[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/selinux-policy/devel policy-20070703.patch, 1.24, 1.25 selinux-policy.spec, 1.486, 1.487
- From: Daniel J Walsh (dwalsh) <fedora-extras-commits redhat com>
- To: fedora-extras-commits redhat com
- Subject: rpms/selinux-policy/devel policy-20070703.patch, 1.24, 1.25 selinux-policy.spec, 1.486, 1.487
- Date: Wed, 1 Aug 2007 12:03:55 -0400
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14691
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Wed Aug 1 2007 Dan Walsh <dwalsh redhat com> 3.0.4-5
- Fix new usb devices and dmfm
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- policy-20070703.patch 31 Jul 2007 20:51:42 -0000 1.24
+++ policy-20070703.patch 1 Aug 2007 16:03:23 -0000 1.25
@@ -2356,8 +2356,16 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.4/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-06-15 14:54:30.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/kernel/devices.fc 2007-07-31 13:38:24.000000000 -0400
-@@ -19,6 +19,7 @@
++++ serefpolicy-3.0.4/policy/modules/kernel/devices.fc 2007-08-01 10:54:59.000000000 -0400
+@@ -12,6 +12,7 @@
+ /dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/beep -c gen_context(system_u:object_r:sound_device_t,s0)
++/dev/dmfm -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/efirtc -c gen_context(system_u:object_r:clock_device_t,s0)
+ /dev/em8300.* -c gen_context(system_u:object_r:v4l_device_t,s0)
+@@ -19,6 +20,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
@@ -2365,7 +2373,7 @@
/dev/fw.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/hiddev.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/hpet -c gen_context(system_u:object_r:clock_device_t,s0)
-@@ -53,7 +54,7 @@
+@@ -53,7 +55,7 @@
/dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/dev/raw1394.* -c gen_context(system_u:object_r:v4l_device_t,s0)
@@ -2374,15 +2382,17 @@
/dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0)
-@@ -65,6 +66,7 @@
+@@ -64,7 +66,9 @@
+ /dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
++/dev/usbmon[0-9]+ -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0)
+/dev/usb[0-9]+ -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -127,3 +129,7 @@
+@@ -127,3 +131,7 @@
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
')
@@ -2392,7 +2402,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.0.4/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-06-15 14:54:30.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/kernel/devices.if 2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/kernel/devices.if 2007-08-01 10:56:52.000000000 -0400
@@ -2803,6 +2803,24 @@
########################################
@@ -2820,7 +2830,7 @@
# filesystem SID to label inodes in the following filesystem types,
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.0.4/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-07-03 07:05:38.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/kernel/kernel.if 2007-07-31 16:22:36.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/kernel/kernel.if 2007-08-01 11:26:14.000000000 -0400
@@ -108,6 +108,24 @@
########################################
@@ -4152,10 +4162,45 @@
+optional_policy(`
+ xserver_stream_connect_xdm(bluetooth_helper_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.0.4/policy/modules/services/clamav.fc
+--- nsaserefpolicy/policy/modules/services/clamav.fc 2007-05-29 14:10:57.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/services/clamav.fc 2007-08-01 11:30:09.000000000 -0400
+@@ -9,6 +9,8 @@
+
+ /var/run/amavis(d)?/clamd\.pid -- gen_context(system_u:object_r:clamd_var_run_t,s0)
+ /var/run/clamav(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
++/var/run/clamd\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
++/var/run/clamav\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
+ /var/lib/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
+ /var/log/clamav -d gen_context(system_u:object_r:clamd_var_log_t,s0)
+ /var/log/clamav/clamav.* -- gen_context(system_u:object_r:clamd_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.0.4/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/clamav.te 2007-07-25 13:27:51.000000000 -0400
-@@ -208,9 +208,12 @@
