[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/selinux-policy/devel policy-20060608.patch, 1.42, 1.43 selinux-policy.spec, 1.238, 1.239
- From: fedora-cvs-commits redhat com
- To: fedora-cvs-commits redhat com
- Subject: rpms/selinux-policy/devel policy-20060608.patch, 1.42, 1.43 selinux-policy.spec, 1.238, 1.239
- Date: Sat, 29 Jul 2006 04:32:47 -0400
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20407
Modified Files:
policy-20060608.patch selinux-policy.spec
Log Message:
* Sat Jul 29 2006 Dan Walsh <dwalsh redhat com> 2.3.3-15
- Fixes for xen
policy-20060608.patch:
global_booleans | 2
global_tunables | 89 ++++++++------
mcs | 3
modules/admin/bootloader.te | 6 -
modules/admin/consoletype.te | 11 +
modules/admin/firstboot.te | 5
modules/admin/netutils.te | 10 -
modules/admin/prelink.te | 1
modules/admin/rpm.fc | 2
modules/admin/rpm.if | 4
modules/admin/usermanage.te | 2
modules/kernel/corenetwork.te.in | 5
modules/kernel/devices.fc | 3
modules/kernel/files.fc | 1
modules/kernel/filesystem.if | 21 +++
modules/kernel/filesystem.te | 2
modules/kernel/kernel.if | 38 ++++++
modules/kernel/selinux.if | 18 ++-
modules/kernel/selinux.te | 4
modules/kernel/storage.fc | 1
modules/services/amavis.te | 2
modules/services/apache.te | 1
modules/services/automount.te | 8 +
modules/services/avahi.te | 1
modules/services/bind.fc | 3
modules/services/bluetooth.if | 23 +++
modules/services/bluetooth.te | 7 +
modules/services/clamav.fc | 3
modules/services/clamav.if | 22 +++
modules/services/clamav.te | 20 ---
modules/services/cups.te | 6 -
modules/services/cyrus.te | 5
modules/services/dovecot.fc | 1
modules/services/dovecot.te | 10 +
modules/services/ftp.te | 2
modules/services/hal.te | 10 +
modules/services/inetd.te | 12 +-
modules/services/ldap.fc | 1
modules/services/ldap.if | 21 +++
modules/services/ldap.te | 2
modules/services/lpd.if | 20 +--
modules/services/mailman.te | 15 ++
modules/services/nis.te | 1
modules/services/nscd.if | 20 +++
modules/services/ntp.te | 2
modules/services/openvpn.te | 8 +
modules/services/pegasus.if | 31 +++++
modules/services/pegasus.te | 5
modules/services/postfix.te | 6 -
modules/services/postgrey.fc | 2
modules/services/postgrey.if | 19 +++
modules/services/postgrey.te | 20 +++
modules/services/procmail.te | 5
modules/services/radius.fc | 1
modules/services/radius.te | 8 +
modules/services/remotelogin.te | 1
modules/services/samba.te | 6 -
modules/services/setroubleshoot.fc | 11 +
modules/services/setroubleshoot.if | 24 ++++
modules/services/setroubleshoot.te | 146 ++++++++++++++++++++++++
modules/services/squid.te | 9 -
modules/services/ssh.if | 1
modules/services/tftp.te | 1
modules/services/xfs.te | 2
modules/services/xserver.if | 22 +++
modules/services/xserver.te | 3
modules/services/zebra.te | 7 +
modules/system/authlogin.if | 3
modules/system/authlogin.te | 1
modules/system/fstools.fc | 1
modules/system/getty.fc | 1
modules/system/getty.te | 3
modules/system/hostname.te | 10 +
modules/system/hotplug.te | 2
modules/system/init.if | 7 -
modules/system/libraries.fc | 2
modules/system/locallogin.te | 1
modules/system/logging.if | 6 -
modules/system/logging.te | 6 -
modules/system/lvm.te | 3
modules/system/selinuxutil.te | 29 ++++
modules/system/setrans.te | 5
modules/system/sysnetwork.te | 1
modules/system/udev.te | 4
modules/system/unconfined.fc | 1
modules/system/unconfined.if | 8 -
modules/system/unconfined.te | 8 -
modules/system/userdomain.if | 221 ++++++++++++++++++++++++-------------
modules/system/userdomain.te | 40 +++---
modules/system/xen.if | 38 ++++++
modules/system/xen.te | 14 +-
91 files changed, 952 insertions(+), 247 deletions(-)
Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20060608.patch 28 Jul 2006 19:13:13 -0000 1.42
+++ policy-20060608.patch 29 Jul 2006 08:32:43 -0000 1.43
@@ -2784,7 +2784,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.3/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.3/policy/modules/system/xen.te 2006-07-28 13:27:17.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/system/xen.te 2006-07-29 04:30:00.000000000 -0400
@@ -70,6 +70,8 @@
allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice sys_tty_config net_raw };
