[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-strict/devel policy-20050712.patch, 1.2, 1.3 selinux-policy-strict.spec, 1.351, 1.352



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28373

Modified Files:
	policy-20050712.patch selinux-policy-strict.spec 
Log Message:
* Thu Jul 14 2005 Dan Walsh <dwalsh redhat com> 1.25.2-3
- Fixup cyrus to read mail spool
- Fix vpnc.te, NetworkManager and others for strict policy
- Add isakmp port


policy-20050712.patch:
 assert.te                                |    2 +-
 attrib.te                                |    4 ++++
 domains/program/ifconfig.te              |    1 +
 domains/program/initrc.te                |    2 +-
 domains/program/modutil.te               |    2 +-
 domains/program/unused/NetworkManager.te |    8 ++++++++
 domains/program/unused/cvs.te            |   10 ++++++++++
 domains/program/unused/cyrus.te          |    1 +
 domains/program/unused/lvm.te            |    2 +-
 domains/program/unused/pamconsole.te     |    2 +-
 domains/program/unused/ping.te           |    2 ++
 domains/program/unused/pppd.te           |   19 +++++++++++++++++++
 domains/program/unused/radvd.te          |    6 +++---
 domains/program/unused/rlogind.te        |    1 +
 domains/program/unused/rpcd.te           |    7 ++++---
 domains/program/unused/saslauthd.te      |   10 +++++++++-
 domains/program/unused/squid.te          |    1 +
 domains/program/unused/udev.te           |    4 ++--
 domains/program/unused/vpnc.te           |   15 +++++++++++++--
 domains/program/unused/winbind.te        |    2 ++
 file_contexts/program/apache.fc          |    2 ++
 file_contexts/program/i18n_input.fc      |    2 +-
 file_contexts/program/pppd.fc            |    1 +
 file_contexts/program/vpnc.fc            |    1 +
 genfs_contexts                           |    1 +
 macros/program/chkpwd_macros.te          |    3 +++
 net_contexts                             |    1 +
 targeted/domains/program/crond.te        |    9 ++++++---
 tunables/distro.tun                      |    2 +-
 tunables/tunable.tun                     |    4 ++--
 types/file.te                            |    3 +++
 types/network.te                         |    1 +
 32 files changed, 108 insertions(+), 23 deletions(-)

