rpms/selinux-policy-targeted/FC-4 policy-20050712.patch, 1.1, 1.2 selinux-policy-targeted.spec, 1.323, 1.324
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 14 20:23:32 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv7128
Modified Files:
policy-20050712.patch selinux-policy-targeted.spec
Log Message:
* Thu Jul 14 2005 Dan Walsh <dwalsh at redhat.com> 1.25.2-4
- Fixup cyrus to read mail spool
- Fix vpnc.te, NetworkManager and others for strict policy
- Add isakmp port
policy-20050712.patch:
assert.te | 2 +-
attrib.te | 4 ++++
domains/program/ifconfig.te | 1 +
domains/program/initrc.te | 2 +-
domains/program/modutil.te | 2 +-
domains/program/unused/NetworkManager.te | 8 ++++++++
domains/program/unused/cvs.te | 10 ++++++++++
domains/program/unused/cyrus.te | 1 +
domains/program/unused/lvm.te | 2 +-
domains/program/unused/pamconsole.te | 2 +-
domains/program/unused/ping.te | 2 ++
domains/program/unused/pppd.te | 19 +++++++++++++++++++
domains/program/unused/radvd.te | 6 +++---
domains/program/unused/rlogind.te | 1 +
domains/program/unused/rpcd.te | 7 ++++---
domains/program/unused/saslauthd.te | 10 +++++++++-
domains/program/unused/squid.te | 1 +
domains/program/unused/udev.te | 4 ++--
domains/program/unused/vpnc.te | 15 +++++++++++++--
domains/program/unused/winbind.te | 2 ++
file_contexts/program/apache.fc | 2 ++
file_contexts/program/i18n_input.fc | 2 +-
file_contexts/program/pppd.fc | 1 +
file_contexts/program/vpnc.fc | 1 +
genfs_contexts | 1 +
macros/program/chkpwd_macros.te | 3 +++
net_contexts | 1 +
targeted/domains/program/crond.te | 9 ++++++---
tunables/distro.tun | 2 +-
tunables/tunable.tun | 4 ++--
types/file.te | 3 +++
types/network.te | 1 +
32 files changed, 108 insertions(+), 23 deletions(-)
Index: policy-20050712.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/policy-20050712.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050712.patch 13 Jul 2005 11:35:33 -0000 1.1
+++ policy-20050712.patch 14 Jul 2005 20:23:30 -0000 1.2
@@ -35,19 +35,127 @@
allow ifconfig_t self:netlink_route_socket rw_netlink_socket_perms;
allow ifconfig_t self:tcp_socket { create ioctl };
allow ifconfig_t etc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.25.2/domains/program/initrc.te
+--- nsapolicy/domains/program/initrc.te 2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/initrc.te 2005-07-14 10:18:54.000000000 -0400
+@@ -123,7 +123,7 @@
+ allow initrc_t file_t:dir { read search getattr mounton };
+
+ # during boot up initrc needs to do the following
+-allow initrc_t default_t:dir { read search getattr mounton };
++allow initrc_t default_t:dir { write read search getattr mounton };
+
+ # rhgb-console writes to ramfs
+ allow initrc_t ramfs_t:fifo_file write;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.25.2/domains/program/modutil.te
+--- nsapolicy/domains/program/modutil.te 2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/modutil.te 2005-07-14 10:17:53.000000000 -0400
+@@ -72,7 +72,7 @@
+ # Rules for the insmod_t domain.
