[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-targeted/FC-4 policy-20050719.patch, 1.1, 1.2 selinux-policy-targeted.spec, 1.325, 1.326



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-targeted/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv30789

Modified Files:
	policy-20050719.patch selinux-policy-targeted.spec 
Log Message:
* Mon Jul 25 2005 Dan Walsh <dwalsh redhat com> 1.25.3-6
- Bump for FC4


policy-20050719.patch:
 domains/program/crond.te                 |    3 +-
 domains/program/fsadm.te                 |    2 -
 domains/program/getty.te                 |    2 -
 domains/program/ifconfig.te              |    3 +-
 domains/program/initrc.te                |    2 -
 domains/program/modutil.te               |    2 -
 domains/program/restorecon.te            |    1 
 domains/program/unused/NetworkManager.te |    8 +++++++
 domains/program/unused/apache.te         |    3 ++
 domains/program/unused/apmd.te           |    2 -
 domains/program/unused/cvs.te            |    9 ++++++++
 domains/program/unused/cyrus.te          |   11 +++++++++-
 domains/program/unused/evolution.te      |    1 
 domains/program/unused/ftpd.te           |    8 +------
 domains/program/unused/hald.te           |    4 +++
 domains/program/unused/hotplug.te        |    3 +-
 domains/program/unused/ipsec.te          |    7 +++---
 domains/program/unused/kudzu.te          |    5 ++--
 domains/program/unused/lvm.te            |    2 -
 domains/program/unused/mta.te            |    4 +--
 domains/program/unused/mysqld.te         |    1 
 domains/program/unused/pamconsole.te     |    2 -
 domains/program/unused/ping.te           |    4 +++
 domains/program/unused/postgresql.te     |    5 ++--
 domains/program/unused/pppd.te           |   32 +++++++++++++++++++++++++++++++
 domains/program/unused/rlogind.te        |    1 
 domains/program/unused/rsync.te          |    4 ++-
 domains/program/unused/samba.te          |    1 
 domains/program/unused/slocate.te        |    4 ++-
 domains/program/unused/squid.te          |    1 
 domains/program/unused/thunderbird.te    |    1 
 domains/program/unused/udev.te           |    5 ++--
 domains/program/unused/vpnc.te           |   15 ++++++++++++--
 domains/program/unused/winbind.te        |    1 
 domains/program/useradd.te               |    1 
 file_contexts/distros.fc                 |    6 +++++
 file_contexts/program/kudzu.fc           |    1 
 file_contexts/program/postgresql.fc      |    4 +++
 file_contexts/program/pppd.fc            |   15 +++++++++-----
 file_contexts/program/vpnc.fc            |    1 
 file_contexts/types.fc                   |    4 +--
 genfs_contexts                           |    1 
 macros/admin_macros.te                   |    1 
 macros/base_user_macros.te               |   13 ------------
 macros/content_macros.te                 |    5 +++-
 macros/global_macros.te                  |   32 +++++++++++++++++++++++++++++++
 macros/program/apache_macros.te          |    3 +-
 macros/program/cdrecord_macros.te        |   17 +++++-----------
 macros/program/evolution_macros.te       |    7 ++----
 macros/program/gconf_macros.te           |    1 
 macros/program/gnome_vfs_macros.te       |    6 +++++
 macros/program/mail_client_macros.te     |   13 ++++++++++--
 macros/program/mozilla_macros.te         |    6 ++++-
 macros/program/thunderbird_macros.te     |   14 +++++++------
 macros/user_macros.te                    |   18 ++---------------
 net_contexts                             |    1 
 targeted/domains/program/crond.te        |    9 +++++---
 tunables/distro.tun                      |    2 -
 tunables/tunable.tun                     |    7 +-----
 types/file.te                            |   10 +++++++++
 types/network.te                         |    1 
 61 files changed, 254 insertions(+), 104 deletions(-)

