rpms/selinux-policy/devel policy-20060829.patch, 1.16, 1.17 selinux-policy.spec, 1.276, 1.277
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Sep 11 20:56:07 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23480
Modified Files:
policy-20060829.patch selinux-policy.spec
Log Message:
* Mon Sep 11 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-4
- Fixed typealias of firstboot_rw_t
policy-20060829.patch:
Makefile | 23 -
Rules.modular | 10
policy/modules/admin/anaconda.te | 6
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 2
policy/modules/admin/consoletype.te | 7
policy/modules/admin/rpm.fc | 2
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 21 +
policy/modules/kernel/files.te | 1
policy/modules/kernel/filesystem.if | 19 +
policy/modules/kernel/terminal.if | 2
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 10
policy/modules/services/apache.te | 1
policy/modules/services/automount.te | 1
policy/modules/services/bluetooth.te | 6
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cron.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/lpd.fc | 1
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 6
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++++
policy/modules/services/ricci.te | 386 ++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 1
policy/modules/services/xserver.if | 24 +
policy/modules/system/hostname.te | 5
policy/modules/system/init.te | 3
policy/modules/system/selinuxutil.te | 3
policy/modules/system/userdomain.if | 268 +++++++++++++------
policy/modules/system/userdomain.te | 65 +---
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 2
48 files changed, 1367 insertions(+), 145 deletions(-)
Index: policy-20060829.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060829.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20060829.patch 8 Sep 2006 17:12:24 -0000 1.16
+++ policy-20060829.patch 11 Sep 2006 20:56:05 -0000 1.17
@@ -210,6 +210,17 @@
+ allow $1 { file_type -security_file_type }:dir create_dir_perms;
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.3.13/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te 2006-09-05 07:41:00.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/files.te 2006-09-08 16:02:39.000000000 -0400
+@@ -58,6 +58,7 @@
+ #
+ type etc_runtime_t;
+ files_type(etc_runtime_t)
++typealias firstboot_rw_t alias etc_runtime_t;
+
+ #
+ # file_t is the default type of a file that has not yet been
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.13/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-06 13:04:50.000000000 -0400
+++ serefpolicy-2.3.13/policy/modules/kernel/filesystem.if 2006-09-08 12:02:39.000000000 -0400
@@ -236,6 +247,18 @@
+ allow $1 rpc_pipefs_t:fifo_file { read write };
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.13/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-09-06 13:04:50.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/terminal.if 2006-09-11 10:49:59.000000000 -0400
+@@ -906,7 +906,7 @@
+ type tty_device_t;
+ ')
+
+- dontaudit $1 tty_device_t:chr_file rw_file_perms;
++ dontaudit $1 tty_device_t:chr_file { rw_term_perms lock append };
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.13/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-09-05 07:41:01.000000000 -0400
+++ serefpolicy-2.3.13/policy/modules/services/amavis.te 2006-09-08 12:02:39.000000000 -0400
@@ -247,6 +270,23 @@
')
optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.13/policy/modules/services/apache.fc
+--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/apache.fc 2006-09-08 13:47:00.000000000 -0400
+@@ -80,3 +80,13 @@
+ /var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+ /var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++
++
++/opt/fortitude/conf.* gen_context(system_u:object_r:httpd_config_t,s0)
++/opt/fortitude/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
++/opt/fortitude/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++/opt/fortitude/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
++/opt/fortitude/modules.local(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
++/opt/fortitude/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
++/opt/fortitude/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.13/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-09-05 07:41:01.000000000 -0400
+++ serefpolicy-2.3.13/policy/modules/services/apache.te 2006-09-08 12:02:39.000000000 -0400
@@ -269,8 +309,8 @@
fs_unmount_all_fs(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.13/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/bluetooth.te 2006-09-08 12:02:39.000000000 -0400
-@@ -217,14 +217,16 @@
++++ serefpolicy-2.3.13/policy/modules/services/bluetooth.te 2006-09-11 11:07:58.000000000 -0400
+@@ -217,14 +217,18 @@
fs_rw_tmpfs_files(bluetooth_helper_t)
term_dontaudit_use_generic_ptys(bluetooth_helper_t)
@@ -285,6 +325,8 @@
optional_policy(`
corenet_tcp_connect_xserver_port(bluetooth_helper_t)
-
++ #Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205956
++ xserver_read_xdm_tmp_files(bluetooth_helper_t)
xserver_stream_connect_xdm(bluetooth_helper_t)
xserver_use_xdm_fds(bluetooth_helper_t)
xserver_rw_xdm_pipes(bluetooth_helper_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.276
retrieving revision 1.277
diff -u -r1.276 -r1.277
--- selinux-policy.spec 8 Sep 2006 17:10:41 -0000 1.276
+++ selinux-policy.spec 11 Sep 2006 20:56:05 -0000 1.277
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.13
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -348,6 +348,9 @@
%endif
%changelog
+* Mon Sep 11 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-4
+- Fixed typealias of firstboot_rw_t
+
* Thu Sep 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-3
- Fix location of xel log files
- Fix handling of sysadm_r -> rpm_exec_t
More information about the fedora-cvs-commits
mailing list