+ #
+
+-type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' ), mlsfilewrite
++type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' ), mlsfilewrite, nscd_client_domain
+ ;
+ role system_r types insmod_t;
+ role sysadm_r types insmod_t;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cvs.te policy-1.25.2/domains/program/unused/cvs.te
--- nsapolicy/domains/program/unused/cvs.te 2005-04-27 10:28:50.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/cvs.te 2005-07-13 06:22:19.000000000 -0400
-@@ -14,3 +14,5 @@
++++ policy-1.25.2/domains/program/unused/cvs.te 2005-07-14 06:46:19.000000000 -0400
+@@ -12,5 +12,15 @@
+ #
+
inetd_child_domain(cvs, tcp)
++typeattribute cvs_t privmail;
++typeattribute cvs_t auth_chkpwd;
++
type cvs_data_t, file_type, sysadmfile;
create_dir_file(cvs_t, cvs_data_t)
-+typeattribute cvs_t privmail;
++can_exec(cvs_t, { bin_t sbin_t shell_exec_t })
++allow cvs_t etc_runtime_t:file { getattr read };
++allow system_mail_t cvs_data_t:file { getattr read };
++dontaudit cvs_t devtty_t:chr_file { read write };
++allow cvs_t default_t:dir search;
++allow cvs_t default_t:lnk_file read;
+
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.2/domains/program/unused/cyrus.te
+--- nsapolicy/domains/program/unused/cyrus.te 2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.2/domains/program/unused/cyrus.te 2005-07-14 10:16:23.000000000 -0400
+@@ -40,4 +40,5 @@
+ allow system_crond_t cyrus_var_lib_t:file create_file_perms;
+ ')
+ create_dir_file(cyrus_t, mail_spool_t)
++allow cyrus_t var_spool_t:dir search;
+
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/lvm.te policy-1.25.2/domains/program/unused/lvm.te
+--- nsapolicy/domains/program/unused/lvm.te 2005-05-25 11:28:10.000000000 -0400
++++ policy-1.25.2/domains/program/unused/lvm.te 2005-07-14 10:19:48.000000000 -0400
+@@ -97,7 +97,7 @@
+ read_locale(lvm_t)
+
+ # LVM (vgscan) scans for devices by stating every file in /dev and applying a regex...
+-dontaudit lvm_t device_type:{ chr_file blk_file } getattr;
++dontaudit lvm_t device_type:{ chr_file blk_file } { getattr read };
+ dontaudit lvm_t ttyfile:chr_file getattr;
+ dontaudit lvm_t device_t:{ fifo_file dir chr_file blk_file } getattr;
+ dontaudit lvm_t devpts_t:dir { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.25.2/domains/program/unused/NetworkManager.te
+--- nsapolicy/domains/program/unused/NetworkManager.te 2005-07-06 17:15:06.000000000 -0400
++++ policy-1.25.2/domains/program/unused/NetworkManager.te 2005-07-14 10:19:16.000000000 -0400
+@@ -62,6 +62,8 @@
+ allow NetworkManager_t unconfined_t:dbus send_msg;
+ allow unconfined_t NetworkManager_t:dbus send_msg;
+ ')
++allow NetworkManager_t userdomain:dbus send_msg;
++allow userdomain NetworkManager_t:dbus send_msg;
+ ')
+
+ allow NetworkManager_t usr_t:file { getattr read };
+@@ -98,3 +100,9 @@
+ domain_auto_trans(NetworkManager_t, vpnc_exec_t, vpnc_t)
+ ')
+
++ifdef(`dhcpc.te', `
++allow NetworkManager_t dhcp_state_t:dir search;
++allow NetworkManager_t dhcpc_var_run_t:file { getattr read unlink };
++')
++allow NetworkManager_t var_lib_t:dir search;
++dontaudit NetworkManager_t user_tty_type:chr_file { read write };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pamconsole.te policy-1.25.2/domains/program/unused/pamconsole.te
+--- nsapolicy/domains/program/unused/pamconsole.te 2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/pamconsole.te 2005-07-14 10:18:09.000000000 -0400
+@@ -19,7 +19,7 @@
+ allow pam_console_t self:capability { chown fowner fsetid };
+
+ # Allow access to /dev/console through the fd:
+-allow pam_console_t console_device_t:chr_file { read write };
++allow pam_console_t console_device_t:chr_file { read write setattr };
+ allow pam_console_t { kernel_t init_t }:fd use;
+
+ # for /var/run/console.lock checking
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ping.te policy-1.25.2/domains/program/unused/ping.te
+--- nsapolicy/domains/program/unused/ping.te 2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/ping.te 2005-07-14 10:47:32.000000000 -0400
+@@ -17,6 +17,7 @@
+ in_user_role(ping_t)
+ type ping_exec_t, file_type, sysadmfile, exec_type;
+
++ifdef(`targeted_policy', `', `
+ bool user_ping false;
+
+ if (user_ping) {
+@@ -25,6 +26,7 @@
+ allow ping_t { ttyfile ptyfile }:chr_file rw_file_perms;
+ ifdef(`gnome-pty-helper.te', `allow ping_t gphdomain:fd use;')
+ }
++')
+
+ # Transition into this domain when you run this program.
+ domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.2/domains/program/unused/pppd.te
--- nsapolicy/domains/program/unused/pppd.te 2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/pppd.te 2005-07-12 16:12:07.000000000 -0400
-@@ -102,3 +102,11 @@
++++ policy-1.25.2/domains/program/unused/pppd.te 2005-07-14 11:19:52.000000000 -0400
+@@ -102,3 +102,22 @@
allow pppd_t self:netlink_route_socket r_netlink_socket_perms;
allow pppd_t initrc_var_run_t:file r_file_perms;
dontaudit pppd_t initrc_var_run_t:file { lock write };
@@ -59,6 +167,17 @@
+domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
+')
+}
++daemon_domain(pptp)
++can_network_client_tcp(pptp_t)
++allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
++can_exec(pptp_t, hostname_exec_t)
++domain_auto_trans(pppd_t, pptp_exec_t, pptp_t)
++allow pptp_t self:rawip_socket create_socket_perms;
++allow pptp_t self:unix_stream_socket create_stream_socket_perms;
++can_exec(pptp_t, pppd_etc_rw_t)
++allow pptp_t devpts_t:chr_file ioctl;
++r_dir_file(pptp_t, pppd_etc_rw_t)
++r_dir_file(pptp_t, pppd_etc_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radvd.te policy-1.25.2/domains/program/unused/radvd.te
--- nsapolicy/domains/program/unused/radvd.te 2005-07-12 08:50:43.000000000 -0400
+++ policy-1.25.2/domains/program/unused/radvd.te 2005-07-12 16:12:07.000000000 -0400
@@ -137,9 +256,84 @@
+if (allow_saslauthd_read_shadow) {
+allow saslauthd_t shadow_t:file r_file_perms;
+}
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.25.2/domains/program/unused/squid.te
+--- nsapolicy/domains/program/unused/squid.te 2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.2/domains/program/unused/squid.te 2005-07-14 10:36:31.000000000 -0400
+@@ -80,4 +80,5 @@
+ r_dir_file(squid_t, cert_t)
+ ifdef(`winbind.te', `
+ domain_auto_trans(squid_t, winbind_helper_exec_t, winbind_helper_t)
++allow winbind_helper_t squid_t:tcp_socket rw_socket_perms;
+ ')
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.25.2/domains/program/unused/udev.te
+--- nsapolicy/domains/program/unused/udev.te 2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/udev.te 2005-07-14 10:18:33.000000000 -0400
+@@ -28,7 +28,7 @@
+ type udev_tdb_t, file_type, sysadmfile, dev_fs;
+ typealias udev_tdb_t alias udev_tbl_t;
+ file_type_auto_trans(udev_t, device_t, udev_tdb_t, file)
+-allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin sys_nice mknod net_raw net_admin };
++allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin sys_nice mknod net_raw net_admin sys_rawio };
+ allow udev_t self:file { getattr read };
+ allow udev_t self:unix_stream_socket {connectto create_stream_socket_perms};
+ allow udev_t self:unix_dgram_socket create_socket_perms;
+@@ -53,7 +53,7 @@
+ allow udev_t bin_t:lnk_file read;
+ can_exec(udev_t, { shell_exec_t bin_t sbin_t etc_t } )
+ can_exec(udev_t, udev_exec_t)
+-r_dir_file(udev_t, sysfs_t)
++rw_dir_file(udev_t, sysfs_t)
+ allow udev_t sysadm_tty_device_t:chr_file { read write };
+
+ # to read the file_contexts file
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/vpnc.te policy-1.25.2/domains/program/unused/vpnc.te
+--- nsapolicy/domains/program/unused/vpnc.te 2005-04-27 10:28:54.000000000 -0400
++++ policy-1.25.2/domains/program/unused/vpnc.te 2005-07-14 10:19:31.000000000 -0400
+@@ -10,13 +10,15 @@
+ # vpnc_t is the domain for the vpnc program.
+ # vpnc_exec_t is the type of the vpnc executable.
+ #
+-daemon_domain(vpnc)
++daemon_domain(vpnc, `, sysctl_net_writer')
+
+ allow vpnc_t { random_device_t urandom_device_t }:chr_file read;
+
+ # Use the network.