Index: policy-20050719.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/policy-20050719.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050719.patch	21 Jul 2005 17:34:22 -0000	1.1
+++ policy-20050719.patch	25 Jul 2005 17:54:17 -0000	1.2
@@ -41,10 +41,13 @@
  # Write to /var/run/utmp.
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.25.3/domains/program/ifconfig.te
 --- nsapolicy/domains/program/ifconfig.te	2005-07-19 10:57:05.000000000 -0400
-+++ policy-1.25.3/domains/program/ifconfig.te	2005-07-19 15:41:44.000000000 -0400
-@@ -36,6 +36,7 @@
++++ policy-1.25.3/domains/program/ifconfig.te	2005-07-21 17:03:56.000000000 -0400
+@@ -34,8 +34,9 @@
+ allow ifconfig_t self:socket create_socket_perms;
+ 
  # Use capabilities.
- allow ifconfig_t self:capability net_admin;
+-allow ifconfig_t self:capability net_admin;
++allow ifconfig_t self:capability { net_raw net_admin };
  dontaudit ifconfig_t self:capability sys_module;
 +allow ifconfig_t self:capability sys_tty_config;
  
@@ -85,6 +88,19 @@
  
  allow restorecon_t etc_runtime_t:file { getattr read };
  allow restorecon_t etc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.25.3/domains/program/unused/apache.te
+--- nsapolicy/domains/program/unused/apache.te	2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.3/domains/program/unused/apache.te	2005-07-25 11:04:03.000000000 -0400
+@@ -222,6 +222,9 @@
+ # Creation of lock files for apache2
+ lock_domain(httpd)
+ 
++# Allow apache to used ftpd_anon_t
++anonymous_domain(httpd)
++
+ # connect to mysql
+ ifdef(`mysqld.te', `
+ can_unix_connect(httpd_php_t, mysqld_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.25.3/domains/program/unused/apmd.te
 --- nsapolicy/domains/program/unused/apmd.te	2005-07-12 08:50:43.000000000 -0400
 +++ policy-1.25.3/domains/program/unused/apmd.te	2005-07-19 15:41:44.000000000 -0400
@@ -117,13 +133,30 @@
 +dontaudit cvs_t devtty_t:chr_file { read write };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.3/domains/program/unused/cyrus.te
 --- nsapolicy/domains/program/unused/cyrus.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.3/domains/program/unused/cyrus.te	2005-07-19 15:41:44.000000000 -0400
-@@ -40,4 +40,5 @@
++++ policy-1.25.3/domains/program/unused/cyrus.te	2005-07-25 09:19:03.000000000 -0400
+@@ -20,7 +20,7 @@
+ can_ypbind(cyrus_t)
+ can_exec(cyrus_t, bin_t)
+ allow cyrus_t cyrus_var_lib_t:dir create_dir_perms;
+-allow cyrus_t cyrus_var_lib_t:{file sock_file } create_file_perms;
++allow cyrus_t cyrus_var_lib_t:{file sock_file lnk_file} create_file_perms;
+ allow cyrus_t etc_t:file { getattr read };
+ allow cyrus_t lib_t:file { execute execute_no_trans getattr read };
+ read_locale(cyrus_t)
+@@ -40,4 +40,13 @@
  allow system_crond_t cyrus_var_lib_t:file create_file_perms;
  ')
  create_dir_file(cyrus_t, mail_spool_t)
 +allow cyrus_t var_spool_t:dir search;
  
++ifdef(`saslaudthd.te', `
++allow cyrus_t saslauthd_var_run_t:dir search;
++allow cyrus_t saslauthd_var_run_t:sock_file { read write };
++allow cyrus_t saslauthd_t:unix_stream_socket { connectto };
++')
++
++r_dir_file(cyrus_t, cert_t)
++allow cyrus_t { urandom_device_t random_device_t }:chr_file { read getattr };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/evolution.te policy-1.25.3/domains/program/unused/evolution.te
 --- nsapolicy/domains/program/unused/evolution.te	2005-07-05 15:25:46.000000000 -0400
 +++ policy-1.25.3/domains/program/unused/evolution.te	2005-07-19 15:41:44.000000000 -0400
@@ -132,6 +165,21 @@
  
  # Everything else is in macros/evolution_macros.te
 +bool disable_evolution_trans false;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.25.3/domains/program/unused/ftpd.te
+--- nsapolicy/domains/program/unused/ftpd.te	2005-07-12 08:50:43.000000000 -0400
++++ policy-1.25.3/domains/program/unused/ftpd.te	2005-07-22 08:48:57.000000000 -0400
+@@ -110,9 +110,5 @@
+ 	r_dir_file(ftpd_t, cifs_t)
+ }
+ dontaudit ftpd_t selinux_config_t:dir search;
+-#
+-# Type for access to anon ftp
+-#
+-r_dir_file(ftpd_t,ftpd_anon_t)
+-type ftpd_anon_rw_t, file_type, sysadmfile, customizable;
+-create_dir_file(ftpd_t,ftpd_anon_rw_t)
++anonymous_domain(ftpd)
++
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.25.3/domains/program/unused/hald.te
 --- nsapolicy/domains/program/unused/hald.te	2005-07-12 08:50:43.000000000 -0400
 +++ policy-1.25.3/domains/program/unused/hald.te	2005-07-19 15:41:44.000000000 -0400
@@ -160,6 +208,37 @@
  allow hotplug_t self:netlink_route_socket r_netlink_socket_perms;
  
