rpms/selinux-policy/devel policy-20060323.patch, 1.3, 1.4 selinux-policy.spec, 1.162, 1.163
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Mar 30 19:57:33 UTC 2006
- Previous message (by thread): rpms/kernel/FC-4 kernel-2.6.spec,1.1615,1.1616
- Next message (by thread): rpms/util-linux/FC-5 util-linux-2.13-mount-context.patch, NONE, 1.1 util-linux-2.13-mount-man-bugs.patch, NONE, 1.1 util-linux-2.13-mount-uuid.patch, NONE, 1.1 util-linux-2.13-nfs-noacl.patch, NONE, 1.1 util-linux-2.13-wide.patch, NONE, 1.1 .cvsignore, 1.18, 1.19 sources, 1.18, 1.19 util-linux-2.13-mount-twiceloop.patch, 1.1, 1.2 util-linux-2.13-nfsv4.patch, 1.3, 1.4 util-linux.spec, 1.112, 1.113
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20429
Modified Files:
policy-20060323.patch selinux-policy.spec
Log Message:
* Mon Mar 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-2
- Fix ftp policy
- Fix secadm running of auditctl
policy-20060323.patch:
man/man8/samba_selinux.8 | 2 -
policy/modules/admin/logwatch.te | 1
policy/modules/admin/rpm.fc | 1
policy/modules/admin/usermanage.te | 2 +
policy/modules/kernel/corenetwork.te.in | 4 +-
policy/modules/kernel/devices.if | 58 ++++++++++++++++++++++++++++++++
policy/modules/kernel/files.if | 27 ++++++++++++++
policy/modules/kernel/kernel.if | 4 +-
policy/modules/services/apm.te | 4 ++
policy/modules/services/bluetooth.te | 2 +
policy/modules/services/cups.te | 3 +
policy/modules/services/dovecot.te | 2 +
policy/modules/services/ftp.te | 10 -----
policy/modules/services/hal.te | 4 ++
policy/modules/services/pegasus.te | 1
policy/modules/services/privoxy.te | 5 ++
policy/modules/services/xfs.te | 1
policy/modules/services/xserver.if | 20 +++++++++++
policy/modules/system/authlogin.te | 2 +
policy/modules/system/fstools.te | 5 ++
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 4 +-
policy/modules/system/logging.if | 32 +++++++++++++++++
policy/modules/system/mount.te | 2 +
policy/modules/system/selinuxutil.fc | 6 +++
policy/modules/system/selinuxutil.te | 52 ++++++++++++++++++++++++++++
policy/modules/system/unconfined.if | 8 ----
policy/modules/system/userdomain.te | 5 +-
28 files changed, 242 insertions(+), 26 deletions(-)
Index: policy-20060323.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060323.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20060323.patch 29 Mar 2006 20:21:25 -0000 1.3
+++ policy-20060323.patch 30 Mar 2006 19:57:31 -0000 1.4
@@ -274,6 +274,26 @@
term_dontaudit_use_console(dovecot_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.28/policy/modules/services/ftp.te
+--- nsaserefpolicy/policy/modules/services/ftp.te 2006-03-24 11:54:28.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/services/ftp.te 2006-03-30 10:32:47.000000000 -0500
+@@ -134,16 +134,6 @@
+
+ term_dontaudit_use_generic_ptys(ftpd_t)
+ term_dontaudit_use_unallocated_ttys(ftpd_t)
+-
+- optional_policy(`
+- tunable_policy(`ftpd_is_daemon',`
+- userdom_manage_generic_user_home_content_files(ftpd_t)
+- userdom_manage_generic_user_home_content_symlinks(ftpd_t)
+- userdom_manage_generic_user_home_content_sockets(ftpd_t)
+- userdom_manage_generic_user_home_content_pipes(ftpd_t)
+- userdom_generic_user_home_dir_filetrans_generic_user_home_content(ftpd_t,{ dir file lnk_file sock_file fifo_file })
+- ')
+- ')
+ ')
+
+ tunable_policy(`allow_ftpd_anon_write',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.28/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-03-24 11:54:28.000000000 -0500
+++ serefpolicy-2.2.28/policy/modules/services/hal.te 2006-03-29 14:44:17.000000000 -0500
@@ -406,8 +426,17 @@
libs_use_ld_so(initrc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.28/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-03-23 16:02:04.000000000 -0500
-+++ serefpolicy-2.2.28/policy/modules/system/libraries.fc 2006-03-29 14:44:17.000000000 -0500
-@@ -148,7 +148,7 @@
++++ serefpolicy-2.2.28/policy/modules/system/libraries.fc 2006-03-30 13:22:43.000000000 -0500
+@@ -55,6 +55,8 @@
+