+ can_network(vpnc_t)
+ allow vpnc_t port_type:tcp_socket name_connect;
++allow vpnc_t isakmp_port_t:udp_socket name_bind;
++
+ can_ypbind(vpnc_t)
+ allow vpnc_t self:socket create_socket_perms;
+
+@@ -29,14 +31,23 @@
+ allow vpnc_t self:rawip_socket create_socket_perms;
+ allow vpnc_t self:unix_dgram_socket create_socket_perms;
+ allow vpnc_t self:unix_stream_socket create_socket_perms;
+-allow vpnc_t admin_tty_type:chr_file rw_file_perms;
++allow vpnc_t { user_tty_type admin_tty_type }:chr_file rw_file_perms;
+ allow vpnc_t port_t:udp_socket name_bind;
+ allow vpnc_t etc_runtime_t:file { getattr read };
+ allow vpnc_t proc_t:file { getattr read };
+ dontaudit vpnc_t selinux_config_t:dir search;
+ can_exec(vpnc_t, {bin_t sbin_t ifconfig_exec_t shell_exec_t })
+ allow vpnc_t sysctl_net_t:dir search;
++allow vpnc_t sysctl_net_t:file write;
+ allow vpnc_t sbin_t:dir search;
+ allow vpnc_t bin_t:dir search;
+ allow vpnc_t bin_t:lnk_file read;
+ r_dir_file(vpnc_t, proc_net_t)
++tmp_domain(vpnc)
++allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:file { getattr read };
++allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
++file_type_auto_trans(vpnc_t, etc_t, net_conf_t, file)
++allow vpnc_t etc_t:file { execute execute_no_trans ioctl };
++allow vpnc_t user_home_dir_t:dir search;
++allow vpnc_t user_home_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.25.2/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.2/domains/program/unused/winbind.te 2005-07-12 16:12:07.000000000 -0400
++++ policy-1.25.2/domains/program/unused/winbind.te 2005-07-14 10:38:30.000000000 -0400
@@ -10,6 +10,7 @@
daemon_domain(winbind, `, privhome, auth_chkpwd, nscd_client_domain')
@@ -148,6 +342,14 @@
allow winbind_t etc_t:file r_file_perms;
allow winbind_t etc_t:lnk_file read;
can_network(winbind_t)
+@@ -36,6 +37,7 @@
+ allow initrc_t winbind_var_run_t:file r_file_perms;
+
+ application_domain(winbind_helper, `, nscd_client_domain')
++role system_r types winbind_helper_t;
+ access_terminal(winbind_helper_t, sysadm)
+ read_locale(winbind_helper_t)
+ r_dir_file(winbind_helper_t, samba_etc_t)
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.25.2/file_contexts/program/apache.fc
--- nsapolicy/file_contexts/program/apache.fc 2005-07-06 17:15:07.000000000 -0400
+++ policy-1.25.2/file_contexts/program/apache.fc 2005-07-12 16:12:07.000000000 -0400
@@ -169,6 +371,35 @@
/usr/bin/httx -- system_u:object_r:i18n_input_exec_t
/usr/bin/htt_xbe -- system_u:object_r:i18n_input_exec_t
/usr/bin/iiimx -- system_u:object_r:i18n_input_exec_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/pppd.fc policy-1.25.2/file_contexts/program/pppd.fc
+--- nsapolicy/file_contexts/program/pppd.fc 2005-06-01 06:11:22.000000000 -0400
++++ policy-1.25.2/file_contexts/program/pppd.fc 2005-07-14 11:08:35.000000000 -0400
+@@ -1,5 +1,6 @@
+ # pppd
+ /usr/sbin/pppd -- system_u:object_r:pppd_exec_t
++/usr/sbin/pptp -- system_u:object_r:pptp_exec_t
+ /usr/sbin/ipppd -- system_u:object_r:pppd_exec_t
+ /dev/ppp -c system_u:object_r:ppp_device_t
+ /dev/pppox.* -c system_u:object_r:ppp_device_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/vpnc.fc policy-1.25.2/file_contexts/program/vpnc.fc
+--- nsapolicy/file_contexts/program/vpnc.fc 2005-02-24 14:51:09.000000000 -0500
++++ policy-1.25.2/file_contexts/program/vpnc.fc 2005-07-14 10:21:22.000000000 -0400
+@@ -1,3 +1,4 @@
+ # vpnc
+ /usr/sbin/vpnc -- system_u:object_r:vpnc_exec_t
+ /sbin/vpnc -- system_u:object_r:vpnc_exec_t
++/etc/vpnc/vpnc-script -- system_u:object_r:bin_t
