rpms/selinux-policy/devel modules-targeted.conf, 1.34, 1.35 policy-20060915.patch, 1.5, 1.6 selinux-policy.spec, 1.286, 1.287

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Sep 19 19:14:50 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14394

Modified Files:
	modules-targeted.conf policy-20060915.patch 
	selinux-policy.spec 
Log Message:
* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-5
- Fixes to make pppd work



Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- modules-targeted.conf	5 Sep 2006 19:45:06 -0000	1.34
+++ modules-targeted.conf	19 Sep 2006 19:14:48 -0000	1.35
@@ -1151,3 +1151,17 @@
 # 
 ccs = module
 
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+# 
+raid = base
+
+# Layer: services
+# Module: smartmon
+#
+# Smart disk monitoring daemon policy
+# 
+smartmon = module
+

policy-20060915.patch:
 Rules.modular                                |   10 
 config/appconfig-strict-mcs/seusers          |    2 
 config/appconfig-strict-mls/initrc_context   |    2 
 config/appconfig-strict-mls/seusers          |    2 
 config/appconfig-targeted-mcs/seusers        |    2 
 config/appconfig-targeted-mls/initrc_context |    2 
 config/appconfig-targeted-mls/seusers        |    2 
 policy/flask/mkaccess_vector.sh              |    3 
 policy/global_tunables                       |    9 
 policy/mcs                                   |  197 +++++++++++++
 policy/mls                                   |  225 ++++++++++++++-
 policy/modules/admin/amanda.fc               |    6 
 policy/modules/admin/bootloader.fc           |    5 
 policy/modules/admin/bootloader.te           |   10 
 policy/modules/admin/consoletype.te          |    7 
 policy/modules/admin/firstboot.te            |    1 
 policy/modules/admin/logwatch.te             |    2 
 policy/modules/admin/rpm.fc                  |    4 
 policy/modules/admin/su.if                   |    2 
 policy/modules/admin/usermanage.te           |    5 
 policy/modules/apps/java.fc                  |    2 
 policy/modules/apps/mono.te                  |    9 
 policy/modules/kernel/corecommands.fc        |    2 
 policy/modules/kernel/corenetwork.te.in      |   13 
 policy/modules/kernel/corenetwork.te.m4      |   13 
 policy/modules/kernel/devices.fc             |   10 
 policy/modules/kernel/domain.te              |    8 
 policy/modules/kernel/files.fc               |   27 -
 policy/modules/kernel/files.if               |   46 +++
 policy/modules/kernel/filesystem.if          |   19 +
 policy/modules/kernel/kernel.te              |   24 -
 policy/modules/kernel/mcs.te                 |   17 -
 policy/modules/kernel/mls.te                 |   10 
 policy/modules/kernel/selinux.te             |    2 
 policy/modules/kernel/storage.fc             |   48 +--
 policy/modules/kernel/terminal.fc            |    2 
 policy/modules/kernel/terminal.if            |    2 
 policy/modules/services/amavis.te            |    1 
 policy/modules/services/apache.fc            |    9 
 policy/modules/services/apache.te            |    6 
 policy/modules/services/automount.te         |    3 
 policy/modules/services/bluetooth.fc         |    3 
 policy/modules/services/bluetooth.te         |   11 
 policy/modules/services/ccs.fc               |    8 
 policy/modules/services/ccs.if               |   65 ++++
 policy/modules/services/ccs.te               |   87 ++++++
 policy/modules/services/clamav.te            |    1 
 policy/modules/services/cups.te              |   31 +-
 policy/modules/services/dbus.if              |    1 
 policy/modules/services/dhcp.te              |    7 
 policy/modules/services/kerberos.if          |    2 
 policy/modules/services/lpd.fc               |    1 
 policy/modules/services/networkmanager.fc    |    1 
 policy/modules/services/networkmanager.te    |    4 
 policy/modules/services/ntp.te               |    3 
 policy/modules/services/oddjob.fc            |    8 
 policy/modules/services/oddjob.if            |   76 +++++
 policy/modules/services/oddjob.te            |   73 +++++
 policy/modules/services/oddjob_mkhomedir.fc  |    6 
 policy/modules/services/oddjob_mkhomedir.if  |   24 +
 policy/modules/services/oddjob_mkhomedir.te  |   29 ++
 policy/modules/services/pegasus.if           |   31 ++
 policy/modules/services/pegasus.te           |    5 
 policy/modules/services/postfix.te           |    6 
 policy/modules/services/ppp.fc               |    4 
 policy/modules/services/ppp.if               |   19 +
 policy/modules/services/ppp.te               |   10 
 policy/modules/services/ricci.fc             |   20 +
 policy/modules/services/ricci.if             |  184 ++++++++++++
 policy/modules/services/ricci.te             |  386 +++++++++++++++++++++++++++
 policy/modules/services/rpc.te               |    3 
 policy/modules/services/setroubleshoot.te    |    7 
 policy/modules/services/snmp.if              |   19 +
 policy/modules/services/xfs.te               |    2 
 policy/modules/services/xserver.if           |   24 +
 policy/modules/system/authlogin.te           |    1 
 policy/modules/system/fstools.te             |    4 
 policy/modules/system/hostname.te            |    5 
 policy/modules/system/init.te                |   12 
 policy/modules/system/libraries.fc           |    5 
 policy/modules/system/logging.fc             |    8 
 policy/modules/system/selinuxutil.fc         |    6 
 policy/modules/system/selinuxutil.te         |    4 
 policy/modules/system/setrans.fc             |    2 
 policy/modules/system/setrans.te             |    1 
 policy/modules/system/unconfined.te          |    2 
 policy/modules/system/userdomain.fc          |    2 
 policy/modules/system/userdomain.if          |    2 
 policy/modules/system/xen.fc                 |    1 
 policy/modules/system/xen.te                 |    2 
 policy/users                                 |   14 
 91 files changed, 1850 insertions(+), 153 deletions(-)

Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20060915.patch	19 Sep 2006 14:59:46 -0000	1.5
+++ policy-20060915.patch	19 Sep 2006 19:14:48 -0000	1.6
@@ -634,8 +634,16 @@
  term_dontaudit_list_ptys(logwatch_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.14/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/admin/rpm.fc	2006-09-19 10:47:17.000000000 -0400
-@@ -15,10 +15,13 @@
++++ serefpolicy-2.3.14/policy/modules/admin/rpm.fc	2006-09-19 13:58:55.000000000 -0400
+@@ -3,6 +3,7 @@
+ /usr/bin/smart 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
+ 
+ /usr/bin/yum 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
++/usr/sbin/yum-updatesd		--	gen_context(system_u:object_r:rpm_exec_t,s0)
+ 
+ /usr/lib(64)?/rpm/rpmd		-- 	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/rpm/rpmq		-- 	gen_context(system_u:object_r:bin_t,s0)
+@@ -15,10 +16,13 @@
  
  ifdef(`distro_redhat', `
  /usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -649,6 +657,25 @@
  ')
  
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.3.14/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if	2006-09-15 13:14:27.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/su.if	2006-09-19 14:33:19.000000000 -0400
+@@ -43,6 +43,7 @@
+ 
+ 	allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
+ 	dontaudit $1_su_t self:capability sys_tty_config;
++	allow $1_su_t self:key { search write };
+ 	allow $1_su_t self:process { setexec setsched setrlimit };
+ 	allow $1_su_t self:fifo_file rw_file_perms;
+ 	allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+@@ -62,6 +63,7 @@
+ 
+ 	kernel_read_system_state($1_su_t)
+ 	kernel_read_kernel_sysctls($1_su_t)
++	kernel_search_key($1_su_t)
+ 
+ 	# for SSP
+ 	dev_read_urand($1_su_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.14/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-09-05 07:41:02.000000000 -0400
 +++ serefpolicy-2.3.14/policy/modules/admin/usermanage.te	2006-09-19 10:47:17.000000000 -0400
@@ -1315,7 +1342,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.14/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/automount.te	2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/automount.te	2006-09-19 14:37:13.000000000 -0400
 @@ -74,6 +74,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -1324,6 +1351,15 @@
  
  fs_mount_all_fs(automount_t)
  fs_unmount_all_fs(automount_t)
+@@ -99,6 +100,8 @@
+ # Someone writes a showmount policy
+ corenet_tcp_bind_reserved_port(automount_t)
+ corenet_tcp_bind_all_rpc_ports(automount_t)
++corenet_udp_bind_reserved_port(automount_t)
++corenet_udp_bind_all_rpc_ports(automount_t)
+ 
+ dev_read_sysfs(automount_t)
+ # for SSP
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.14/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2006-07-14 17:04:40.000000000 -0400
 +++ serefpolicy-2.3.14/policy/modules/services/bluetooth.fc	2006-09-19 10:47:17.000000000 -0400
@@ -1691,7 +1727,7 @@
 +/var/run/wpa_supplicant-global	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.14/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/networkmanager.te	2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/networkmanager.te	2006-09-19 14:39:37.000000000 -0400
 @@ -21,7 +21,7 @@
  # networkmanager will ptrace itself if gdb is installed
  # and it receives a unexpected signal (rh bug #204161) 
@@ -1709,6 +1745,14 @@
  
