[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/selinux-policy/devel policy-20060829.patch,1.21,1.22
- From: fedora-cvs-commits redhat com
- To: fedora-cvs-commits redhat com
- Subject: rpms/selinux-policy/devel policy-20060829.patch,1.21,1.22
- Date: Fri, 15 Sep 2006 12:04:21 -0400
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25398
Modified Files:
policy-20060829.patch
Log Message:
* Thu Sep 14 2006 Dan Walsh <dwalsh redhat com> 2.3.13-6
- Fix ppp connections from network manager
policy-20060829.patch:
Makefile | 23 -
Rules.modular | 10
policy/global_tunables | 9
policy/mcs | 3
policy/modules/admin/anaconda.te | 6
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 9
policy/modules/admin/consoletype.te | 7
policy/modules/admin/firstboot.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/domain.te | 8
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 46 +++
policy/modules/kernel/filesystem.if | 19 +
policy/modules/kernel/terminal.if | 2
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.te | 1
policy/modules/services/automount.te | 1
policy/modules/services/bluetooth.fc | 3
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cron.te | 1
policy/modules/services/cups.te | 5
policy/modules/services/dbus.if | 1
policy/modules/services/lpd.fc | 1
policy/modules/services/networkmanager.fc | 1
policy/modules/services/ntp.te | 4
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 6
policy/modules/services/ppp.fc | 4
policy/modules/services/ppp.te | 10
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++++
policy/modules/services/ricci.te | 386 ++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 2
policy/modules/services/setroubleshoot.te | 7
policy/modules/services/xfs.te | 2
policy/modules/services/xserver.if | 24 +
policy/modules/system/hostname.te | 5
policy/modules/system/init.te | 3
policy/modules/system/libraries.fc | 2
policy/modules/system/selinuxutil.te | 3
policy/modules/system/setrans.te | 1
policy/modules/system/userdomain.if | 268 +++++++++++++------
policy/modules/system/userdomain.te | 65 +---
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 2
62 files changed, 1461 insertions(+), 153 deletions(-)
Index: policy-20060829.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060829.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20060829.patch 15 Sep 2006 12:44:15 -0000 1.21
+++ policy-20060829.patch 15 Sep 2006 16:04:19 -0000 1.22
@@ -89,16 +89,37 @@
+domain_dontaudit_use_interactive_fds(anaconda_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.13/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.fc 2006-09-08 12:02:39.000000000 -0400
-@@ -10,3 +10,4 @@
++++ serefpolicy-2.3.13/policy/modules/admin/bootloader.fc 2006-09-15 09:56:59.000000000 -0400
+@@ -6,7 +6,10 @@
+
+ /usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+
+-/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
++/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
++/sbin/grub-.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
++#/sbin/grubby -- gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/boot/grub/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.13/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.te 2006-09-08 12:02:39.000000000 -0400
-@@ -161,7 +161,7 @@
++++ serefpolicy-2.3.13/policy/modules/admin/bootloader.te 2006-09-15 09:55:05.000000000 -0400
+@@ -21,6 +21,13 @@
+ type bootloader_exec_t;
+ domain_entry_file(bootloader_t,bootloader_exec_t)
+
++type bootloader_helper_t;
++domain_type(bootloader_helper_t)
++role system_r types bootloader_helper_t;
++
++type bootloader_helper_exec_t;
++domain_entry_file(bootloader_helper_t,bootloader_helper_exec_t)
++
+ #
+ # bootloader_etc_t is the configuration file,
+ # grub.conf, lilo.conf, etc.
+@@ -161,7 +168,7 @@
allow bootloader_t self:capability ipc_lock;
# new file system defaults to file_t, granting file_t access is still bad.
@@ -635,7 +656,7 @@
tunable_policy(`fcron_crond', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.13/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/cups.te 2006-09-13 06:53:08.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/cups.te 2006-09-15 11:18:54.000000000 -0400
@@ -161,7 +161,7 @@
fs_read_removable_files(cupsd_t)
@@ -645,6 +666,16 @@
term_search_ptys(cupsd_t)
auth_domtrans_chk_passwd(cupsd_t)
+@@ -552,7 +552,8 @@
+ # HPLIP local policy
+ #
+
+-allow hplip_t self:capability net_raw;
++# Needed for USB Scanneer and xsane
++allow hplip_t self:capability { dac_override dac_read_search net_raw };
+ dontaudit hplip_t self:capability sys_tty_config;
+ allow hplip_t self:fifo_file rw_file_perms;
+ allow hplip_t self:process signal_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.13/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-08-29 09:00:28.000000000 -0400
+++ serefpolicy-2.3.13/policy/modules/services/dbus.if 2006-09-08 12:02:39.000000000 -0400
@@ -1719,6 +1750,18 @@
+optional_policy(`
+ nis_use_ypbind(setroubleshootd_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.te serefpolicy-2.3.13/policy/modules/services/xfs.te
+--- nsaserefpolicy/policy/modules/services/xfs.te 2006-08-23 12:14:54.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/xfs.te 2006-09-15 10:13:16.000000000 -0400
+@@ -21,7 +21,7 @@
+ # Local policy
+ #
+
+-allow xfs_t self:capability { setgid setuid };
++allow xfs_t self:capability { dac_override setgid setuid };
+ dontaudit xfs_t self:capability sys_tty_config;
+ allow xfs_t self:process { signal_perms setpgid };
+ allow xfs_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.13/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-06 13:04:51.000000000 -0400
+++ serefpolicy-2.3.13/policy/modules/services/xserver.if 2006-09-08 12:02:39.000000000 -0400
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]