rpms/selinux-policy/devel policy-20051114.patch, 1.12, 1.13 selinux-policy.spec, 1.20, 1.21
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 23 22:38:04 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8898
Modified Files:
policy-20051114.patch selinux-policy.spec
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
- Cleanup pegasus and named
- Fix spec file
- Fix up passwd changing applications
policy-20051114.patch:
Makefile | 4 ++--
policy/modules/admin/usermanage.te | 36 ++++++++++++------------------------
policy/modules/apps/webalizer.fc | 2 +-
policy/modules/kernel/filesystem.te | 1 +
policy/modules/services/avahi.te | 4 ++--
policy/modules/services/cron.te | 4 ++++
policy/modules/services/ftp.fc | 3 +--
policy/modules/services/hal.te | 2 ++
policy/modules/services/pegasus.te | 27 +++++++++++++--------------
policy/modules/services/rpc.te | 2 ++
policy/modules/system/files.if | 2 ++
policy/modules/system/mount.te | 5 +----
policy/modules/system/sysnetwork.te | 1 +
policy/modules/system/userdomain.if | 8 +++++---
14 files changed, 49 insertions(+), 52 deletions(-)
Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20051114.patch 23 Nov 2005 21:16:30 -0000 1.12
+++ policy-20051114.patch 23 Nov 2005 22:38:02 -0000 1.13
@@ -1,7 +1,6 @@
-Binary files nsaserefpolicy/base.pp and serefpolicy-2.0.5/base.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.5/Makefile
--- nsaserefpolicy/Makefile 2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.5/Makefile 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/Makefile 2005-11-23 17:32:50.000000000 -0500
@@ -54,7 +54,7 @@
# This is a build option, as role transitions do
# not work in conditional policy.
@@ -20,9 +19,131 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.0.5/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2005-11-15 09:13:36.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/admin/usermanage.te 2005-11-23 17:35:09.000000000 -0500
+@@ -35,11 +35,15 @@
+ domain_obj_id_change_exempt(groupadd_t)
+ init_system_domain(groupadd_t,groupadd_exec_t)
+ role system_r types groupadd_t;
++auth_rw_shadow(groupadd_t)
++auth_relabelto_shadow(groupadd_t)
+
+ type passwd_t;
+ domain_obj_id_change_exempt(passwd_t)
+ domain_type(passwd_t)
+ role system_r types passwd_t;
++auth_rw_shadow(passwd_t)
++auth_relabelto_shadow(passwd_t)
+
+ type passwd_exec_t;
+ domain_entry_file(passwd_t,passwd_exec_t)
+@@ -47,6 +51,8 @@
+ type sysadm_passwd_t;
+ domain_obj_id_change_exempt(sysadm_passwd_t)
+ domain_type(sysadm_passwd_t)
++auth_rw_shadow(sysadm_passwd_t)
++auth_relabelto_shadow(sysadm_passwd_t)
+ domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
+ role system_r types sysadm_passwd_t;
+
+@@ -58,6 +64,8 @@
+ domain_obj_id_change_exempt(useradd_t)
+ init_system_domain(useradd_t,useradd_exec_t)
+ role system_r types useradd_t;
++auth_rw_shadow(useradd_t)
++auth_relabelto_shadow(useradd_t)
+
+ ########################################
+ #
+@@ -136,10 +144,6 @@
+ nis_use_ypbind(chfn_t)
+ ')
+
+-ifdef(`TODO',`
+-ifdef(`gnome-pty-helper.te', `allow chfn_t gphdomain:fd use;')
+-') dnl endif TODO
+-
+ ########################################
+ #
+ # Crack local policy
+@@ -259,14 +263,10 @@
+ rpm_rw_pipe(groupadd_t)
+ ')
+
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl end TODO
+ # Update /etc/shadow and /etc/passwd
+ allow groupadd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+
+-# Access terminals.
+-ifdef(`gnome-pty-helper.te', `allow groupadd_t gphdomain:fd use;')
+-') dnl end TODO
+-
+ ########################################
+ #
+ # Passwd local policy
+@@ -343,18 +343,14 @@
+ nis_use_ypbind(passwd_t)
+ ')
+
+-ifdef(`TODO',`
++ifdef(`TODO',`') # Clean up the following
+ # Update /etc/shadow and /etc/passwd
+ allow passwd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+
+-# Inherit and use descriptors from login.
+-ifdef(`gnome-pty-helper.te', `allow passwd_t gphdomain:fd use;')
+-
+ # make sure that getcon succeeds
+ allow passwd_t userdomain:dir search;
+ allow passwd_t userdomain:file read;
+ allow passwd_t userdomain:process getattr;
+-') dnl endif TODO
+
+ ########################################
+ #
+@@ -439,13 +435,10 @@
+ nis_use_ypbind(sysadm_passwd_t)
+ ')
+
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl endif TODO
+ role sysadm_r types sysadm_passwd_t;
+ domain_auto_trans(sysadm_t, admin_passwd_exec_t, sysadm_passwd_t)
+
+-# Inherit and use descriptors from login.
