rpms/selinux-policy/devel policy-20080710.patch, 1.23, 1.24 selinux-policy.spec, 1.700, 1.701
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Aug 29 20:42:15 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15515
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Fri Aug 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-3
- Allow audit dispatcher to kill his children
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- policy-20080710.patch 29 Aug 2008 20:14:40 -0000 1.23
+++ policy-20080710.patch 29 Aug 2008 20:42:15 -0000 1.24
@@ -30027,18 +30027,17 @@
+/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.5/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 14:20:21.000000000 -0400
-@@ -281,7 +281,9 @@
++++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 16:22:26.000000000 -0400
+@@ -281,7 +281,7 @@
role system_r types $1;
domtrans_pattern(audisp_t, $2, $1)
-+# Not sure if this is necessary?
- allow $1 audisp_t:process signal;
-+ allow audisp_t $1:process signal;
+- allow $1 audisp_t:process signal;
++ allow audisp_t $1:process { sigkill sigstop signull signal }
allow audisp_t $2:file getattr;
allow $1 audisp_t:unix_stream_socket rw_socket_perms;
-@@ -699,6 +701,8 @@
+@@ -699,6 +699,8 @@
files_search_var($1)
manage_files_pattern($1,logfile,logfile)
read_lnk_files_pattern($1,logfile,logfile)
@@ -30047,7 +30046,7 @@
')
########################################
-@@ -803,6 +807,42 @@
+@@ -803,6 +805,42 @@
########################################
## <summary>
@@ -30090,7 +30089,7 @@
## All of the rules required to administrate
## the audit environment
## </summary>
-@@ -827,6 +867,7 @@
+@@ -827,6 +865,7 @@
gen_require(`
type auditd_t, auditd_etc_t, auditd_log_t;
type auditd_var_run_t;
@@ -30098,7 +30097,7 @@
')
allow $1 auditd_t:process { ptrace signal_perms };
-@@ -842,6 +883,13 @@
+@@ -842,6 +881,13 @@
manage_files_pattern($1, auditd_var_run_t, auditd_var_run_t)
logging_run_auditctl($1, $2, $3)
@@ -30112,7 +30111,7 @@
')
########################################
-@@ -862,6 +910,7 @@
+@@ -862,6 +908,7 @@
type syslogd_tmp_t, syslogd_var_lib_t;
type syslogd_var_run_t, klogd_var_run_t;
type klogd_tmp_t, var_log_t;
@@ -30120,7 +30119,7 @@
')
allow $1 syslogd_t:process { ptrace signal_perms };
-@@ -889,6 +938,12 @@
+@@ -889,6 +936,12 @@
manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
logging_manage_all_logs($1)
@@ -30133,7 +30132,7 @@
')
########################################
-@@ -915,5 +970,5 @@
+@@ -915,5 +968,5 @@
#
interface(`logging_admin',`
logging_admin_audit($1, $2, $3)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.700
retrieving revision 1.701
diff -u -r1.700 -r1.701
--- selinux-policy.spec 29 Aug 2008 18:58:58 -0000 1.700
+++ selinux-policy.spec 29 Aug 2008 20:42:15 -0000 1.701
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.5
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,6 +380,9 @@
%endif
%changelog
+* Fri Aug 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-3
+- Allow audit dispatcher to kill his children
+
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user
More information about the fedora-extras-commits
mailing list