[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
rpms/selinux-policy/devel policy-20060323.patch, 1.4, 1.5 selinux-policy.spec, 1.163, 1.164

From: fedora-cvs-commits redhat com
To: fedora-cvs-commits redhat com
Subject: rpms/selinux-policy/devel policy-20060323.patch, 1.4, 1.5 selinux-policy.spec, 1.163, 1.164
Date: Thu, 30 Mar 2006 17:27:56 -0500
Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27239

Modified Files:
	policy-20060323.patch selinux-policy.spec 
Log Message:
* Fri Mar 30 2006 Dan Walsh <dwalsh redhat com> 2.2.28-3
- Allow automount and dbus to read cert files


policy-20060323.patch:
 man/man8/samba_selinux.8                |    2 -
 policy/modules/admin/logwatch.te        |    1 
 policy/modules/admin/rpm.fc             |    1 
 policy/modules/admin/usermanage.te      |    2 +
 policy/modules/kernel/corenetwork.te.in |    4 +-
 policy/modules/kernel/devices.if        |   58 ++++++++++++++++++++++++++++++++
 policy/modules/kernel/files.if          |   27 ++++++++++++++
 policy/modules/kernel/kernel.if         |    4 +-
 policy/modules/services/apm.te          |    4 ++
 policy/modules/services/automount.te    |    1 
 policy/modules/services/bluetooth.te    |    2 +
 policy/modules/services/cups.te         |    3 +
 policy/modules/services/dbus.te         |    1 
 policy/modules/services/dovecot.te      |    2 +
 policy/modules/services/ftp.te          |   10 -----
 policy/modules/services/hal.te          |    5 ++
 policy/modules/services/pegasus.te      |    1 
 policy/modules/services/privoxy.te      |    5 ++
 policy/modules/services/xfs.te          |    1 
 policy/modules/services/xserver.if      |   20 +++++++++++
 policy/modules/system/authlogin.te      |    2 +
 policy/modules/system/fstools.te        |    5 ++
 policy/modules/system/init.te           |    1 
 policy/modules/system/libraries.fc      |    4 +-
 policy/modules/system/logging.if        |   32 +++++++++++++++++
 policy/modules/system/mount.te          |    2 +
 policy/modules/system/selinuxutil.fc    |    6 +++
 policy/modules/system/selinuxutil.te    |   52 ++++++++++++++++++++++++++++
 policy/modules/system/unconfined.if     |    8 ----
 policy/modules/system/userdomain.te     |    4 +-
 30 files changed, 244 insertions(+), 26 deletions(-)

Index: policy-20060323.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060323.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060323.patch	30 Mar 2006 19:57:31 -0000	1.4
+++ policy-20060323.patch	30 Mar 2006 22:27:52 -0000	1.5
@@ -146,7 +146,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.28/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2006-03-28 23:09:36.000000000 -0500
-+++ serefpolicy-2.2.28/policy/modules/kernel/files.if	2006-03-29 14:44:17.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/kernel/files.if	2006-03-30 16:57:12.000000000 -0500
 @@ -1643,6 +1643,21 @@
  ')
  
@@ -223,6 +223,17 @@
  	seutil_sigchld_newrole(apmd_t)
  ')
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.28/policy/modules/services/automount.te
+--- nsaserefpolicy/policy/modules/services/automount.te	2006-03-24 11:54:27.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/services/automount.te	2006-03-30 17:24:29.000000000 -0500
+@@ -123,6 +123,7 @@
+ logging_search_logs(automount_t)
+ 
+ miscfiles_read_localization(automount_t)
++miscfiles_read_certs(automount_t)
+ 
+ # Run mount in the mount_t domain.
+ mount_domtrans(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.28/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2006-03-29 14:26:02.000000000 -0500
 +++ serefpolicy-2.2.28/policy/modules/services/bluetooth.te	2006-03-29 14:44:17.000000000 -0500
@@ -256,6 +267,17 @@
  
  fs_getattr_all_fs(hplip_t)
  fs_search_auto_mountpoints(hplip_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.2.28/policy/modules/services/dbus.te
+--- nsaserefpolicy/policy/modules/services/dbus.te	2006-03-24 11:54:27.000000000 -0500
++++ serefpolicy-2.2.28/policy/modules/services/dbus.te	2006-03-30 17:24:01.000000000 -0500
+@@ -102,6 +102,7 @@
+ logging_send_syslog_msg(system_dbusd_t)
+ 
+ miscfiles_read_localization(system_dbusd_t)
++miscfiles_read_certs(system_dbusd_t)
+ 
+ seutil_read_config(system_dbusd_t)
+ seutil_read_default_contexts(system_dbusd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.2.28/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2006-03-24 11:54:28.000000000 -0500
 +++ serefpolicy-2.2.28/policy/modules/services/dovecot.te	2006-03-29 14:44:17.000000000 -0500
@@ -296,8 +318,16 @@
  tunable_policy(`allow_ftpd_anon_write',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.28/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-03-24 11:54:28.000000000 -0500
-+++ serefpolicy-2.2.28/policy/modules/services/hal.te	2006-03-29 14:44:17.000000000 -0500
-@@ -211,6 +211,10 @@
++++ serefpolicy-2.2.28/policy/modules/services/hal.te	2006-03-30 15:04:04.000000000 -0500
+@@ -52,6 +52,7 @@
+ kernel_write_proc_files(hald_t)
+ 
+ files_search_boot(hald_t)
++files_getattr_home_dir(hald_t)
+ 
+ corecmd_exec_bin(hald_t)
+ corecmd_exec_sbin(hald_t)
+@@ -211,6 +212,10 @@
  ')
  
  optional_policy(`
@@ -612,14 +642,13 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.28/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-03-28 23:09:37.000000000 -0500
-+++ serefpolicy-2.2.28/policy/modules/system/userdomain.te	2006-03-30 14:37:04.000000000 -0500
-@@ -179,10 +179,11 @@
++++ serefpolicy-2.2.28/policy/modules/system/userdomain.te	2006-03-30 15:11:51.000000000 -0500
+@@ -179,10 +179,10 @@
  		mls_file_downgrade(secadm_t)
  		init_exec(secadm_t)
  		logging_read_audit_log(secadm_t)
 -		logging_domtrans_auditctl(secadm_t)
-+		logging_run_auditctl(secadm_t, secadm_r, admin_terminal)
-+		logging_domtrans_auditctl
++		logging_run_auditctl(secadm_t,secadm_r,admin_terminal)
  		userdom_dontaudit_append_staff_home_content_files(secadm_t)
  	', `
 -		logging_domtrans_auditctl(sysadm_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- selinux-policy.spec	30 Mar 2006 19:57:31 -0000	1.163
+++ selinux-policy.spec	30 Mar 2006 22:27:52 -0000	1.164
@@ -16,7 +16,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.28
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -320,7 +320,10 @@
 %endif
 
 %changelog
-* Mon Mar 27 2006 Dan Walsh <dwalsh redhat com> 2.2.28-2
+* Fri Mar 30 2006 Dan Walsh <dwalsh redhat com> 2.2.28-3
+- Allow automount and dbus to read cert files
+
+* Fri Mar 30 2006 Dan Walsh <dwalsh redhat com> 2.2.28-2
 - Fix ftp policy
 - Fix secadm running of auditctl
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]