Index: policy-20050712.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050712.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20050712.patch	13 Jul 2005 11:00:55 -0000	1.2
+++ policy-20050712.patch	14 Jul 2005 20:11:36 -0000	1.3
@@ -35,19 +35,127 @@
  allow ifconfig_t self:netlink_route_socket rw_netlink_socket_perms;
  allow ifconfig_t self:tcp_socket { create ioctl };
  allow ifconfig_t etc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.25.2/domains/program/initrc.te
+--- nsapolicy/domains/program/initrc.te	2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/initrc.te	2005-07-14 10:18:54.000000000 -0400
+@@ -123,7 +123,7 @@
+ allow initrc_t file_t:dir { read search getattr mounton };
+ 
+ # during boot up initrc needs to do the following
+-allow initrc_t default_t:dir { read search getattr mounton };
++allow initrc_t default_t:dir { write read search getattr mounton };
+ 
+ # rhgb-console writes to ramfs
+ allow initrc_t ramfs_t:fifo_file write;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.25.2/domains/program/modutil.te
+--- nsapolicy/domains/program/modutil.te	2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/modutil.te	2005-07-14 10:17:53.000000000 -0400
+@@ -72,7 +72,7 @@
+ # Rules for the insmod_t domain.
+ #
+ 
+-type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' ), mlsfilewrite
++type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' ), mlsfilewrite, nscd_client_domain
+ ;
+ role system_r types insmod_t;
+ role sysadm_r types insmod_t;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cvs.te policy-1.25.2/domains/program/unused/cvs.te
 --- nsapolicy/domains/program/unused/cvs.te	2005-04-27 10:28:50.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/cvs.te	2005-07-13 06:22:19.000000000 -0400
-@@ -14,3 +14,5 @@
++++ policy-1.25.2/domains/program/unused/cvs.te	2005-07-14 06:46:19.000000000 -0400
+@@ -12,5 +12,15 @@
+ #
+ 
  inetd_child_domain(cvs, tcp)
++typeattribute cvs_t privmail;
++typeattribute cvs_t auth_chkpwd;
++
  type cvs_data_t, file_type, sysadmfile;
  create_dir_file(cvs_t, cvs_data_t)
-+typeattribute cvs_t privmail;
++can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
++allow cvs_t etc_runtime_t:file { getattr read };
++allow system_mail_t cvs_data_t:file { getattr read };
++dontaudit cvs_t devtty_t:chr_file { read write };
++allow cvs_t default_t:dir search;
++allow cvs_t default_t:lnk_file read;
 +
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.2/domains/program/unused/cyrus.te
+--- nsapolicy/domains/program/unused/cyrus.te	2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.2/domains/program/unused/cyrus.te	2005-07-14 10:16:23.000000000 -0400
+@@ -40,4 +40,5 @@
+ allow system_crond_t cyrus_var_lib_t:file create_file_perms;
+ ')
+ create_dir_file(cyrus_t, mail_spool_t)
++allow cyrus_t var_spool_t:dir search;
+ 
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/lvm.te policy-1.25.2/domains/program/unused/lvm.te
+--- nsapolicy/domains/program/unused/lvm.te	2005-05-25 11:28:10.000000000 -0400
++++ policy-1.25.2/domains/program/unused/lvm.te	2005-07-14 10:19:48.000000000 -0400
+@@ -97,7 +97,7 @@
+ read_locale(lvm_t)
+ 
+ # LVM (vgscan) scans for devices by stating every file in /dev and applying a regex...
+-dontaudit lvm_t device_type:{ chr_file blk_file } getattr;
++dontaudit lvm_t device_type:{ chr_file blk_file } { getattr read };
+ dontaudit lvm_t ttyfile:chr_file getattr;
+ dontaudit lvm_t device_t:{ fifo_file dir chr_file blk_file } getattr;
+ dontaudit lvm_t devpts_t:dir { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.25.2/domains/program/unused/NetworkManager.te
+--- nsapolicy/domains/program/unused/NetworkManager.te	2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/unused/NetworkManager.te	2005-07-14 10:19:16.000000000 -0400
+@@ -62,6 +62,8 @@
+ allow NetworkManager_t unconfined_t:dbus send_msg;
+ allow unconfined_t NetworkManager_t:dbus send_msg;
+ ')
++allow NetworkManager_t userdomain:dbus send_msg;
++allow userdomain NetworkManager_t:dbus send_msg;
+ ')
+ 
+ allow NetworkManager_t usr_t:file { getattr read };
+@@ -98,3 +100,9 @@
+ domain_auto_trans(NetworkManager_t, vpnc_exec_t, vpnc_t)
+ ')
+ 
++ifdef(`dhcpc.te', `
++allow NetworkManager_t dhcp_state_t:dir search;
++allow NetworkManager_t dhcpc_var_run_t:file { getattr read unlink };
++')
++allow NetworkManager_t var_lib_t:dir search;
++dontaudit NetworkManager_t user_tty_type:chr_file { read write };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pamconsole.te policy-1.25.2/domains/program/unused/pamconsole.te
+--- nsapolicy/domains/program/unused/pamconsole.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/pamconsole.te	2005-07-14 10:18:09.000000000 -0400
+@@ -19,7 +19,7 @@
+ allow pam_console_t self:capability { chown fowner fsetid };
+ 
+ # Allow access to /dev/console through the fd:
+-allow pam_console_t console_device_t:chr_file { read write };
++allow pam_console_t console_device_t:chr_file { read write setattr };
+ allow pam_console_t { kernel_t init_t }:fd use;
+ 
+ # for /var/run/console.lock checking
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ping.te policy-1.25.2/domains/program/unused/ping.te
+--- nsapolicy/domains/program/unused/ping.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/ping.te	2005-07-14 10:47:32.000000000 -0400
+@@ -17,6 +17,7 @@
+ in_user_role(ping_t)
+ type ping_exec_t, file_type, sysadmfile, exec_type;
+ 
++ifdef(`targeted_policy', `', `
+ bool user_ping false;
+ 
+ if (user_ping) {
