rpms/selinux-policy-targeted/FC-3 policy-20050104.patch, 1.27, 1.28 selinux-policy-targeted.spec, 1.197, 1.198
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 30 20:38:23 UTC 2005
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv32572
Modified Files:
policy-20050104.patch selinux-policy-targeted.spec
Log Message:
* Wed Mar 30 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.94
- Prepare policy for kernel rebase
policy-20050104.patch:
Makefile | 47 ++++++---
attrib.te | 3
domains/program/crond.te | 7 +
domains/program/ldconfig.te | 21 +++-
domains/program/login.te | 2
domains/program/logrotate.te | 24 ++---
domains/program/mount.te | 2
domains/program/ssh.te | 7 -
domains/program/syslogd.te | 24 ++++-
domains/program/unused/acct.te | 6 +
domains/program/unused/apache.te | 113 ++++++++++++++++++-----
domains/program/unused/arpwatch.te | 26 +++++
domains/program/unused/cups.te | 55 ++++++++++-
domains/program/unused/dhcpc.te | 5 -
domains/program/unused/dhcpd.te | 16 +++
domains/program/unused/dovecot.te | 3
domains/program/unused/ftpd.te | 2
domains/program/unused/hald.te | 3
domains/program/unused/howl.te | 2
domains/program/unused/innd.te | 7 +
domains/program/unused/ipsec.te | 9 +
domains/program/unused/iptables.te | 3
domains/program/unused/mailman.te | 23 +++-
domains/program/unused/mdadm.te | 3
domains/program/unused/mta.te | 21 +++-
domains/program/unused/mysqld.te | 7 -
domains/program/unused/named.te | 25 ++---
domains/program/unused/nscd.te | 26 +++--
domains/program/unused/ntpd.te | 21 +++-
domains/program/unused/portmap.te | 3
domains/program/unused/postfix.te | 2
domains/program/unused/postgresql.te | 47 ++++++++-
domains/program/unused/procmail.te | 1
domains/program/unused/rpcd.te | 2
domains/program/unused/rpm.te | 5 -
domains/program/unused/rsync.te | 2
domains/program/unused/samba.te | 4
domains/program/unused/sendmail.te | 2
domains/program/unused/slrnpull.te | 1
domains/program/unused/snmpd.te | 10 +-
domains/program/unused/spamd.te | 2
domains/program/unused/squid.te | 21 ++--
domains/program/unused/udev.te | 5 -
domains/program/unused/updfstab.te | 1
domains/program/unused/winbind.te | 34 +++++++
domains/program/unused/xdm.te | 4
domains/program/unused/ypbind.te | 2
domains/program/unused/ypserv.te | 7 +
domains/user.te | 6 +
file_contexts/distros.fc | 76 +++++++++++-----
file_contexts/program/apache.fc | 14 ++
file_contexts/program/arpwatch.fc | 3
file_contexts/program/cups.fc | 5 -
file_contexts/program/dhcpd.fc | 2
file_contexts/program/ipsec.fc | 11 +-
file_contexts/program/mailman.fc | 15 +--
file_contexts/program/mta.fc | 5 +
file_contexts/program/mysqld.fc | 4
file_contexts/program/named.fc | 17 ++-
file_contexts/program/nscd.fc | 3
file_contexts/program/ntpd.fc | 2
file_contexts/program/postgresql.fc | 23 +---
file_contexts/program/sendmail.fc | 1
file_contexts/program/snmpd.fc | 3
file_contexts/program/squid.fc | 2
file_contexts/program/winbind.fc | 10 ++
file_contexts/types.fc | 161 +++++++++++-----------------------
flask/access_vectors | 15 +++
macros/base_user_macros.te | 9 +
macros/core_macros.te | 2
macros/global_macros.te | 5 -
macros/program/apache_macros.te | 85 ++++++++++-------
macros/program/mount_macros.te | 2
macros/program/mozilla_macros.te | 2
macros/program/mta_macros.te | 5 -
macros/program/newrole_macros.te | 2
macros/program/spamassassin_macros.te | 5 -
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 2
macros/program/su_macros.te | 2