 +dontaudit hotplug_t selinux_config_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ipsec.te policy-1.25.3/domains/program/unused/ipsec.te
+--- nsapolicy/domains/program/unused/ipsec.te	2005-04-27 10:28:51.000000000 -0400
++++ policy-1.25.3/domains/program/unused/ipsec.te	2005-07-25 09:42:06.000000000 -0400
+@@ -60,8 +60,8 @@
+ # it in its own domain?)
+ can_exec(ipsec_mgmt_t, bin_t)
+ # logger, running in ipsec_mgmt_t needs to use sockets
+-allow ipsec_mgmt_t self:unix_dgram_socket { create connect write };
+-allow ipsec_mgmt_t ipsec_t:unix_dgram_socket { create connect write };
++allow ipsec_mgmt_t self:unix_dgram_socket create_socket_perms;
++allow ipsec_mgmt_t ipsec_t:unix_dgram_socket create_socket_perms;
+ 
+ # also need to run things like whack and shell scripts
+ can_exec(ipsec_mgmt_t, ipsec_exec_t)
+@@ -169,7 +169,7 @@
+ # Pluto needs network access
+ can_network_server(ipsec_t)
+ can_ypbind(ipsec_t)
+-allow ipsec_t self:unix_dgram_socket { create connect write };
++allow ipsec_t self:unix_dgram_socket create_socket_perms;
+ 
+ # for sleep
+ allow ipsec_mgmt_t fs_t:filesystem getattr;
+@@ -211,6 +211,7 @@
+ allow ipsec_mgmt_t self:key_socket { create setopt };
+ can_exec(ipsec_mgmt_t, initrc_exec_t)
+ allow ipsec_t self:netlink_xfrm_socket create_socket_perms;
++allow ipsec_t self:netlink_route_socket r_netlink_socket_perms;
+ read_locale(ipsec_t)
+ ifdef(`consoletype.te', `
+ can_exec(ipsec_mgmt_t, consoletype_exec_t )
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/kudzu.te policy-1.25.3/domains/program/unused/kudzu.te
 --- nsapolicy/domains/program/unused/kudzu.te	2005-05-25 11:28:10.000000000 -0400
 +++ policy-1.25.3/domains/program/unused/kudzu.te	2005-07-19 15:41:44.000000000 -0400
@@ -304,35 +383,11 @@
  ifdef(`apache.te', `
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.25.3/domains/program/unused/pppd.te
 --- nsapolicy/domains/program/unused/pppd.te	2005-07-19 10:57:05.000000000 -0400
-+++ policy-1.25.3/domains/program/unused/pppd.te	2005-07-20 08:18:29.000000000 -0400
-@@ -32,9 +32,12 @@
- log_domain(pppd)
- 
- # Use the network.
--can_network_server(pppd_t)
-+can_network(pppd_t)
- can_ypbind(pppd_t)
- 
-+allow pppd_t fingerd_port_t:tcp_socket name_connect;
-+
-+
- # Use capabilities.
- allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
- lock_domain(pppd)
-@@ -52,6 +55,8 @@
- 
- # allow running ip-up and ip-down scripts and running chat.
- can_exec(pppd_t, { shell_exec_t bin_t sbin_t etc_t ifconfig_exec_t })
-+can_exec(pppd_t, pppd_etc_rw_t)
-+can_exec(pppd_t, hostname_exec_t)
- allow pppd_t { bin_t sbin_t }:dir search;
- allow pppd_t { sbin_t bin_t }:lnk_file read;
- 
-@@ -110,3 +115,25 @@
++++ policy-1.25.3/domains/program/unused/pppd.te	2005-07-22 07:38:03.000000000 -0400
+@@ -110,3 +110,35 @@
  domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
  ')
  }
-+domain_auto_trans(pppd_t, named_exec_t, named_t)
 +
 +daemon_domain(pptp)
 +can_network_client_tcp(pptp_t)
@@ -353,7 +408,18 @@
 +allow pptp_t self:fifo_file { read write };
 +allow pptp_t ptmx_t:chr_file rw_file_perms;
 +log_domain(pptp)
++
++# Fix sockets
++allow pptp_t pptp_var_run_t:sock_file create_file_perms;
++
++# Allow pptp to append to pppd log files
 +allow pptp_t pppd_log_t:file append;
++
++dontaudit ndc_t pppd_t:fd use;
++
++# Allow /etc/ppp/ip-{up,down} to run most anything
++type pppd_script_exec_t, file_type, sysadmfile;
++domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rlogind.te policy-1.25.3/domains/program/unused/rlogind.te
 --- nsapolicy/domains/program/unused/rlogind.te	2005-04-27 10:28:52.000000000 -0400
 +++ policy-1.25.3/domains/program/unused/rlogind.te	2005-07-19 15:41:44.000000000 -0400
@@ -362,14 +428,25 @@
  typealias rlogind_port_t alias rlogin_port_t;
  read_sysctl(rlogind_t);
 +allow rlogind_t krb5_keytab_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.25.3/domains/program/unused/rsync.te
+--- nsapolicy/domains/program/unused/rsync.te	2005-04-27 10:28:52.000000000 -0400
++++ policy-1.25.3/domains/program/unused/rsync.te	2005-07-22 08:45:55.000000000 -0400
+@@ -14,4 +14,6 @@
+ inetd_child_domain(rsync)
+ type rsync_data_t, file_type, sysadmfile;
+ r_dir_file(rsync_t, rsync_data_t)
+-r_dir_file(rsync_t, ftpd_anon_t)
++anonymous_domain(rsync)
++
++
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.25.3/domains/program/unused/samba.te
 --- nsapolicy/domains/program/unused/samba.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.3/domains/program/unused/samba.te	2005-07-20 08:42:37.000000000 -0400
++++ policy-1.25.3/domains/program/unused/samba.te	2005-07-22 08:49:50.000000000 -0400
 @@ -79,6 +79,7 @@
  
