rpms/selinux-policy/devel modules-targeted.conf, 1.34, 1.35 policy-20060915.patch, 1.5, 1.6 selinux-policy.spec, 1.286, 1.287
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Sep 19 19:14:50 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14394
Modified Files:
modules-targeted.conf policy-20060915.patch
selinux-policy.spec
Log Message:
* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-5
- Fixes to make pppd work
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- modules-targeted.conf 5 Sep 2006 19:45:06 -0000 1.34
+++ modules-targeted.conf 19 Sep 2006 19:14:48 -0000 1.35
@@ -1151,3 +1151,17 @@
#
ccs = module
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+#
+raid = base
+
+# Layer: services
+# Module: smartmon
+#
+# Smart disk monitoring daemon policy
+#
+smartmon = module
+
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 2
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 2
config/appconfig-targeted-mcs/seusers | 2
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 2
policy/flask/mkaccess_vector.sh | 3
policy/global_tunables | 9
policy/mcs | 197 +++++++++++++
policy/mls | 225 ++++++++++++++-
policy/modules/admin/amanda.fc | 6
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 10
policy/modules/admin/consoletype.te | 7
policy/modules/admin/firstboot.te | 1
policy/modules/admin/logwatch.te | 2
policy/modules/admin/rpm.fc | 4
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corenetwork.te.in | 13
policy/modules/kernel/corenetwork.te.m4 | 13
policy/modules/kernel/devices.fc | 10
policy/modules/kernel/domain.te | 8
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/files.if | 46 +++
policy/modules/kernel/filesystem.if | 19 +
policy/modules/kernel/kernel.te | 24 -
policy/modules/kernel/mcs.te | 17 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 48 +--
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 2
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.te | 6
policy/modules/services/automount.te | 3
policy/modules/services/bluetooth.fc | 3
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cups.te | 31 +-
policy/modules/services/dbus.if | 1
policy/modules/services/dhcp.te | 7
policy/modules/services/kerberos.if | 2
policy/modules/services/lpd.fc | 1
policy/modules/services/networkmanager.fc | 1
policy/modules/services/networkmanager.te | 4
policy/modules/services/ntp.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 6
policy/modules/services/ppp.fc | 4
policy/modules/services/ppp.if | 19 +
policy/modules/services/ppp.te | 10
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 386 +++++++++++++++++++++++++++
policy/modules/services/rpc.te | 3
policy/modules/services/setroubleshoot.te | 7
policy/modules/services/snmp.if | 19 +
policy/modules/services/xfs.te | 2
policy/modules/services/xserver.if | 24 +
policy/modules/system/authlogin.te | 1
policy/modules/system/fstools.te | 4
policy/modules/system/hostname.te | 5
policy/modules/system/init.te | 12
policy/modules/system/libraries.fc | 5
policy/modules/system/logging.fc | 8
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 4
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/unconfined.te | 2
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 2
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 2
policy/users | 14
91 files changed, 1850 insertions(+), 153 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20060915.patch 19 Sep 2006 14:59:46 -0000 1.5
+++ policy-20060915.patch 19 Sep 2006 19:14:48 -0000 1.6
@@ -634,8 +634,16 @@
term_dontaudit_list_ptys(logwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.14/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/admin/rpm.fc 2006-09-19 10:47:17.000000000 -0400
-@@ -15,10 +15,13 @@
++++ serefpolicy-2.3.14/policy/modules/admin/rpm.fc 2006-09-19 13:58:55.000000000 -0400
+@@ -3,6 +3,7 @@
+ /usr/bin/smart -- gen_context(system_u:object_r:rpm_exec_t,s0)
+
+ /usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0)
++/usr/sbin/yum-updatesd -- gen_context(system_u:object_r:rpm_exec_t,s0)
+
+ /usr/lib(64)?/rpm/rpmd -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
+@@ -15,10 +16,13 @@
ifdef(`distro_redhat', `
/usr/bin/fedora-rmdevelrpms -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -649,6 +657,25 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.3.14/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if 2006-09-15 13:14:27.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/su.if 2006-09-19 14:33:19.000000000 -0400
+@@ -43,6 +43,7 @@
+
+ allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
+ dontaudit $1_su_t self:capability sys_tty_config;
++ allow $1_su_t self:key { search write };
+ allow $1_su_t self:process { setexec setsched setrlimit };
+ allow $1_su_t self:fifo_file rw_file_perms;
+ allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+@@ -62,6 +63,7 @@
+
+ kernel_read_system_state($1_su_t)
+ kernel_read_kernel_sysctls($1_su_t)
++ kernel_search_key($1_su_t)
+
+ # for SSP
+ dev_read_urand($1_su_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.14/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-09-05 07:41:02.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/admin/usermanage.te 2006-09-19 10:47:17.000000000 -0400
