/domains/program/unused/cvs.te	2005-07-13 06:22:19.000000000 -0400
+@@ -14,3 +14,5 @@
+ inetd_child_domain(cvs, tcp)
+ type cvs_data_t, file_type, sysadmfile;
+ create_dir_file(cvs_t, cvs_data_t)
++typeattribute cvs_t privmail;
++
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.2/domains/program/unused/pppd.te
 --- nsapolicy/domains/program/unused/pppd.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/pppd.te	2005-07-12 06:05:04.000000000 -0400
++++ policy-1.25.2/domains/program/unused/pppd.te	2005-07-12 16:12:07.000000000 -0400
 @@ -102,3 +102,11 @@
  allow pppd_t self:netlink_route_socket r_netlink_socket_perms;
  allow pppd_t initrc_var_run_t:file r_file_perms;
@@ -50,9 +59,9 @@
 +domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
 +')
 +}
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.1/domains/program/unused/radvd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.2/domains/program/unused/radvd.te
 --- nsapolicy/domains/program/unused/radvd.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/radvd.te	2005-07-12 06:12:53.000000000 -0400
++++ policy-1.25.2/domains/program/unused/radvd.te	2005-07-12 16:12:07.000000000 -0400
 @@ -15,15 +15,15 @@
  
  allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;
@@ -72,9 +81,17 @@
  allow radvd_t etc_t:lnk_file read;
  
  allow radvd_t sysctl_net_t:file r_file_perms;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.25.1/domains/program/unused/rpcd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rlogind.te policy-1.25.2/domains/program/unused/rlogind.te
+--- nsapolicy/domains/program/unused/rlogind.te	2005-04-27 10:28:52.000000000 -0400
++++ policy-1.25.2/domains/program/unused/rlogind.te	2005-07-13 06:35:16.000000000 -0400
+@@ -35,3 +35,4 @@
+ allow rlogind_t default_t:dir search;
+ typealias rlogind_port_t alias rlogin_port_t;
+ read_sysctl(rlogind_t);
++allow rlogind_t krb5_keytab_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.25.2/domains/program/unused/rpcd.te
 --- nsapolicy/domains/program/unused/rpcd.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/rpcd.te	2005-07-12 06:09:33.000000000 -0400
++++ policy-1.25.2/domains/program/unused/rpcd.te	2005-07-12 16:12:07.000000000 -0400
 @@ -93,7 +93,8 @@
  bool nfs_export_all_rw false;
  
@@ -96,9 +113,9 @@
  }
  
  allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir r_dir_perms;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/saslauthd.te policy-1.25.1/domains/program/unused/saslauthd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/saslauthd.te policy-1.25.2/domains/program/unused/saslauthd.te
 --- nsapolicy/domains/program/unused/saslauthd.te	2005-05-25 11:28:10.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/saslauthd.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/domains/program/unused/saslauthd.te	2005-07-12 16:12:07.000000000 -0400
 @@ -3,7 +3,7 @@
  # Author: Colin Walters <walters verbum org>
  #
@@ -120,9 +137,9 @@
 +if (allow_saslauthd_read_shadow) {
 +allow saslauthd_t shadow_t:file r_file_perms;
 +}
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.1/domains/program/unused/winbind.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.2/domains/program/unused/winbind.te
 --- nsapolicy/domains/program/unused/winbind.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/winbind.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/domains/program/unused/winbind.te	2005-07-12 16:12:07.000000000 -0400
 @@ -10,6 +10,7 @@
  
  daemon_domain(winbind, `, privhome, auth_chkpwd, nscd_client_domain')
@@ -131,18 +148,18 @@
  allow winbind_t etc_t:file r_file_perms;
  allow winbind_t etc_t:lnk_file read;
  can_network(winbind_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.25.1/file_contexts/program/apache.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.25.2/file_contexts/program/apache.fc
 --- nsapolicy/file_contexts/program/apache.fc	2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.1/file_contexts/program/apache.fc	2005-07-12 06:21:24.000000000 -0400
++++ policy-1.25.2/file_contexts/program/apache.fc	2005-07-12 16:12:07.000000000 -0400
 @@ -50,3 +50,5 @@
  ifdef(`targeted_policy', `', `
  /var/spool/cron/apache		-- 	system_u:object_r:user_cron_spool_t
  ')
 +/usr/sbin/apachectl		-- 	system_u:object_r:initrc_exec_t
 +
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/i18n_input.fc policy-1.25.1/file_contexts/program/i18n_input.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/i18n_input.fc policy-1.25.2/file_contexts/program/i18n_input.fc
 --- nsapolicy/file_contexts/program/i18n_input.fc	2005-05-02 14:06:56.000000000 -0400
-+++ policy-1.25.1/file_contexts/program/i18n_input.fc	2005-07-11 14:29:05.000000000 -0400
++++ policy-1.25.2/file_contexts/program/i18n_input.fc	2005-07-12 16:12:07.000000000 -0400
 @@ -1,7 +1,7 @@
  # i18n_input.fc
  /usr/sbin/htt                   --     system_u:object_r:i18n_input_exec_t
@@ -152,9 +169,9 @@
  /usr/bin/httx                   --     system_u:object_r:i18n_input_exec_t
  /usr/bin/htt_xbe                --     system_u:object_r:i18n_input_exec_t
  /usr/bin/iiimx                  --     system_u:object_r:i18n_input_exec_t
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.1/macros/program/chkpwd_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.2/macros/program/chkpwd_macros.te
 --- nsapolicy/macros/program/chkpwd_macros.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.1/macros/program/chkpwd_macros.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/macros/program/chkpwd_macros.te	2005-07-12 16:12:07.000000000 -0400
 @@ -42,6 +42,9 @@
  ifdef(`winbind.te', `
  r_dir_file(auth_chkpwd, winbind_var_run_t)
@@ -165,9 +182,9 @@
  ', `
  domain_auto_trans($1_t, chkpwd_exec_t, $1_chkpwd_t)
  allow $1_t sbin_t:dir search;
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.25.1/targeted/domains/program/crond.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.25.2/targeted/domains/program/crond.te
 --- nsapolicy/targeted/domains/program/crond.te	2005-06-29 16:36:19.000000000 -0400
-+++ policy-1.25.1/targeted/domains/program/crond.te	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/targeted/domains/program/crond.te	2005-07-12 16:12:07.000000000 -0400
 @@ -11,7 +11,7 @@
  # This domain is defined just for targeted policy.
  #
@@ -194,9 +211,9 @@
  allow crond_t unconfined_t:process transition;
 -var_run_domain(crond)
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.25.1/tunables/distro.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.25.2/tunables/distro.tun
 --- nsapolicy/tunables/distro.tun	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.25.1/tunables/distro.tun	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/tunables/distro.tun	2005-07-12 16:12:07.000000000 -0400
 @@ -5,7 +5,7 @@
  # appropriate ifdefs.
  
