rpms/selinux-policy/devel policy-20051114.patch, 1.12, 1.13 selinux-policy.spec, 1.20, 1.21

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Nov 23 22:38:04 UTC 2005 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8898

Modified Files:
	policy-20051114.patch selinux-policy.spec 
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
- Cleanup pegasus and named 
- Fix spec file
- Fix up passwd changing applications


policy-20051114.patch:
 Makefile                            |    4 ++--
 policy/modules/admin/usermanage.te  |   36 ++++++++++++------------------------
 policy/modules/apps/webalizer.fc    |    2 +-
 policy/modules/kernel/filesystem.te |    1 +
 policy/modules/services/avahi.te    |    4 ++--
 policy/modules/services/cron.te     |    4 ++++
 policy/modules/services/ftp.fc      |    3 +--
 policy/modules/services/hal.te      |    2 ++
 policy/modules/services/pegasus.te  |   27 +++++++++++++--------------
 policy/modules/services/rpc.te      |    2 ++
 policy/modules/system/files.if      |    2 ++
 policy/modules/system/mount.te      |    5 +----
 policy/modules/system/sysnetwork.te |    1 +
 policy/modules/system/userdomain.if |    8 +++++---
 14 files changed, 49 insertions(+), 52 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20051114.patch	23 Nov 2005 21:16:30 -0000	1.12
+++ policy-20051114.patch	23 Nov 2005 22:38:02 -0000	1.13
@@ -1,7 +1,6 @@
-Binary files nsaserefpolicy/base.pp and serefpolicy-2.0.5/base.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.5/Makefile
 --- nsaserefpolicy/Makefile	2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.5/Makefile	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/Makefile	2005-11-23 17:32:50.000000000 -0500
 @@ -54,7 +54,7 @@
  # This is a build option, as role transitions do
  # not work in conditional policy.
@@ -20,9 +19,131 @@
  	override CHECKPOLICY += -M
  	override CHECKMODULE += -M
  endif
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.0.5/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2005-11-15 09:13:36.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/admin/usermanage.te	2005-11-23 17:35:09.000000000 -0500
+@@ -35,11 +35,15 @@
+ domain_obj_id_change_exempt(groupadd_t)
+ init_system_domain(groupadd_t,groupadd_exec_t)
+ role system_r types groupadd_t;
++auth_rw_shadow(groupadd_t)
++auth_relabelto_shadow(groupadd_t)
+ 
+ type passwd_t;
+ domain_obj_id_change_exempt(passwd_t)
+ domain_type(passwd_t)
+ role system_r types passwd_t;
++auth_rw_shadow(passwd_t)
++auth_relabelto_shadow(passwd_t)
+ 
+ type passwd_exec_t;
+ domain_entry_file(passwd_t,passwd_exec_t)
+@@ -47,6 +51,8 @@
+ type sysadm_passwd_t;
+ domain_obj_id_change_exempt(sysadm_passwd_t)
+ domain_type(sysadm_passwd_t)
++auth_rw_shadow(sysadm_passwd_t)
++auth_relabelto_shadow(sysadm_passwd_t)
+ domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
+ role system_r types sysadm_passwd_t;
+ 
+@@ -58,6 +64,8 @@
+ domain_obj_id_change_exempt(useradd_t)
+ init_system_domain(useradd_t,useradd_exec_t)
+ role system_r types useradd_t;
++auth_rw_shadow(useradd_t)
++auth_relabelto_shadow(useradd_t)
+ 
+ ########################################
+ #
+@@ -136,10 +144,6 @@
+ 	nis_use_ypbind(chfn_t)
+ ')
+ 
+-ifdef(`TODO',`
+-ifdef(`gnome-pty-helper.te', `allow chfn_t gphdomain:fd use;')
+-') dnl endif TODO
+-
+ ########################################
+ #
+ # Crack local policy
+@@ -259,14 +263,10 @@
+ 	rpm_rw_pipe(groupadd_t)
+ ')
+ 
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl end TODO
+ # Update /etc/shadow and /etc/passwd
+ allow groupadd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+ 
+-# Access terminals.
+-ifdef(`gnome-pty-helper.te', `allow groupadd_t gphdomain:fd use;')
+-') dnl end TODO
+-
+ ########################################
+ #
+ # Passwd local policy
+@@ -343,18 +343,14 @@
+ 	nis_use_ypbind(passwd_t)
+ ')
+ 
+-ifdef(`TODO',`
++ifdef(`TODO',`') # Clean up the following
+ # Update /etc/shadow and /etc/passwd
+ allow passwd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+ 
+-# Inherit and use descriptors from login.
+-ifdef(`gnome-pty-helper.te', `allow passwd_t gphdomain:fd use;')
+-
+ # make sure that getcon succeeds
+ allow passwd_t userdomain:dir search;
+ allow passwd_t userdomain:file read;
+ allow passwd_t userdomain:process getattr;
+-') dnl endif TODO
+ 
+ ########################################
+ #
+@@ -439,13 +435,10 @@
+ 	nis_use_ypbind(sysadm_passwd_t)
+ ')
+ 
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl endif TODO
+ role sysadm_r types sysadm_passwd_t;
+ domain_auto_trans(sysadm_t, admin_passwd_exec_t, sysadm_passwd_t)
+ 
+-# Inherit and use descriptors from login.
+-ifdef(`gnome-pty-helper.te', `allow sysadm_passwd_t gphdomain:fd use;')
+-
+ # allow checking if a shell is executable
+ allow sysadm_passwd_t shell_exec_t:file execute;
+ 
+@@ -455,7 +448,6 @@
+ ifdef(`targeted_policy', `
+ role system_r types sysadm_passwd_t;
+ ')
+-') dnl endif TODO
+ 
+ ########################################
+ #
+@@ -543,13 +535,9 @@
+ 	rpm_rw_pipe(useradd_t)
+ ')
+ 
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl end TODO
+ # Update /etc/shadow and /etc/passwd
+ allow useradd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+ 
+-# Access terminals.
+-ifdef(`gnome-pty-helper.te', `allow useradd_t gphdomain:fd use;')
+-
+ # /var/mail is a link to /var/spool/mail
+ allow useradd_t mail_spool_t:lnk_file read;
+-') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.fc serefpolicy-2.0.5/policy/modules/apps/webalizer.fc
 --- nsaserefpolicy/policy/modules/apps/webalizer.fc	2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc	2005-11-23 17:32:50.000000000 -0500
 @@ -7,4 +7,4 @@
  #
  # /var
@@ -31,7 +152,7 @@
 +/var/lib/webalizer(/.*)?	gen_context(system_u:object_r:webalizer_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.0.5/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te	2005-11-23 17:32:50.000000000 -0500
 @@ -114,6 +114,7 @@
  #
  type autofs_t, noxattrfs;
@@ -42,7 +163,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.0.5/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/avahi.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/avahi.te	2005-11-23 17:32:50.000000000 -0500
 @@ -18,9 +18,9 @@
  # Local policy
  #
@@ -57,7 +178,7 @@
  allow avahi_t self:unix_dgram_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.0.5/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2005-11-15 09:13:36.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/cron.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/cron.te	2005-11-23 17:32:50.000000000 -0500
 @@ -174,6 +174,10 @@
  	cyrus_manage_data(system_crond_t)
  ')
@@ -71,7 +192,7 @@
  	inn_manage_pid(system_crond_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-2.0.5/policy/modules/services/ftp.fc
 --- nsaserefpolicy/policy/modules/services/ftp.fc	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/ftp.fc	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/ftp.fc	2005-11-23 17:32:50.000000000 -0500
 @@ -18,8 +18,7 @@
  #
  # /var
@@ -84,7 +205,7 @@
  /var/log/vsftpd.*	--	gen_context(system_u:object_r:xferlog_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.0.5/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/hal.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/hal.te	2005-11-23 17:32:50.000000000 -0500
 @@ -80,6 +80,7 @@
  selinux_compute_user_contexts(hald_t)
  