@@ -2794,7 +2794,32 @@
# internal communication is often done using fifo and unix sockets.
allow xend_t self:fifo_file rw_file_perms;
allow xend_t self:unix_stream_socket create_stream_socket_perms;
-@@ -171,7 +173,7 @@
+@@ -130,6 +132,7 @@
+ corenet_tcp_bind_soundd_port(xend_t)
+ corenet_sendrecv_xen_server_packets(xend_t)
+ corenet_sendrecv_soundd_server_packets(xend_t)
++corenet_tcp_bind_generic_port(xend_t)
+
+ dev_read_urand(xend_t)
+ dev_manage_xen(xend_t)
+@@ -144,13 +147,16 @@
+ files_read_kernel_img(xend_t)
+ files_manage_etc_runtime_files(xend_t)
+ files_etc_filetrans_etc_runtime(xend_t,file)
++files_read_usr_files(xend_t)
+
+ storage_raw_read_fixed_disk(xend_t)
+
+ term_dontaudit_getattr_all_user_ptys(xend_t)
+ term_dontaudit_use_generic_ptys(xend_t)
++term_use_ptmx(xend_t)
+
+ init_use_fds(xend_t)
++init_use_script_ptys(xend_t)
+
+ libs_use_ld_so(xend_t)
+ libs_use_shared_libs(xend_t)
+@@ -171,7 +177,7 @@
netutils_domtrans(xend_t)
optional_policy(`
@@ -2803,3 +2828,25 @@
')
########################################
+@@ -200,6 +206,7 @@
+ term_use_console(xenconsoled_t)
+
+ init_use_fds(xenconsoled_t)
++init_use_script_ptys(xenconsoled_t)
+
+ libs_use_ld_so(xenconsoled_t)
+ libs_use_shared_libs(xenconsoled_t)
+@@ -238,10 +245,11 @@
+ dev_filetrans_xen(xenstored_t)
+ dev_rw_xen(xenstored_t)
+
+-term_dontaudit_use_generic_ptys(xenstored_t)
+-term_dontaudit_use_console(xenconsoled_t)
++term_use_generic_ptys(xenstored_t)
++term_use_console(xenconsoled_t)
+
+ init_use_fds(xenstored_t)
++init_use_script_ptys(xenstored_t)
+
+ libs_use_ld_so(xenstored_t)
+ libs_use_shared_libs(xenstored_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.238
retrieving revision 1.239
diff -u -r1.238 -r1.239
--- selinux-policy.spec 28 Jul 2006 19:13:13 -0000 1.238
+++ selinux-policy.spec 29 Jul 2006 08:32:43 -0000 1.239
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.3
-Release: 14
+Release: 15
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -348,6 +348,9 @@
%endif
%changelog
+* Sat Jul 29 2006 Dan Walsh <dwalsh redhat com> 2.3.3-15
+- Fixes for xen
+
* Fri Jul 28 2006 Dan Walsh <dwalsh redhat com> 2.3.3-14
- Allow setroubleshootd to send mail
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]