+@@ -25,6 +26,7 @@
+ 	allow ping_t { ttyfile ptyfile }:chr_file rw_file_perms;
+ 	ifdef(`gnome-pty-helper.te', `allow ping_t gphdomain:fd use;')
+ }
++')
+ 
+ # Transition into this domain when you run this program.
+ domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.2/domains/program/unused/pppd.te
 --- nsapolicy/domains/program/unused/pppd.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/pppd.te	2005-07-12 16:12:07.000000000 -0400
-@@ -102,3 +102,11 @@
++++ policy-1.25.2/domains/program/unused/pppd.te	2005-07-14 11:16:23.000000000 -0400
+@@ -102,3 +102,22 @@
  allow pppd_t self:netlink_route_socket r_netlink_socket_perms;
  allow pppd_t initrc_var_run_t:file r_file_perms;
  dontaudit pppd_t initrc_var_run_t:file { lock write };
@@ -59,6 +167,17 @@
 +domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
 +')
 +}
++daemon_domain(pppd)
++can_network_client_tcp(pptp_t)
++allow pptp_t { reserve_port_type port_t }:tcp_socket name_connect;
++can_exec(pptp_t, hostname_exec_t)
++domain_auto_trans(pppd_t, pptp_exec_t, pptp_t)
++allow pptp_t self:rawip_socket create_socket_perms;
++allow pptp_t self:unix_stream_socket create_stream_socket_perms;
++can_exec(pptp_t, pppd_etc_rw_t)
++allow pptp_t devpts_t:chr_file ioctl;
++r_dir_file(pptp_t, pppd_etc_rw_t)
++r_dir_file(pptp_t, pppd_etc_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.2/domains/program/unused/radvd.te
 --- nsapolicy/domains/program/unused/radvd.te	2005-07-12 08:50:43.000000000 -0400
 +++ policy-1.25.2/domains/program/unused/radvd.te	2005-07-12 16:12:07.000000000 -0400
@@ -137,9 +256,84 @@
 +if (allow_saslauthd_read_shadow) {
 +allow saslauthd_t shadow_t:file r_file_perms;
 +}
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.25.2/domains/program/unused/squid.te
+--- nsapolicy/domains/program/unused/squid.te	2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.2/domains/program/unused/squid.te	2005-07-14 10:36:31.000000000 -0400
+@@ -80,4 +80,5 @@
+ r_dir_file(squid_t, cert_t)
+ ifdef(`winbind.te', `
+ domain_auto_trans(squid_t, winbind_helper_exec_t, winbind_helper_t)
++allow winbind_helper_t squid_t:tcp_socket rw_socket_perms;
+ ')
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.25.2/domains/program/unused/udev.te
+--- nsapolicy/domains/program/unused/udev.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/udev.te	2005-07-14 10:18:33.000000000 -0400
+@@ -28,7 +28,7 @@
+ type udev_tdb_t, file_type, sysadmfile, dev_fs;
+ typealias udev_tdb_t alias udev_tbl_t;
+ file_type_auto_trans(udev_t, device_t, udev_tdb_t, file)
+-allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin sys_nice mknod net_raw net_admin };
++allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin sys_nice mknod net_raw net_admin sys_rawio };
+ allow udev_t self:file { getattr read };
+ allow udev_t self:unix_stream_socket {connectto create_stream_socket_perms};
+ allow udev_t self:unix_dgram_socket create_socket_perms;
+@@ -53,7 +53,7 @@
+ allow udev_t bin_t:lnk_file read;
+ can_exec(udev_t, { shell_exec_t bin_t sbin_t etc_t } )
+ can_exec(udev_t, udev_exec_t)
+-r_dir_file(udev_t, sysfs_t)
++rw_dir_file(udev_t, sysfs_t)
+ allow udev_t sysadm_tty_device_t:chr_file { read write };
+ 
+ # to read the file_contexts file
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/vpnc.te policy-1.25.2/domains/program/unused/vpnc.te
+--- nsapolicy/domains/program/unused/vpnc.te	2005-04-27 10:28:54.000000000 -0400
++++ policy-1.25.2/domains/program/unused/vpnc.te	2005-07-14 10:19:31.000000000 -0400
+@@ -10,13 +10,15 @@
+ # vpnc_t is the domain for the vpnc program.
+ # vpnc_exec_t is the type of the vpnc executable.
+ #
+-daemon_domain(vpnc)
++daemon_domain(vpnc, `, sysctl_net_writer')
+ 
+ allow vpnc_t { random_device_t urandom_device_t }:chr_file read;
+ 
+ # Use the network.
+ can_network(vpnc_t)
+ allow vpnc_t port_type:tcp_socket name_connect;
++allow vpnc_t isakmp_port_t:udp_socket name_bind;
++
+ can_ypbind(vpnc_t)
+ allow vpnc_t self:socket create_socket_perms;
+ 
+@@ -29,14 +31,23 @@
+ allow vpnc_t self:rawip_socket create_socket_perms;
+ allow vpnc_t self:unix_dgram_socket create_socket_perms;
+ allow vpnc_t self:unix_stream_socket create_socket_perms;
+-allow vpnc_t admin_tty_type:chr_file rw_file_perms;
++allow vpnc_t { user_tty_type admin_tty_type }:chr_file rw_file_perms;
+ allow vpnc_t port_t:udp_socket name_bind;
+ allow vpnc_t etc_runtime_t:file { getattr read };
+ allow vpnc_t proc_t:file { getattr read };
+ dontaudit vpnc_t selinux_config_t:dir search;
+ can_exec(vpnc_t, {bin_t sbin_t ifconfig_exec_t shell_exec_t })
+ allow vpnc_t sysctl_net_t:dir search;
++allow vpnc_t sysctl_net_t:file write;
+ allow vpnc_t sbin_t:dir search;
+ allow vpnc_t bin_t:dir search;
+ allow vpnc_t bin_t:lnk_file read;
+ r_dir_file(vpnc_t, proc_net_t)
++tmp_domain(vpnc)
++allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:file { getattr read };
++allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
++file_type_auto_trans(vpnc_t, etc_t, net_conf_t, file)
++allow vpnc_t etc_t:file { execute execute_no_trans ioctl };
++allow vpnc_t user_home_dir_t:dir search;
++allow vpnc_t user_home_t:dir search;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.2/domains/program/unused/winbind.te
 --- nsapolicy/domains/program/unused/winbind.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/winbind.te	2005-07-12 16:12:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/winbind.te	2005-07-14 10:38:30.000000000 -0400
 @@ -10,6 +10,7 @@
  