  # Access Samba shares.
  create_dir_file(smbd_t, samba_share_t)
-+r_dir_file(smbd_t, ftpd_anon_t)
++anonymous_domain(smbd)
  
  ifdef(`logrotate.te', `
  # the application should be changed
@@ -526,6 +603,14 @@
  
  # Fedora Extras packages: ladspa, imlib2, ocaml
  /usr/lib/ladspa/analogue_osc_1416\.so		-- system_u:object_r:texrel_shlib_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/kudzu.fc policy-1.25.3/file_contexts/program/kudzu.fc
+--- nsapolicy/file_contexts/program/kudzu.fc	2005-02-24 14:51:09.000000000 -0500
++++ policy-1.25.3/file_contexts/program/kudzu.fc	2005-07-25 09:51:13.000000000 -0400
+@@ -1,3 +1,4 @@
+ # kudzu
+ /usr/sbin/kudzu	--	system_u:object_r:kudzu_exec_t
+ /sbin/kmodule	--	system_u:object_r:kudzu_exec_t
++/var/run/Xconfig --	root:object_r:kudzu_var_run_t
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/postgresql.fc policy-1.25.3/file_contexts/program/postgresql.fc
 --- nsapolicy/file_contexts/program/postgresql.fc	2005-03-11 15:31:06.000000000 -0500
 +++ policy-1.25.3/file_contexts/program/postgresql.fc	2005-07-20 13:51:00.000000000 -0400
@@ -539,7 +624,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/pppd.fc policy-1.25.3/file_contexts/program/pppd.fc
 --- nsapolicy/file_contexts/program/pppd.fc	2005-06-01 06:11:22.000000000 -0400
-+++ policy-1.25.3/file_contexts/program/pppd.fc	2005-07-19 15:41:44.000000000 -0400
++++ policy-1.25.3/file_contexts/program/pppd.fc	2005-07-22 07:39:08.000000000 -0400
 @@ -1,5 +1,6 @@
  # pppd
  /usr/sbin/pppd		--	system_u:object_r:pppd_exec_t
@@ -547,6 +632,25 @@
  /usr/sbin/ipppd		--	system_u:object_r:pppd_exec_t
  /dev/ppp		-c	system_u:object_r:ppp_device_t
  /dev/pppox.*		-c	system_u:object_r:ppp_device_t
+@@ -12,9 +13,13 @@
+ /var/run/(i)?ppp.*pid	--	system_u:object_r:pppd_var_run_t
+ /var/log/ppp-connect-errors.* -- system_u:object_r:pppd_log_t
+ /var/log/ppp/.*	--	system_u:object_r:pppd_log_t
+-/etc/ppp/ip-down.*	--	system_u:object_r:bin_t
+-/etc/ppp/ip-up.*	--	system_u:object_r:bin_t
+-/etc/ppp/ipv6-up	--	system_u:object_r:bin_t
+-/etc/ppp/ipv6-down	--	system_u:object_r:bin_t
++/etc/ppp/ip-down\..*	--	system_u:object_r:bin_t
++/etc/ppp/ip-up\..*	--	system_u:object_r:bin_t
++/etc/ppp/ipv6-up\..*	--	system_u:object_r:bin_t
++/etc/ppp/ipv6-down\..*	--	system_u:object_r:bin_t
+ /etc/ppp/plugins/rp-pppoe\.so 	--	system_u:object_r:shlib_t
+-/etc/ppp/resolv\.conf 	--   system_u:object_r:pppd_etc_rw_t
++/etc/ppp/resolv\.conf 	--	system_u:object_r:pppd_etc_rw_t
++# Fix pptp sockets
++/var/run/pptp(/.*)?	--	system_u:object_r:pptp_var_run_t