+-ifdef(`gnome-pty-helper.te', `allow sysadm_passwd_t gphdomain:fd use;')
+-
+ # allow checking if a shell is executable
+ allow sysadm_passwd_t shell_exec_t:file execute;
+
+@@ -455,7 +448,6 @@
+ ifdef(`targeted_policy', `
+ role system_r types sysadm_passwd_t;
+ ')
+-') dnl endif TODO
+
+ ########################################
+ #
+@@ -543,13 +535,9 @@
+ rpm_rw_pipe(useradd_t)
+ ')
+
+-ifdef(`TODO',`
++ifdef(`TODO',`') dnl end TODO
+ # Update /etc/shadow and /etc/passwd
+ allow useradd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+
+-# Access terminals.
+-ifdef(`gnome-pty-helper.te', `allow useradd_t gphdomain:fd use;')
+-
+ # /var/mail is a link to /var/spool/mail
+ allow useradd_t mail_spool_t:lnk_file read;
+-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.fc serefpolicy-2.0.5/policy/modules/apps/webalizer.fc
--- nsaserefpolicy/policy/modules/apps/webalizer.fc 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc 2005-11-23 17:32:50.000000000 -0500
@@ -7,4 +7,4 @@
#
# /var
@@ -31,7 +152,7 @@
+/var/lib/webalizer(/.*)? gen_context(system_u:object_r:webalizer_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.0.5/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te 2005-11-23 17:32:50.000000000 -0500
@@ -114,6 +114,7 @@
#
type autofs_t, noxattrfs;
@@ -42,7 +163,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.0.5/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/avahi.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/avahi.te 2005-11-23 17:32:50.000000000 -0500
@@ -18,9 +18,9 @@
# Local policy
#
@@ -57,7 +178,7 @@
allow avahi_t self:unix_dgram_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.0.5/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2005-11-15 09:13:36.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/cron.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/cron.te 2005-11-23 17:32:50.000000000 -0500
@@ -174,6 +174,10 @@
cyrus_manage_data(system_crond_t)
')
@@ -71,7 +192,7 @@
inn_manage_pid(system_crond_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-2.0.5/policy/modules/services/ftp.fc
--- nsaserefpolicy/policy/modules/services/ftp.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/ftp.fc 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/ftp.fc 2005-11-23 17:32:50.000000000 -0500
@@ -18,8 +18,7 @@
#
# /var
@@ -84,7 +205,7 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.0.5/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/hal.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/hal.te 2005-11-23 17:32:50.000000000 -0500
@@ -80,6 +80,7 @@
selinux_compute_user_contexts(hald_t)
@@ -103,7 +224,7 @@
allow hald_t initrc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 16:16:01.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 17:32:50.000000000 -0500
@@ -13,6 +13,9 @@
type pegasus_data_t;
files_type(pegasus_data_t)
@@ -184,7 +305,7 @@
-allow pegasus_conf_exec_t pegasus_conf_t:lnk_file create_lnk_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/rpc.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/rpc.te 2005-11-23 17:32:50.000000000 -0500
@@ -31,6 +31,8 @@
type var_lib_nfs_t;
@@ -196,7 +317,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/files.if serefpolicy-2.0.5/policy/modules/system/files.if
--- nsaserefpolicy/policy/modules/system/files.if 2005-11-15 19:42:22.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/files.if 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/files.if 2005-11-23 17:32:50.000000000 -0500
@@ -894,9 +894,11 @@
gen_require(`
attribute mountpoint;
@@ -211,7 +332,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.5/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/mount.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/mount.te 2005-11-23 17:32:50.000000000 -0500
@@ -9,6 +9,7 @@
type mount_t;
type mount_exec_t;
@@ -238,7 +359,7 @@
') dnl endif TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.0.5/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te 2005-11-23 17:32:50.000000000 -0500
@@ -58,6 +58,7 @@
allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
@@ -249,7 +370,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.0.5/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2005-11-23 10:06:38.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/userdomain.if 2005-11-23 15:51:34.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/userdomain.if 2005-11-23 17:32:50.000000000 -0500
@@ -2466,12 +2466,14 @@
#
interface(`userdom_dontaudit_use_unpriv_user_tty',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- selinux-policy.spec 23 Nov 2005 21:08:47 -0000 1.20
+++ selinux-policy.spec 23 Nov 2005 22:38:02 -0000 1.21
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.0.5
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -237,9 +237,10 @@
%changelog
-* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
+* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
- Cleanup pegasus and named
- Fix spec file
+- Fix up passwd changing applications
* Tue Nov 21 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-1
-Update to latest from upstream
More information about the fedora-cvs-commits
mailing list