[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/selinux-policy/devel policy-20060915.patch, 1.18, 1.19 selinux-policy.spec, 1.298, 1.299
- From: fedora-cvs-commits redhat com
- To: fedora-cvs-commits redhat com
- Subject: rpms/selinux-policy/devel policy-20060915.patch, 1.18, 1.19 selinux-policy.spec, 1.298, 1.299
- Date: Fri, 29 Sep 2006 01:33:39 -0400
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12431
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Fri Sep 28 2006 Dan Walsh <dwalsh redhat com> 2.3.16-7
- Fix rhgb
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.if | 2
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/apps/slocate.te | 1
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 14
policy/modules/kernel/corenetwork.te.in | 13
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/devices.if | 20 +
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/files.if | 20 +
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.te | 19 +
policy/modules/services/cups.te | 3
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 9
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 99 ++++++
policy/modules/services/oddjob.te | 86 +++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/sendmail.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/smartmon.te | 3
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 3
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 6
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 4
policy/modules/system/mount.fc | 1
policy/modules/system/mount.if | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 5
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 1
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 6
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 68 ++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.te | 1
policy/users | 14
105 files changed, 1587 insertions(+), 150 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20060915.patch 28 Sep 2006 16:45:43 -0000 1.18
+++ policy-20060915.patch 29 Sep 2006 05:33:37 -0000 1.19
@@ -430,6 +430,17 @@
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.16/policy/modules/kernel/corecommands.fc
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-09-22 14:07:03.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/corecommands.fc 2006-09-28 19:35:55.000000000 -0400
+@@ -65,6 +65,7 @@
+
+ /etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
+ /etc/xen/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/etc/profile.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ ifdef(`distro_debian',`
+ /etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.16/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-09-15 13:14:21.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/kernel/corecommands.if 2006-09-27 16:23:12.000000000 -0400
@@ -1630,6 +1641,70 @@
role system_r types procmail_t;
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.3.16/policy/modules/services/rhgb.te
+--- nsaserefpolicy/policy/modules/services/rhgb.te 2006-09-06 13:04:51.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/services/rhgb.te 2006-09-29 01:20:51.000000000 -0400
+@@ -13,10 +13,8 @@
+ type rhgb_tmpfs_t;
+ files_tmpfs_file(rhgb_tmpfs_t)
+
+-ifdef(`strict_policy',`
+- type rhgb_devpts_t;
+- term_pty(rhgb_devpts_t)
+-')
++type rhgb_devpts_t;
++term_pty(rhgb_devpts_t)
+
+ ########################################
+ #
+@@ -25,7 +23,7 @@
+
+ allow rhgb_t self:capability { fsetid setgid setuid sys_admin sys_tty_config };
+ dontaudit rhgb_t self:capability sys_tty_config;
+-allow rhgb_t self:process signal_perms;
++allow rhgb_t self:process { setpgid signal_perms };
+ allow rhgb_t self:shm create_shm_perms;
+ allow rhgb_t self:unix_stream_socket create_stream_socket_perms;
+ allow rhgb_t self:fifo_file rw_file_perms;
+@@ -112,16 +110,21 @@
+ # for running setxkbmap
+ xserver_read_xkb_libs(rhgb_t)
+
++selinux_dontaudit_search_fs(rhgb_t)
++selinux_dontaudit_read_fs(rhgb_t)
++seutil_search_default_contexts(rhgb_t)
++seutil_read_config(rhgb_t)
++
+ ifdef(`strict_policy',`
+ allow rhgb_t rhgb_devpts_t:chr_file { rw_file_perms setattr };
+ term_create_pty(rhgb_t,rhgb_devpts_t)
++
+ ', `
+ files_dontaudit_read_root_files(rhgb_t)
+
+- term_dontaudit_use_generic_ptys(rhgb_t)
+- term_dontaudit_setattr_generic_ptys(rhgb_t)
++ term_use_generic_ptys(rhgb_t)
++ term_setattr_generic_ptys(rhgb_t)
+ term_dontaudit_use_unallocated_ttys(rhgb_t)
+- term_dontaudit_use_generic_ptys(rhgb_t)
+
+ xserver_domtrans_xdm_xserver(rhgb_t)
+ xserver_signal_xdm_xserver(rhgb_t)
+@@ -140,8 +143,13 @@
+ udev_read_db(rhgb_t)
+ ')
+
++optional_policy(`
++ consoletype_exec(rhgb_t)
++')
++
+ ifdef(`TODO',`
+ #this seems a bit much
+ allow domain rhgb_devpts_t:chr_file { read write };
+ allow initrc_t rhgb_gph_t:fd use;
+ ')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.16/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.16/policy/modules/services/ricci.fc 2006-09-26 09:53:18.000000000 -0400
@@ -2316,6 +2391,27 @@
type ssh_keygen_t;
type ssh_keygen_exec_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.16/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-15 13:14:25.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/services/xserver.if 2006-09-29 00:59:16.000000000 -0400
+@@ -898,10 +898,12 @@
+
+ domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
+
++ allow $1 xdm_xserver_t:process siginh;
+ allow $1 xdm_xserver_t:fd use;
+ allow xdm_xserver_t $1:fd use;
+ allow xdm_xserver_t $1:fifo_file rw_file_perms;
+ allow xdm_xserver_t $1:process sigchld;
++
+ ')
+
+ ########################################
+@@ -1152,3 +1154,4 @@
+ allow $1 xdm_xserver_tmp_t:sock_file write;
+ allow $1 xdm_xserver_t:unix_stream_socket connectto;
+ ')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.16/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-09-06 13:04:51.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/services/xserver.te 2006-09-27 10:14:32.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.298
retrieving revision 1.299
diff -u -r1.298 -r1.299
--- selinux-policy.spec 28 Sep 2006 16:45:43 -0000 1.298
+++ selinux-policy.spec 29 Sep 2006 05:33:37 -0000 1.299
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.16
-Release: 6
+Release: 7
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,9 @@
%endif
%changelog
+* Fri Sep 28 2006 Dan Walsh <dwalsh redhat com> 2.3.16-7
+- Fix rhgb
+
* Thu Sep 27 2006 Dan Walsh <dwalsh redhat com> 2.3.16-6
- Fix setrans handling on MLS and useradd
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]