  daemon_domain(winbind, `, privhome, auth_chkpwd, nscd_client_domain')
@@ -148,6 +342,14 @@
  allow winbind_t etc_t:file r_file_perms;
  allow winbind_t etc_t:lnk_file read;
  can_network(winbind_t)
+@@ -36,6 +37,7 @@
+ allow initrc_t winbind_var_run_t:file r_file_perms;
+ 
+ application_domain(winbind_helper, `, nscd_client_domain')
++role system_r types winbind_helper_t;
+ access_terminal(winbind_helper_t, sysadm)
+ read_locale(winbind_helper_t) 
+ r_dir_file(winbind_helper_t, samba_etc_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.25.2/file_contexts/program/apache.fc
 --- nsapolicy/file_contexts/program/apache.fc	2005-07-06 17:15:07.000000000 -0400
 +++ policy-1.25.2/file_contexts/program/apache.fc	2005-07-12 16:12:07.000000000 -0400
@@ -169,6 +371,35 @@
  /usr/bin/httx                   --     system_u:object_r:i18n_input_exec_t
  /usr/bin/htt_xbe                --     system_u:object_r:i18n_input_exec_t
  /usr/bin/iiimx                  --     system_u:object_r:i18n_input_exec_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/pppd.fc policy-1.25.2/file_contexts/program/pppd.fc
+--- nsapolicy/file_contexts/program/pppd.fc	2005-06-01 06:11:22.000000000 -0400
++++ policy-1.25.2/file_contexts/program/pppd.fc	2005-07-14 11:08:35.000000000 -0400
+@@ -1,5 +1,6 @@
+ # pppd
+ /usr/sbin/pppd		--	system_u:object_r:pppd_exec_t
++/usr/sbin/pptp 		--	system_u:object_r:pptp_exec_t
+ /usr/sbin/ipppd		--	system_u:object_r:pppd_exec_t
+ /dev/ppp		-c	system_u:object_r:ppp_device_t
+ /dev/pppox.*		-c	system_u:object_r:ppp_device_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/vpnc.fc policy-1.25.2/file_contexts/program/vpnc.fc
+--- nsapolicy/file_contexts/program/vpnc.fc	2005-02-24 14:51:09.000000000 -0500
++++ policy-1.25.2/file_contexts/program/vpnc.fc	2005-07-14 10:21:22.000000000 -0400
+@@ -1,3 +1,4 @@
+ # vpnc
+ /usr/sbin/vpnc		--	system_u:object_r:vpnc_exec_t
+ /sbin/vpnc		--	system_u:object_r:vpnc_exec_t
++/etc/vpnc/vpnc-script	--	system_u:object_r:bin_t
+diff --exclude-from=exclude -N -u -r nsapolicy/genfs_contexts policy-1.25.2/genfs_contexts
+--- nsapolicy/genfs_contexts	2005-05-07 00:41:08.000000000 -0400
++++ policy-1.25.2/genfs_contexts	2005-07-13 13:14:23.000000000 -0400
+@@ -92,6 +92,7 @@
+ genfscon afs /				system_u:object_r:nfs_t
+ 
+ genfscon debugfs /			system_u:object_r:debugfs_t
++genfscon inotifyfs /			system_u:object_r:inotifyfs_t
+ 
+ # needs more work
+ genfscon eventpollfs / system_u:object_r:eventpollfs_t
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.2/macros/program/chkpwd_macros.te
 --- nsapolicy/macros/program/chkpwd_macros.te	2005-07-12 08:50:43.000000000 -0400
 +++ policy-1.25.2/macros/program/chkpwd_macros.te	2005-07-12 16:12:07.000000000 -0400
@@ -182,6 +413,17 @@
  ', `
  domain_auto_trans($1_t, chkpwd_exec_t, $1_chkpwd_t)
  allow $1_t sbin_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.25.2/net_contexts
+--- nsapolicy/net_contexts	2005-07-12 08:50:42.000000000 -0400
++++ policy-1.25.2/net_contexts	2005-07-14 10:20:24.000000000 -0400
+@@ -45,6 +45,7 @@
+ portcon tcp 465 system_u:object_r:smtp_port_t
+ portcon tcp 587 system_u:object_r:smtp_port_t
+ 
++portcon udp 500 system_u:object_r:isakmp_port_t
+ portcon udp 53 system_u:object_r:dns_port_t
+ portcon tcp 53 system_u:object_r:dns_port_t
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.25.2/targeted/domains/program/crond.te
 --- nsapolicy/targeted/domains/program/crond.te	2005-06-29 16:36:19.000000000 -0400
 +++ policy-1.25.2/targeted/domains/program/crond.te	2005-07-12 16:12:07.000000000 -0400
@@ -244,3 +486,27 @@
  