@@ -1315,7 +1342,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.14/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/automount.te 2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/automount.te 2006-09-19 14:37:13.000000000 -0400
@@ -74,6 +74,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -1324,6 +1351,15 @@
fs_mount_all_fs(automount_t)
fs_unmount_all_fs(automount_t)
+@@ -99,6 +100,8 @@
+ # Someone writes a showmount policy
+ corenet_tcp_bind_reserved_port(automount_t)
+ corenet_tcp_bind_all_rpc_ports(automount_t)
++corenet_udp_bind_reserved_port(automount_t)
++corenet_udp_bind_all_rpc_ports(automount_t)
+
+ dev_read_sysfs(automount_t)
+ # for SSP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.14/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2006-07-14 17:04:40.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/services/bluetooth.fc 2006-09-19 10:47:17.000000000 -0400
@@ -1691,7 +1727,7 @@
+/var/run/wpa_supplicant-global -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.14/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/networkmanager.te 2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/networkmanager.te 2006-09-19 14:39:37.000000000 -0400
@@ -21,7 +21,7 @@
# networkmanager will ptrace itself if gdb is installed
# and it receives a unexpected signal (rh bug #204161)
@@ -1709,6 +1745,14 @@
files_read_etc_files(NetworkManager_t)
files_read_etc_runtime_files(NetworkManager_t)
+@@ -161,6 +162,7 @@
+
+ optional_policy(`
+ ppp_domtrans(NetworkManager_t)
++ ppp_getattr_pid_files(NetworkManager_t)
+ ')
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.14/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-09-05 07:41:01.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/services/ntp.te 2006-09-19 10:47:17.000000000 -0400
@@ -2061,9 +2105,35 @@
/usr/sbin/pptp -- gen_context(system_u:object_r:pptp_exec_t,s0)
/usr/sbin/ipppd -- gen_context(system_u:object_r:pppd_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-2.3.14/policy/modules/services/ppp.if
+--- nsaserefpolicy/policy/modules/services/ppp.if 2006-09-15 13:14:24.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.if 2006-09-19 14:39:26.000000000 -0400
+@@ -237,3 +237,22 @@
+
+ files_pid_filetrans($1,pppd_var_run_t,file)
+ ')
++
++########################################
++## <summary>
++## getattr pid files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`ppp_getattr_pid_files',`
++ gen_require(`
++ type pppd_var_run_t;
++ ')
++
++ allow $1 pppd_var_run_t:file getattr;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.3.14/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/ppp.te 2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.te 2006-09-19 14:06:42.000000000 -0400
@@ -64,7 +64,7 @@
allow pppd_t self:socket create_socket_perms;
allow pppd_t self:unix_dgram_socket create_socket_perms;
@@ -2868,7 +2938,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.14/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/system/init.te 2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/init.te 2006-09-19 14:34:03.000000000 -0400
@@ -361,7 +361,8 @@
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -2879,6 +2949,29 @@
# slapd needs to read cert files from its initscript
miscfiles_read_certs(initrc_t)
+@@ -514,6 +515,10 @@
+ # optional_policy(`',`
+ # mta_send_mail(initrc_t)
+ # ')
++# allow init scripts to su
++ optional_policy(`
++ su_restricted_domain_template(initrc,initrc_t,system_r)
++ ')
+ ')
+
+ optional_policy(`
+@@ -726,11 +731,6 @@
+ ssh_dontaudit_read_server_keys(initrc_t)
+ ')
+
+-# allow init scripts to su
+-optional_policy(`
+- su_restricted_domain_template(initrc,initrc_t,system_r)
+-')
+-
+ optional_policy(`
+ sysnet_read_dhcpc_state(initrc_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.14/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-09-05 07:41:01.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/system/libraries.fc 2006-09-19 10:47:17.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.286
retrieving revision 1.287
diff -u -r1.286 -r1.287
--- selinux-policy.spec 19 Sep 2006 14:59:46 -0000 1.286
+++ selinux-policy.spec 19 Sep 2006 19:14:48 -0000 1.287
@@ -11,12 +11,13 @@
%define BUILD_MLS 1
%endif
%define POLICYVER 20
+%define libsepolver 1.12.26-1
%define POLICYCOREUTILSVER 1.30.29-1
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.14
-Release: 4
+Release: 5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -37,7 +38,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
-PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.16-1
+PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.16-2
Obsoletes: policy
%description
@@ -348,7 +349,10 @@
%endif
%changelog
-* Mon Sep 18 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-4
+* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-5
+- Fixes to make pppd work
+
+* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-4
- Multiple policy fixes
- Change max categories to 1023
More information about the fedora-cvs-commits
mailing list