@@ -206,9 +223,9 @@
  
  dnl define(`distro_suse')
  
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.25.1/tunables/tunable.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.25.2/tunables/tunable.tun
 --- nsapolicy/tunables/tunable.tun	2005-05-25 11:28:11.000000000 -0400
-+++ policy-1.25.1/tunables/tunable.tun	2005-07-11 14:28:39.000000000 -0400
++++ policy-1.25.2/tunables/tunable.tun	2005-07-12 16:12:07.000000000 -0400
 @@ -2,7 +2,7 @@
  dnl define(`user_can_mount')
  


Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.345
retrieving revision 1.346
diff -u -r1.345 -r1.346
--- selinux-policy-targeted.spec	12 Jul 2005 19:17:42 -0000	1.345
+++ selinux-policy-targeted.spec	13 Jul 2005 11:01:11 -0000	1.346
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.2
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -53,7 +53,7 @@
 mv domains/misc/unused/kernel.te domains/misc/
 mv domains/program/*.te domains/program/unused/
 rm domains/*.te
-for i in acct.te anaconda.te amanda.te apache.te apmd.te arpwatch.te auditd.te bluetooth.te checkpolicy.te canna.te cardmgr.te chkpwd.te comsat.te consoletype.te cpucontrol.te cpuspeed.te cups.te cvs.te cyrus.te dbskkd.te dmidecode.te dbusd.te dhcpc.te dhcpd.te dictd.te dovecot.te fingerd.te firstboot.te fsadm.te ftpd.te getty.te hald.te hostname.te hotplug.te howl.te hwclock.te kudzu.te i18n_input.te ifconfig.te init.te initrc.te inetd.te innd.te kerberos.te klogd.te ktalkd.te ldconfig.te load_policy.te login.te lpd.te mailman.te modutil.te mta.te mysqld.te named.te netutils.te NetworkManager.te nscd.te ntpd.te passwd.te ping.te portmap.te postgresql.te pppd.te privoxy.te radius.te radvd.te restorecon.te rlogind.te rpcd.te rshd.te rsync.te saslauthd.te samba.te setfiles.te slapd.te snmpd.te squid.te stunnel.te syslogd.te telnetd.te tftpd.te udev.te updfstab.te uucpd.te webalizer.te winbind.te ypbind.te ypserv.te zebra.te; do
+for i in acct.te anaconda.te amanda.te apache.te apmd.te arpwatch.te auditd.te bluetooth.te checkpolicy.te canna.te cardmgr.te chkpwd.te comsat.te consoletype.te cpucontrol.te cpuspeed.te cups.te cvs.te cyrus.te dbskkd.te dmidecode.te dbusd.te dhcpc.te dhcpd.te dictd.te dovecot.te fingerd.te firstboot.te fsadm.te ftpd.te getty.te hald.te hostname.te hotplug.te howl.te hwclock.te kudzu.te i18n_input.te ifconfig.te init.te initrc.te inetd.te innd.te kerberos.te klogd.te ktalkd.te ldconfig.te load_policy.te login.te lpd.te mailman.te modutil.te mta.te mysqld.te named.te netutils.te NetworkManager.te nscd.te ntpd.te passwd.te ping.te portmap.te postgresql.te pppd.te privoxy.te radius.te radvd.te restorecon.te rpcd.te rsync.te saslauthd.te samba.te setfiles.te slapd.te snmpd.te squid.te stunnel.te syslogd.te telnetd.te tftpd.te udev.te updfstab.te uucpd.te webalizer.te winbind.te ypbind.te ypserv.te zebra.te; do
 mv domains/program/unused/$i domains/program/ 
 done 
 rm -rf domains/program/unused 
@@ -237,6 +237,10 @@
 exit 0
 
 %changelog
+* Wed Jul 13 2005 Dan Walsh <dwalsh redhat com> 1.25.2-2
+- Allow klogin to read keytab file.
+- Allow cvs to send mail
+
 * Tue Jul 12 2005 Dan Walsh <dwalsh redhat com> 1.25.2-1
 - Update to latest from NSA
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]