++# Fix /etc/ppp {up,down} family scripts (see man pppd)
++/etc/ppp/(auth|ip(v6|x)?)-(up|down)	--	system_u:object_r:pppd_script_exec_t
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/vpnc.fc policy-1.25.3/file_contexts/program/vpnc.fc
 --- nsapolicy/file_contexts/program/vpnc.fc	2005-02-24 14:51:09.000000000 -0500
 +++ policy-1.25.3/file_contexts/program/vpnc.fc	2005-07-19 15:41:44.000000000 -0400
@@ -638,8 +742,27 @@
  `} else {
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.25.3/macros/global_macros.te
 --- nsapolicy/macros/global_macros.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.3/macros/global_macros.te	2005-07-19 15:41:44.000000000 -0400
-@@ -708,3 +708,22 @@
++++ policy-1.25.3/macros/global_macros.te	2005-07-22 08:47:35.000000000 -0400
+@@ -595,6 +595,18 @@
+ ')dnl end polyinstantiater
+ 
+ # 
++# Domain that is allow to read anonymous data off the network
++# without providing authentication.
++# Also define boolean to allow anonymous writing
++#
++define(`anonymous_domain', `
++r_dir_file($1_t, ftpd_anon_t)
++bool allow_$1_anon_write false;
++if (allow_$1_anon_write) {
++create_dir_file($1_t,ftpd_anon_rw_t)
++}
++')
++# 
+ # Define a domain that can do anything, so that it is
+ # effectively unconfined by the SELinux policy.  This
+ # means that it is only restricted by the normal Linux 
+@@ -708,3 +720,23 @@
  ')
  
  ')dnl end unconfined_domain
@@ -662,24 +785,24 @@
 +allow $1 removable_t:filesystem getattr;
 +
 +')
++
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.25.3/macros/program/apache_macros.te
 --- nsapolicy/macros/program/apache_macros.te	2005-07-12 08:50:43.000000000 -0400
-+++ policy-1.25.3/macros/program/apache_macros.te	2005-07-20 08:40:15.000000000 -0400
++++ policy-1.25.3/macros/program/apache_macros.te	2005-07-22 08:51:23.000000000 -0400
 @@ -102,6 +102,7 @@
  r_dir_file(httpd_$1_script_t, httpd_$1_script_ro_t)
  create_dir_file(httpd_$1_script_t, httpd_$1_script_rw_t)
  ra_dir_file(httpd_$1_script_t, httpd_$1_script_ra_t)
-+r_dir_file(httpd_$1_script_t, ftpd_anon_t)
++anonymous_domain(httpd_$1_script)
  
  if (httpd_enable_cgi && httpd_unified ifdef(`targeted_policy', ` && ! httpd_disable_trans')) {
  create_dir_file(httpd_$1_script_t, httpdcontent)
-@@ -137,8 +138,9 @@
+@@ -137,8 +138,8 @@
  r_dir_file(httpd_t, httpd_$1_script_ro_t)
  create_dir_file(httpd_t, httpd_$1_script_rw_t)
  ra_dir_file(httpd_t, httpd_$1_script_ra_t)
 -}
  r_dir_file(httpd_t, httpd_$1_content_t)
-+r_dir_file(httpd_t, ftpd_anon_t)
 +}
  