+ /usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
++/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
+ /usr/lib(64)?/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
+
+ /usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
+@@ -148,7 +150,7 @@
/usr/lib(64)?/php/modules/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
@@ -416,6 +445,45 @@
/usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libavformat-.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libavcodec-.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.2.28/policy/modules/system/logging.if
+--- nsaserefpolicy/policy/modules/system/logging.if 2006-03-21 14:33:36.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/system/logging.if 2006-03-30 14:26:04.000000000 -0500
+@@ -368,3 +368,35 @@
+ allow $1 var_log_t:dir rw_dir_perms;
+ allow $1 var_log_t:file create_file_perms;
+ ')
++
++########################################
++## <summary>
++## Execute auditctl in the auditctl domain, and
++## allow the specified role the auditctl domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the auditctl domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the terminal allow the auditctl domain to use.
++## </summary>
++## </param>
++#
++interface(`logging_run_auditctl',`
++ gen_require(`
++ type auditctl_t;
++ ')
++
++ logging_domtrans_auditctl($1)
++ role $2 types auditctl_t;
++ allow auditctl_t $3:chr_file rw_term_perms;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.28/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-03-24 11:54:29.000000000 -0500
+++ serefpolicy-2.2.28/policy/modules/system/mount.te 2006-03-29 14:44:17.000000000 -0500
@@ -524,3 +592,38 @@
userdom_use_all_users_fds(setfiles_t)
# for config files in a home directory
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.28/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-03-29 14:26:03.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/system/unconfined.if 2006-03-30 13:28:32.000000000 -0500
+@@ -89,14 +89,6 @@
+ storage_unconfined($1)
+ ')
+
+- ifdef(`TODO',`
+- if (allow_execmod) {
+- ifdef(`targeted_policy', `', `
+- # Allow text relocations on system shared libraries, e.g. libGL.
+- allow $1 home_type:file execmod;
+- ')
+- }
+- ') dnl end TODO
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.28/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-03-28 23:09:37.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/system/userdomain.te 2006-03-30 14:37:04.000000000 -0500
+@@ -179,10 +179,11 @@
+ mls_file_downgrade(secadm_t)
+ init_exec(secadm_t)
+ logging_read_audit_log(secadm_t)
+- logging_domtrans_auditctl(secadm_t)
++ logging_run_auditctl(secadm_t, secadm_r, admin_terminal)
++ logging_domtrans_auditctl
+ userdom_dontaudit_append_staff_home_content_files(secadm_t)
+ ', `
+- logging_domtrans_auditctl(sysadm_t)
++ logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
+ logging_read_audit_log(sysadm_t)
+ ')
+
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- selinux-policy.spec 29 Mar 2006 20:21:25 -0000 1.162
+++ selinux-policy.spec 30 Mar 2006 19:57:31 -0000 1.163
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.28
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -320,6 +320,10 @@
%endif
%changelog
+* Mon Mar 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-2
+- Fix ftp policy
+- Fix secadm running of auditctl
+
* Mon Mar 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-1
- Update to upstream
- Previous message (by thread): rpms/kernel/FC-4 kernel-2.6.spec,1.1615,1.1616
- Next message (by thread): rpms/util-linux/FC-5 util-linux-2.13-mount-context.patch, NONE, 1.1 util-linux-2.13-mount-man-bugs.patch, NONE, 1.1 util-linux-2.13-mount-uuid.patch, NONE, 1.1 util-linux-2.13-nfs-noacl.patch, NONE, 1.1 util-linux-2.13-wide.patch, NONE, 1.1 .cvsignore, 1.18, 1.19 sources, 1.18, 1.19 util-linux-2.13-mount-twiceloop.patch, 1.1, 1.2 util-linux-2.13-nfsv4.patch, 1.3, 1.4 util-linux.spec, 1.112, 1.113
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list