@@ -103,7 +224,7 @@
  allow hald_t initrc_t:dbus send_msg;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 16:16:01.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 17:32:50.000000000 -0500
 @@ -13,6 +13,9 @@
  type pegasus_data_t;
  files_type(pegasus_data_t)
@@ -184,7 +305,7 @@
 -allow pegasus_conf_exec_t pegasus_conf_t:lnk_file create_lnk_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/rpc.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/rpc.te	2005-11-23 17:32:50.000000000 -0500
 @@ -31,6 +31,8 @@
  
  type var_lib_nfs_t;
@@ -196,7 +317,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/files.if serefpolicy-2.0.5/policy/modules/system/files.if
 --- nsaserefpolicy/policy/modules/system/files.if	2005-11-15 19:42:22.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/files.if	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/files.if	2005-11-23 17:32:50.000000000 -0500
 @@ -894,9 +894,11 @@
  	gen_require(`
  		attribute mountpoint;
@@ -211,7 +332,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.5/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/mount.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/mount.te	2005-11-23 17:32:50.000000000 -0500
 @@ -9,6 +9,7 @@
  type mount_t;
  type mount_exec_t;
@@ -238,7 +359,7 @@
  ') dnl endif TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.0.5/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te	2005-11-23 17:32:50.000000000 -0500
 @@ -58,6 +58,7 @@
  
  allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
@@ -249,7 +370,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.0.5/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2005-11-23 10:06:38.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/userdomain.if	2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/userdomain.if	2005-11-23 17:32:50.000000000 -0500
 @@ -2466,12 +2466,14 @@
  #
  interface(`userdom_dontaudit_use_unpriv_user_tty',`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- selinux-policy.spec	23 Nov 2005 21:08:47 -0000	1.20
+++ selinux-policy.spec	23 Nov 2005 22:38:02 -0000	1.21
@@ -10,7 +10,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.0.5
-Release: 3
+Release: 4
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -237,9 +237,10 @@
 
 
 %changelog
-* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
+* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
 - Cleanup pegasus and named 
 - Fix spec file
+- Fix up passwd changing applications
 
 * Tue Nov 21 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-1
 -Update to latest from upstream

More information about the fedora-cvs-commits mailing list