rpms/selinux-policy/devel policy-20080710.patch,1.24,1.25

Fri Aug 29 20:54:35 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17438

Modified Files:
	policy-20080710.patch 
Log Message:
* Fri Aug 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-3
- Allow audit dispatcher to kill his children


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25

--- policy-20080710.patch	29 Aug 2008 20:42:15 -0000	1.24
+++ policy-20080710.patch	29 Aug 2008 20:54:34 -0000	1.25
@@ -378,6 +378,29 @@
 +	xserver_unconfined(firstboot_t)
  ')
 -') dnl end TODO
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.5/policy/modules/admin/kismet.te
+--- nsaserefpolicy/policy/modules/admin/kismet.te	2008-08-07 11:15:13.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/admin/kismet.te	2008-08-29 16:38:04.000000000 -0400
+@@ -26,7 +26,10 @@
+ #
+ 
+ allow kismet_t self:capability { net_admin net_raw setuid setgid };
++allow kismet_t self:fifo_file rw_file_perms;
+ allow kismet_t self:packet_socket create_socket_perms;
++allow kismet_t self:unix_dgram_socket create_socket_perms;
++allow kismet_t self:unix_stream_socket create_stream_socket_perms;
+ 
+ manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
+ allow kismet_t kismet_log_t:dir setattr;
+@@ -42,6 +45,8 @@
+ 
+ corecmd_exec_bin(kismet_t)
+ 
++kernel_search_debugfs(kismet_t)
++
+ auth_use_nsswitch(kismet_t)
+ 
+ files_read_etc_files(kismet_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2008-08-14 13:08:27.000000000 -0400
 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te	2008-08-25 10:50:15.000000000 -0400
@@ -20593,7 +20616,7 @@
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/postfix.te	2008-08-29 15:43:57.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/postfix.te	2008-08-29 16:32:25.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -30027,13 +30050,13 @@
 +/etc/rc\.d/init\.d/auditd	--	gen_context(system_u:object_r:auditd_script_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.5/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/system/logging.if	2008-08-29 16:22:26.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/system/logging.if	2008-08-29 16:48:08.000000000 -0400
 @@ -281,7 +281,7 @@
  	role system_r types $1;
  
  	domtrans_pattern(audisp_t, $2, $1)
 -	allow $1 audisp_t:process signal;
-+	allow audisp_t $1:process { sigkill sigstop signull signal }
++	allow audisp_t $1:process { sigkill sigstop signull signal };
  
  	allow audisp_t $2:file getattr;
  	allow $1 audisp_t:unix_stream_socket rw_socket_perms;