  # Allow user_r to reach sysadm_r via su, sudo, or userhelper.
  # Otherwise, only staff_r can do so.
+diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.25.2/types/file.te
+--- nsapolicy/types/file.te	2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/types/file.te	2005-07-13 12:26:49.000000000 -0400
+@@ -316,6 +316,9 @@
+ type debugfs_t, fs_type, sysadmfile;
+ allow debugfs_t self:filesystem associate;
+ 
++type inotifyfs_t, fs_type, sysadmfile;
++allow inotifyfs_t self:filesystem associate;
++
+ # removable_t is the default type of all removable media
+ type removable_t, file_type, sysadmfile, usercanread;
+ allow removable_t self:filesystem associate;
+diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.25.2/types/network.te
+--- nsapolicy/types/network.te	2005-07-12 08:50:44.000000000 -0400
++++ policy-1.25.2/types/network.te	2005-07-14 10:20:54.000000000 -0400
+@@ -22,6 +22,7 @@
+ type http_port_t, port_type, reserved_port_type;
+ type ipp_port_t, port_type, reserved_port_type;
+ type gopher_port_t, port_type, reserved_port_type;
++type isakmp_port_t, port_type, reserved_port_type;
+ 
+ allow web_client_domain { http_cache_port_t http_port_t }:tcp_socket name_connect;
+ type pop_port_t, port_type, reserved_port_type;


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.351
retrieving revision 1.352
diff -u -r1.351 -r1.352
--- selinux-policy-strict.spec	13 Jul 2005 11:00:55 -0000	1.351
+++ selinux-policy-strict.spec	14 Jul 2005 20:11:37 -0000	1.352
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.2
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,6 +229,11 @@
 exit 0
 
 %changelog
+* Thu Jul 14 2005 Dan Walsh <dwalsh redhat com> 1.25.2-3
+- Fixup cyrus to read mail spool
+- Fix vpnc.te, NetworkManager and others for strict policy
+- Add isakmp port
+
 * Wed Jul 13 2005 Dan Walsh <dwalsh redhat com> 1.25.2-2
 - Allow klogin to read keytab file.
 - Allow cvs to send mail


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]