  ')
@@ -979,7 +1102,7 @@
  # Otherwise, only staff_r can do so.
 diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.25.3/types/file.te
 --- nsapolicy/types/file.te	2005-07-06 17:15:07.000000000 -0400
-+++ policy-1.25.3/types/file.te	2005-07-19 15:41:44.000000000 -0400
++++ policy-1.25.3/types/file.te	2005-07-22 08:48:48.000000000 -0400
 @@ -304,6 +304,12 @@
  type dosfs_t, fs_type, noexattrfile, sysadmfile;
  allow dosfs_t self:filesystem associate;
@@ -1003,6 +1126,14 @@
  # removable_t is the default type of all removable media
  type removable_t, file_type, sysadmfile, usercanread;
  allow removable_t self:filesystem associate;
+@@ -324,6 +333,7 @@
+ 
+ # Type for anonymous FTP data, used by ftp and rsync
+ type ftpd_anon_t, file_type, sysadmfile, customizable;
++type ftpd_anon_rw_t, file_type, sysadmfile, customizable;
+ 
+ allow customizable self:filesystem associate;
+ 
 diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.25.3/types/network.te
 --- nsapolicy/types/network.te	2005-07-12 08:50:44.000000000 -0400
 +++ policy-1.25.3/types/network.te	2005-07-19 15:41:44.000000000 -0400


Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-4/selinux-policy-targeted.spec,v
retrieving revision 1.325
retrieving revision 1.326
diff -u -r1.325 -r1.326
--- selinux-policy-targeted.spec	21 Jul 2005 17:34:22 -0000	1.325
+++ selinux-policy-targeted.spec	25 Jul 2005 17:54:17 -0000	1.326
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.3
-Release: 4
+Release: 6
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -237,10 +237,16 @@
 exit 0
 
 %changelog
+* Mon Jul 25 2005 Dan Walsh <dwalsh redhat com> 1.25.3-6
+- Bump for FC4
+
+* Mon Jul 25 2005 Dan Walsh <dwalsh redhat com> 1.25.3-5
+- Fix cyrus
+
 * Thu Jul 21 2005 Dan Walsh <dwalsh redhat com> 1.25.3-4
 - Bump for FC4
 
-* Thu Jul 21 2005 Dan Walsh <dwalsh redhat com> 1.25.3-3
+* Thu Jul 19 2005 Dan Walsh <dwalsh redhat com> 1.25.3-3
 - Fix spec file for file_context.homedirs
 
 * Tue Jul 19 2005 Dan Walsh <dwalsh redhat com> 1.25.3-2
@@ -255,9 +261,6 @@
 - Fix vpnc.te, NetworkManager and others for strict policy
 - Add isakmp port
 
-* Wed Jul 13 2005 Dan Walsh <dwalsh redhat com> 1.25.2-3
-- Bump for FC4
-
 * Wed Jul 13 2005 Dan Walsh <dwalsh redhat com> 1.25.2-2
 - Allow klogin to read keytab file.
 - Allow cvs to send mail
@@ -268,15 +271,9 @@
 * Mon Jul 11 2005 Dan Walsh <dwalsh redhat com> 1.25.1-10
 - Change file context for iiimd -> iiimd.bin
 
-* Mon Jul 11 2005 Dan Walsh <dwalsh redhat com> 1.25.1-9
-- Bump for FC4
-
 * Fri Jul 8 2005 Dan Walsh <dwalsh redhat com> 1.25.1-8
 - Fix saslauthd policy to allow imapd and shadow.
 
-* Thu Jul 7 2005 Dan Walsh <dwalsh redhat com> 1.25.1-7
-- Bump for FC4
-
 * Thu Jul 7 2005 Dan Walsh <dwalsh redhat com> 1.25.1-6
 - Fixes for winbind
 
@@ -319,9 +316,6 @@
 * Sat Jun 25 2005 Dan Walsh <dwalsh redhat com> 1.23.18-18
 - Add passwd policy to targeted to maintain context on shadow file
 
-* Thu Jun 23 2005 Dan Walsh <dwalsh redhat com> 1.23.18-17
-- Bump for FC4
-
 * Thu Jun 23 2005 Dan Walsh <dwalsh redhat com> 1.23.18-16
 - Fix postgres to allow it to connect to auth
 - Change cyrus-imapd to write to /var/spool/imap


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]