  files_read_etc_files(NetworkManager_t)
  files_read_etc_runtime_files(NetworkManager_t)
+@@ -161,6 +162,7 @@
+ 
+ optional_policy(`
+ 	ppp_domtrans(NetworkManager_t)
++	ppp_getattr_pid_files(NetworkManager_t)
+ ')
+ 
+ optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.14/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2006-09-05 07:41:01.000000000 -0400
 +++ serefpolicy-2.3.14/policy/modules/services/ntp.te	2006-09-19 10:47:17.000000000 -0400
@@ -2061,9 +2105,35 @@
  /usr/sbin/pptp 			--	gen_context(system_u:object_r:pptp_exec_t,s0)
  /usr/sbin/ipppd			--	gen_context(system_u:object_r:pppd_exec_t,s0)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-2.3.14/policy/modules/services/ppp.if
+--- nsaserefpolicy/policy/modules/services/ppp.if	2006-09-15 13:14:24.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.if	2006-09-19 14:39:26.000000000 -0400
+@@ -237,3 +237,22 @@
+ 
+ 	files_pid_filetrans($1,pppd_var_run_t,file)
+ ')
++
++########################################
++## <summary>
++##	getattr pid files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ppp_getattr_pid_files',`
++	gen_require(`
++		type pppd_var_run_t;
++	')
++
++	allow $1 pppd_var_run_t:file getattr;
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.3.14/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/ppp.te	2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.te	2006-09-19 14:06:42.000000000 -0400
 @@ -64,7 +64,7 @@
  allow pppd_t self:socket create_socket_perms;
  allow pppd_t self:unix_dgram_socket create_socket_perms;
@@ -2868,7 +2938,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.14/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/system/init.te	2006-09-19 10:47:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/init.te	2006-09-19 14:34:03.000000000 -0400
 @@ -361,7 +361,8 @@
  logging_append_all_logs(initrc_t)
  logging_read_audit_config(initrc_t)
@@ -2879,6 +2949,29 @@
  # slapd needs to read cert files from its initscript
  miscfiles_read_certs(initrc_t)
  
+@@ -514,6 +515,10 @@
+ #	optional_policy(`',`
+ #		mta_send_mail(initrc_t)
+ #	')
++# allow init scripts to su
++	optional_policy(`
++		su_restricted_domain_template(initrc,initrc_t,system_r)
++	')
+ ')
+ 
+ optional_policy(`
+@@ -726,11 +731,6 @@
+ 	ssh_dontaudit_read_server_keys(initrc_t)
+ ')
+ 
+-# allow init scripts to su
+-optional_policy(`
+-	su_restricted_domain_template(initrc,initrc_t,system_r)
+-')
+-
+ optional_policy(`
+ 	sysnet_read_dhcpc_state(initrc_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.14/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2006-09-05 07:41:01.000000000 -0400
 +++ serefpolicy-2.3.14/policy/modules/system/libraries.fc	2006-09-19 10:47:17.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.286
retrieving revision 1.287
diff -u -r1.286 -r1.287
--- selinux-policy.spec	19 Sep 2006 14:59:46 -0000	1.286
+++ selinux-policy.spec	19 Sep 2006 19:14:48 -0000	1.287
@@ -11,12 +11,13 @@
 %define BUILD_MLS 1
 %endif
 %define POLICYVER 20
+%define libsepolver 1.12.26-1
 %define POLICYCOREUTILSVER 1.30.29-1
 %define CHECKPOLICYVER 1.30.11-1
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.3.14
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -37,7 +38,7 @@
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
-PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.16-1
+PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.16-2
 Obsoletes: policy 
 
 %description 
@@ -348,7 +349,10 @@
 %endif
 
 %changelog
-* Mon Sep 18 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-4
+* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-5
+- Fixes to make pppd work
+
+* Mon Sep 19 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-4
 - Multiple policy fixes
 - Change max categories to 1023
 




More information about the fedora-cvs-commits mailing list