macros/program/userhelper_macros.te | 3
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 4
macros/program/ypbind_macros.te | 24 +----
targeted/assert.te | 4
targeted/domains/program/hotplug.te | 4
targeted/domains/program/initrc.te | 2
targeted/domains/unconfined.te | 11 +-
tunables/distro.tun | 2
tunables/tunable.tun | 21 +---
types/device.te | 6 +
types/file.te | 19 ++--
types/network.te | 2
93 files changed, 833 insertions(+), 440 deletions(-)
Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20050104.patch 23 Mar 2005 15:38:08 -0000 1.27
+++ policy-20050104.patch 30 Mar 2005 20:38:20 -0000 1.28
@@ -2326,6 +2326,70 @@
+/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
+/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
+/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t
+diff --exclude-from=exclude -N -u -r nsapolicy/flask/access_vectors policy-1.17.30/flask/access_vectors
+--- nsapolicy/flask/access_vectors 2004-10-09 21:07:28.000000000 -0400
++++ policy-1.17.30/flask/access_vectors 2005-03-30 15:20:55.000000000 -0500
+@@ -118,6 +118,7 @@
+ {
+ execute_no_trans
+ entrypoint
++ execmod
+ }
+
+ class lnk_file
+@@ -125,6 +126,11 @@
+
+ class chr_file
+ inherits file
++{
++ execute_no_trans
++ entrypoint
++ execmod
++}
+
+ class blk_file
+ inherits file
+@@ -155,6 +161,7 @@
+ newconn
+ acceptfrom
+ node_bind
++ name_connect
+ }
+
+ class udp_socket
+@@ -240,6 +247,9 @@
+ siginh
+ setrlimit
+ rlimitinh
++ dyntransition
++ setcurrent
++ execmem
+ }
+
+
+@@ -287,6 +297,8 @@
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
++ setsecparam
++ setcheckreqprot
+ }
+
+
+@@ -341,6 +353,8 @@
+ sys_tty_config
+ mknod
+ lease
++ audit_write
++ audit_control
+ }
+
+
+@@ -575,3 +589,4 @@
+ shmemgrp
+ shmemhost
+ }
++
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.17.30/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2004-10-09 21:07:28.000000000 -0400
+++ policy-1.17.30/macros/base_user_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -2376,7 +2440,16 @@
')dnl end general_domain_access
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.17.30/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/global_macros.te 2005-03-21 23:08:51.000000000 -0500
++++ policy-1.17.30/macros/global_macros.te 2005-03-30 14:59:58.000000000 -0500
+@@ -89,7 +89,7 @@
+ allow $1 ld_so_t:file rx_file_perms;
+ #allow $1 ld_so_t:file execute_no_trans;
+ allow $1 ld_so_t:lnk_file r_file_perms;
+-allow $1 shlib_t:file rx_file_perms;
++allow $1 shlib_t:file { rx_file_perms execmod };
+ allow $1 shlib_t:lnk_file r_file_perms;
+ allow $1 ld_so_cache_t:file r_file_perms;
+ allow $1 device_t:dir search;
@@ -291,9 +291,7 @@
r_dir_file($1_t, sysfs_t)
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/selinux-policy-targeted.spec,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- selinux-policy-targeted.spec 23 Mar 2005 15:38:08 -0000 1.197
+++ selinux-policy-targeted.spec 30 Mar 2005 20:38:20 -0000 1.198
@@ -8,7 +8,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.17.30
-Release: 2.93
+Release: 2.94
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -210,6 +210,9 @@
exit 0
%changelog
+* Wed Mar 30 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.94
+- Prepare policy for kernel rebase
+
* Wed Mar 23 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.93
- Allow nscd and named to write to /var/log
- Fix /var/lib/nfs/rpc_pipefs(/.*)?
More information about the fedora-cvs-commits
mailing list