+diff --exclude-from=exclude -N -u -r nsapolicy/genfs_contexts policy-1.25.2/genfs_contexts
+--- nsapolicy/genfs_contexts 2005-05-07 00:41:08.000000000 -0400
++++ policy-1.25.2/genfs_contexts 2005-07-13 13:14:23.000000000 -0400
+@@ -92,6 +92,7 @@
+ genfscon afs / system_u:object_r:nfs_t
+
+ genfscon debugfs / system_u:object_r:debugfs_t
++genfscon inotifyfs / system_u:object_r:inotifyfs_t
+
+ # needs more work
+ genfscon eventpollfs / system_u:object_r:eventpollfs_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.25.2/macros/program/chkpwd_macros.te
--- nsapolicy/macros/program/chkpwd_macros.te 2005-07-12 08:50:43.000000000 -0400
+++ policy-1.25.2/macros/program/chkpwd_macros.te 2005-07-12 16:12:07.000000000 -0400
@@ -182,6 +413,17 @@
', `
domain_auto_trans($1_t, chkpwd_exec_t, $1_chkpwd_t)
allow $1_t sbin_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.25.2/net_contexts
+--- nsapolicy/net_contexts 2005-07-12 08:50:42.000000000 -0400
++++ policy-1.25.2/net_contexts 2005-07-14 10:20:24.000000000 -0400
+@@ -45,6 +45,7 @@
+ portcon tcp 465 system_u:object_r:smtp_port_t
+ portcon tcp 587 system_u:object_r:smtp_port_t
+
++portcon udp 500 system_u:object_r:isakmp_port_t
+ portcon udp 53 system_u:object_r:dns_port_t
+ portcon tcp 53 system_u:object_r:dns_port_t
+
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.25.2/targeted/domains/program/crond.te
--- nsapolicy/targeted/domains/program/crond.te 2005-06-29 16:36:19.000000000 -0400
+++ policy-1.25.2/targeted/domains/program/crond.te 2005-07-12 16:12:07.000000000 -0400
@@ -244,3 +486,27 @@
# Allow user_r to reach sysadm_r via su, sudo, or userhelper.
# Otherwise, only staff_r can do so.
+diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.25.2/types/file.te
+--- nsapolicy/types/file.te 2005-07-06 17:15:07.000000000 -0400
++++ policy-1.25.2/types/file.te 2005-07-13 12:26:49.000000000 -0400
+@@ -316,6 +316,9 @@
+ type debugfs_t, fs_type, sysadmfile;
+ allow debugfs_t self:filesystem associate;
+
++type inotifyfs_t, fs_type, sysadmfile;
++allow inotifyfs_t self:filesystem associate;
++
+ # removable_t is the default type of all removable media
+ type removable_t, file_type, sysadmfile, usercanread;
+ allow removable_t self:filesystem associate;
+diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.25.2/types/network.te
+--- nsapolicy/types/network.te 2005-07-12 08:50:44.000000000 -0400
++++ policy-1.25.2/types/network.te 2005-07-14 10:20:54.000000000 -0400
+@@ -22,6 +22,7 @@
+ type http_port_t, port_type, reserved_port_type;
+ type ipp_port_t, port_type, reserved_port_type;
+ type gopher_port_t, port_type, reserved_port_type;
++type isakmp_port_t, port_type, reserved_port_type;
+
+ allow web_client_domain { http_cache_port_t http_port_t }:tcp_socket name_connect;
+ type pop_port_t, port_type, reserved_port_type;
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/selinux-policy-targeted.spec,v
retrieving revision 1.323
retrieving revision 1.324
diff -u -r1.323 -r1.324
--- selinux-policy-targeted.spec 13 Jul 2005 11:35:33 -0000 1.323
+++ selinux-policy-targeted.spec 14 Jul 2005 20:23:30 -0000 1.324
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.25.2
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -237,6 +237,11 @@
exit 0
%changelog
+* Thu Jul 14 2005 Dan Walsh <dwalsh at redhat.com> 1.25.2-4
+- Fixup cyrus to read mail spool
+- Fix vpnc.te, NetworkManager and others for strict policy
+- Add isakmp port
+
* Wed Jul 13 2005 Dan Walsh <dwalsh at redhat.com> 1.25.2-3
- Bump for FC4
More information about the fedora-cvs-commits
mailing list