++++ serefpolicy-3.0.4/policy/modules/services/clamav.te 2007-08-01 11:29:41.000000000 -0400
+@@ -74,17 +74,19 @@
+ manage_files_pattern(clamd_t,clamd_var_lib_t,clamd_var_lib_t)
+
+ # log files
+-allow clamd_t clamd_var_log_t:dir setattr;
++manage_dirs_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
+ manage_files_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
+-logging_log_filetrans(clamd_t,clamd_var_log_t,file)
++logging_log_filetrans(clamd_t,clamd_var_log_t,{ dir file })
+
+ # pid file
++manage_dirs_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
+ manage_files_pattern(clamd_t,clamd_var_run_t,clamd_var_run_t)
+ manage_sock_files_pattern(clamd_t,clamd_var_run_t,clamd_var_run_t)
+-files_pid_filetrans(clamd_t,clamd_var_run_t,file)
++files_pid_filetrans(clamd_t,clamd_var_run_t,{ file dir })
+
+ kernel_dontaudit_list_proc(clamd_t)
+ kernel_read_sysctl(clamd_t)
++kernel_read_kernel_sysctls(clamd_t)
+
+ corenet_all_recvfrom_unlabeled(clamd_t)
+ corenet_all_recvfrom_netlabel(clamd_t)
+@@ -208,9 +210,12 @@
files_tmp_filetrans(clamscan_t,clamscan_tmp_t,{ file dir })
# var/lib files together with clamd
@@ -4169,7 +4214,7 @@
kernel_read_kernel_sysctls(clamscan_t)
files_read_etc_files(clamscan_t)
-@@ -228,3 +231,7 @@
+@@ -228,3 +233,7 @@
optional_policy(`
apache_read_sys_content(clamscan_t)
')
@@ -6791,8 +6836,8 @@
fs_search_auto_mountpoints($1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.4/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/services/rpc.te 2007-07-31 14:16:40.000000000 -0400
-@@ -59,10 +59,13 @@
++++ serefpolicy-3.0.4/policy/modules/services/rpc.te 2007-08-01 11:35:43.000000000 -0400
+@@ -59,10 +59,14 @@
manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
@@ -6802,11 +6847,12 @@
kernel_search_network_state(rpcd_t)
# for rpc.rquotad
kernel_read_sysctl(rpcd_t)
++kernel_read_fs_sysctl(rpcd_t)
+kernel_getattr_core_if(nfsd_t)
fs_list_rpc(rpcd_t)
fs_read_rpc_files(rpcd_t)
-@@ -76,9 +79,11 @@
+@@ -76,9 +80,11 @@
miscfiles_read_certs(rpcd_t)
seutil_dontaudit_search_config(rpcd_t)
@@ -6818,7 +6864,7 @@
')
########################################
-@@ -91,9 +96,13 @@
+@@ -91,9 +97,13 @@
allow nfsd_t exports_t:file { getattr read };
allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
@@ -6832,7 +6878,7 @@
corenet_tcp_bind_all_rpc_ports(nfsd_t)
corenet_udp_bind_all_rpc_ports(nfsd_t)
-@@ -123,6 +132,7 @@
+@@ -123,6 +133,7 @@
tunable_policy(`nfs_export_all_rw',`
fs_read_noxattr_fs_files(nfsd_t)
auth_manage_all_files_except_shadow(nfsd_t)
@@ -6840,7 +6886,7 @@
')
tunable_policy(`nfs_export_all_ro',`
-@@ -143,6 +153,8 @@
+@@ -143,6 +154,8 @@
manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
@@ -6849,7 +6895,7 @@
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
kernel_search_network_sysctl(gssd_t)
-@@ -158,6 +170,11 @@
+@@ -158,6 +171,11 @@
miscfiles_read_certs(gssd_t)
@@ -8532,7 +8578,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.0.4/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.4/policy/modules/system/fstools.te 2007-07-25 13:27:51.000000000 -0400
++++ serefpolicy-3.0.4/policy/modules/system/fstools.te 2007-08-01 10:57:11.000000000 -0400
@@ -9,6 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -8541,7 +8587,15 @@
role system_r types fsadm_t;
type fsadm_log_t;
-@@ -179,3 +180,8 @@
+@@ -69,6 +70,7 @@
+
+ dev_getattr_all_chr_files(fsadm_t)
+ dev_dontaudit_getattr_all_blk_files(fsadm_t)
++dev_dontaudit_getattr_generic_files(fsadm_t)
+ # mkreiserfs and other programs need this for UUID
+ dev_read_rand(fsadm_t)
+ dev_read_urand(fsadm_t)
+@@ -179,3 +181,8 @@
fs_dontaudit_write_ramfs_pipes(fsadm_t)
rhgb_stub(fsadm_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -r1.486 -r1.487
--- selinux-policy.spec 31 Jul 2007 20:51:43 -0000 1.486
+++ selinux-policy.spec 1 Aug 2007 16:03:23 -0000 1.487
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.4
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -359,6 +359,9 @@
%endif
%changelog
+* Wed Aug 1 2007 Dan Walsh <dwalsh redhat com> 3.0.4-5
+- Fix new usb devices and dmfm
+
* Mon Jul 30 2007 Dan Walsh <dwalsh redhat com> 3.0.4-4
- Eliminate mount_ntfs_t policy, merge into mount_t
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]