rpms/selinux-policy/devel policy-20060915.patch, 1.8, 1.9 selinux-policy.spec, 1.289, 1.290
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 22 14:21:37 UTC 2006
- Previous message (by thread): rpms/kdebase/devel .cvsignore, 1.51, 1.52 kdebase.spec, 1.228, 1.229 sources, 1.70, 1.71
- Next message (by thread): rpms/fedora-logos/devel .cvsignore, 1.37, 1.38 fedora-logos.spec, 1.46, 1.47 sources, 1.39, 1.40
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28051
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Fri Sep 22 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-8
- More fixes for mls
- Revert change on automount transition to mount
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/flask/mkaccess_vector.sh | 3
policy/global_tunables | 9
policy/mcs | 197 +++++++++++++
policy/mls | 225 ++++++++++++++-
policy/modules/admin/amanda.fc | 6
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 10
policy/modules/admin/consoletype.te | 7
policy/modules/admin/firstboot.te | 1
policy/modules/admin/logwatch.te | 2
policy/modules/admin/readahead.te | 4
policy/modules/admin/rpm.fc | 4
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corenetwork.te.in | 15 -
policy/modules/kernel/corenetwork.te.m4 | 13
policy/modules/kernel/devices.fc | 10
policy/modules/kernel/devices.if | 19 +
policy/modules/kernel/domain.te | 8
policy/modules/kernel/files.fc | 29 +-
policy/modules/kernel/files.if | 46 +++
policy/modules/kernel/filesystem.if | 21 +
policy/modules/kernel/kernel.te | 24 -
policy/modules/kernel/mcs.te | 17 -
policy/modules/kernel/mls.te | 12
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 48 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 2
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.te | 6
policy/modules/services/automount.te | 5
policy/modules/services/bind.te | 1
policy/modules/services/bluetooth.fc | 3
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cron.fc | 1
policy/modules/services/cups.te | 5
policy/modules/services/dbus.if | 1
policy/modules/services/dhcp.te | 7
policy/modules/services/hal.te | 6
policy/modules/services/kerberos.if | 2
policy/modules/services/lpd.fc | 1
policy/modules/services/networkmanager.fc | 1
policy/modules/services/networkmanager.te | 5
policy/modules/services/nscd.te | 2
policy/modules/services/ntp.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.fc | 1
policy/modules/services/postfix.te | 6
policy/modules/services/ppp.fc | 4
policy/modules/services/ppp.if | 19 +
policy/modules/services/ppp.te | 21 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 386 +++++++++++++++++++++++++++
policy/modules/services/rpc.te | 3
policy/modules/services/sendmail.te | 14
policy/modules/services/setroubleshoot.te | 7
policy/modules/services/smartmon.te | 8
policy/modules/services/snmp.if | 19 +
policy/modules/services/ssh.te | 4
policy/modules/services/xfs.te | 2
policy/modules/services/xserver.if | 24 +
policy/modules/system/authlogin.te | 1
policy/modules/system/fstools.te | 4
policy/modules/system/hostname.te | 5
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 13
policy/modules/system/libraries.fc | 5
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 1
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 4
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/udev.te | 1
policy/modules/system/unconfined.te | 2
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 29 +-
policy/modules/system/userdomain.te | 18 -
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 3
policy/users | 14
109 files changed, 1944 insertions(+), 176 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- policy-20060915.patch 21 Sep 2006 23:05:49 -0000 1.8
+++ policy-20060915.patch 22 Sep 2006 14:21:35 -0000 1.9
@@ -1064,7 +1064,7 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.14/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/kernel/files.if 2006-09-21 15:40:45.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/files.if 2006-09-21 19:21:26.000000000 -0400
@@ -386,7 +386,7 @@
attribute file_type, security_file_type;
')
@@ -1491,18 +1491,6 @@
dev_read_sysfs(automount_t)
# for SSP
-@@ -142,8 +147,9 @@
- miscfiles_read_localization(automount_t)
- miscfiles_read_certs(automount_t)
-
--# Run mount in the mount_t domain.
--mount_domtrans(automount_t)
-+# Run mount in the mount domain.
-+# mount_domtrans(automount_t)
-+mount_exec(automount_t)
-
- sysnet_dns_name_resolve(automount_t)
- sysnet_use_ldap(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.14/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2006-08-29 09:00:27.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/services/bind.te 2006-09-21 15:40:45.000000000 -0400
@@ -3041,8 +3029,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.3.14/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/smartmon.te 2006-09-21 15:40:45.000000000 -0400
-@@ -7,7 +7,11 @@
++++ serefpolicy-2.3.14/policy/modules/services/smartmon.te 2006-09-21 19:16:28.000000000 -0400
+@@ -7,8 +7,13 @@
#
type fsdaemon_t;
@@ -3053,9 +3041,11 @@
+ type fsdaemon_exec_t;
+')
init_daemon_domain(fsdaemon_t,fsdaemon_exec_t)
++mls_rangetrans_target(fsdaemon_t)
type fsdaemon_var_run_t;
-@@ -62,6 +66,7 @@
+ files_pid_file(fsdaemon_var_run_t)
+@@ -62,6 +67,7 @@
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
@@ -3091,15 +3081,25 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.14/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/services/ssh.te 2006-09-21 15:40:45.000000000 -0400
-@@ -71,6 +71,7 @@
++++ serefpolicy-2.3.14/policy/modules/services/ssh.te 2006-09-22 08:18:03.000000000 -0400
+@@ -71,7 +71,7 @@
ifdef(`strict_policy',`
# so a tunnel can point to another ssh tunnel
allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
+-
+ allow sshd_t self:key { search link write };
-
allow sshd_t sshd_tmp_t:dir create_dir_perms;
allow sshd_t sshd_tmp_t:file create_file_perms;
+ allow sshd_t sshd_tmp_t:sock_file create_file_perms;
+@@ -81,6 +81,8 @@
+ corenet_tcp_bind_xserver_port(sshd_t)
+ corenet_sendrecv_xserver_server_packets(sshd_t)
+
++ kernel_link_key(sshd_t)
++
+ tunable_policy(`ssh_sysadm_login',`
+ # Relabel and access ptys created by sshd
+ # ioctl is necessary for logout() processing for utmp entry and for w to
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.te serefpolicy-2.3.14/policy/modules/services/xfs.te
--- nsaserefpolicy/policy/modules/services/xfs.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.14/policy/modules/services/xfs.te 2006-09-21 15:40:45.000000000 -0400
@@ -3296,7 +3296,7 @@
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.14/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.14/policy/modules/system/logging.te 2006-09-21 15:40:45.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/logging.te 2006-09-21 19:16:03.000000000 -0400
@@ -161,6 +161,7 @@
miscfiles_read_localization(auditd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.289
retrieving revision 1.290
diff -u -r1.289 -r1.290
--- selinux-policy.spec 21 Sep 2006 23:05:49 -0000 1.289
+++ selinux-policy.spec 22 Sep 2006 14:21:35 -0000 1.290
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.14
-Release: 7
+Release: 8
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,10 @@
%endif
%changelog
+* Fri Sep 22 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-8
+- More fixes for mls
+- Revert change on automount transition to mount
+
* Wed Sep 20 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-7
- Fix cron jobs to run under the correct context
- Previous message (by thread): rpms/kdebase/devel .cvsignore, 1.51, 1.52 kdebase.spec, 1.228, 1.229 sources, 1.70, 1.71
- Next message (by thread): rpms/fedora-logos/devel .cvsignore, 1.37, 1.38 fedora-logos.spec, 1.46, 1.47 sources, 1.39, 1.40
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list