rpms/selinux-policy-targeted/devel policy-20050425.patch, 1.5, 1.6 selinux-policy-targeted.spec, 1.289, 1.290
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Apr 29 19:02:41 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6202
Modified Files:
policy-20050425.patch selinux-policy-targeted.spec
Log Message:
* Fri Apr 29 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-7
- Fixes for consoletype, kudzu reading proc_t
- Add label /dev/adb
policy-20050425.patch:
domains/misc/kernel.te | 4 +-
domains/program/fsadm.te | 2 -
domains/program/getty.te | 14 ++-------
domains/program/hostname.te | 1
domains/program/ifconfig.te | 2 +
domains/program/init.te | 4 +-
domains/program/initrc.te | 1
domains/program/klogd.te | 3 +
domains/program/load_policy.te | 3 -
domains/program/modutil.te | 2 -
domains/program/mount.te | 1
domains/program/unused/NetworkManager.te | 4 ++
domains/program/unused/amanda.te | 2 +
domains/program/unused/amavis.te | 7 ----
domains/program/unused/apache.te | 16 +++-------
domains/program/unused/apmd.te | 3 +
domains/program/unused/auditd.te | 20 +++++++++----
domains/program/unused/cardmgr.te | 4 +-
domains/program/unused/clamav.te | 2 -
domains/program/unused/consoletype.te | 14 ++++-----
domains/program/unused/cups.te | 3 +
domains/program/unused/cyrus.te | 4 --
domains/program/unused/hald.te | 6 +++
domains/program/unused/hotplug.te | 10 +-----
domains/program/unused/i18n_input.te | 2 +
domains/program/unused/kudzu.te | 1
domains/program/unused/lvm.te | 2 -
domains/program/unused/ntpd.te | 7 ++--
domains/program/unused/portmap.te | 5 +--
domains/program/unused/samba.te | 1
domains/program/unused/snmpd.te | 2 -
domains/program/unused/squid.te | 4 --
domains/program/unused/tinydns.te | 2 -
domains/program/unused/udev.te | 8 +++--
domains/program/unused/updfstab.te | 6 +++
domains/program/unused/webalizer.te | 2 -
domains/user.te | 16 +++++++++-
file_contexts/distros.fc | 2 +
file_contexts/program/apache.fc | 3 +
file_contexts/program/compat.fc | 17 +++++++----
file_contexts/program/crack.fc | 1
file_contexts/program/cups.fc | 1
file_contexts/program/getty.fc | 2 +
file_contexts/program/i18n_input.fc | 4 ++
file_contexts/program/lvm.fc | 1
file_contexts/program/portmap.fc | 1
file_contexts/program/rhgb.fc | 1
file_contexts/program/traceroute.fc | 1
file_contexts/program/webalizer.fc | 2 +
file_contexts/types.fc | 9 +++++
flask/access_vectors | 2 +
macros/base_user_macros.te | 10 +++++-
macros/core_macros.te | 5 +--
macros/global_macros.te | 22 +++++++++++++-
macros/program/cdrecord_macros.te | 2 -
macros/program/chkpwd_macros.te | 4 +-
macros/program/mozilla_macros.te | 2 -
macros/program/su_macros.te | 2 -
macros/program/xserver_macros.te | 2 +
man/man8/httpd_selinux.8 | 6 +++
targeted/appconfig/default_contexts | 1
targeted/domains/program/compat.te | 7 ----
targeted/domains/program/crond.te | 2 -
targeted/domains/program/hotplug.te | 17 -----------
targeted/domains/program/sendmail.te | 3 +
targeted/domains/program/udev.te | 17 -----------
targeted/domains/program/xdm.te | 1
targeted/domains/unconfined.te | 12 +++++--
targeted/initial_sid_contexts | 47 -------------------------------
tunables/distro.tun | 2 -
tunables/tunable.tun | 6 +--
types/network.te | 1
72 files changed, 214 insertions(+), 194 deletions(-)
Index: policy-20050425.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050425.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20050425.patch 28 Apr 2005 15:01:23 -0000 1.5
+++ policy-20050425.patch 29 Apr 2005 19:02:38 -0000 1.6
@@ -140,6 +140,18 @@
read_locale(load_policy_t)
-r_dir_file(load_policy_t, selinux_config_t)
-allow load_policy_t proc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.23.13/domains/program/modutil.te
+--- nsapolicy/domains/program/modutil.te 2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/modutil.te 2005-04-29 14:29:59.000000000 -0400
+@@ -143,7 +143,7 @@
+ allow insmod_t proc_t:dir search;
+ allow insmod_t sysctl_kernel_t:file { setattr rw_file_perms };
+
+-allow insmod_t proc_t:file { getattr read };
++allow insmod_t proc_t:file rw_file_perms;
+ allow insmod_t proc_t:lnk_file read;
+
+ # Write to /proc/mtrr.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.23.13/domains/program/mount.te
--- nsapolicy/domains/program/mount.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/mount.te 2005-04-27 10:42:39.000000000 -0400
@@ -248,7 +260,16 @@
-allow httpd_t var_t:file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.23.13/domains/program/unused/apmd.te
--- nsapolicy/domains/program/unused/apmd.te 2005-04-27 10:28:49.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/apmd.te 2005-04-25 16:03:20.000000000 -0400
++++ policy-1.23.13/domains/program/unused/apmd.te 2005-04-29 14:00:04.000000000 -0400
+@@ -31,7 +31,7 @@
+
+ allow apmd_t device_t:lnk_file read;
+ allow apmd_t proc_t:file { getattr read };
+-read_sysctl(apmd_t)
++can_sysctl(apmd_t)
+ allow apmd_t self:unix_dgram_socket create_socket_perms;
+ allow apmd_t self:unix_stream_socket create_stream_socket_perms;
+ allow apmd_t self:fifo_file rw_file_perms;
@@ -108,6 +108,7 @@
#
# Allow it to run killof5 and pidof
@@ -259,7 +280,7 @@
# Same for apm/acpid scripts
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.13/domains/program/unused/auditd.te
--- nsapolicy/domains/program/unused/auditd.te 2005-04-27 10:28:49.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/auditd.te 2005-04-28 10:34:37.000000000 -0400
++++ policy-1.23.13/domains/program/unused/auditd.te 2005-04-29 14:23:01.000000000 -0400
@@ -2,6 +2,8 @@
#
# Authors: Colin Walters <walters at verbum.org>
@@ -269,7 +290,13 @@
define(`audit_manager_domain', `
allow $1 auditd_etc_t:file rw_file_perms;
create_dir_file($1, auditd_log_t)
-@@ -15,10 +17,10 @@
+@@ -10,15 +12,15 @@
+
+ daemon_domain(auditd)
+
+-allow auditd_t self:netlink_audit_socket create_netlink_socket_perms;
++allow auditd_t self:netlink_audit_socket { nlmsg_readpriv create_netlink_socket_perms };
+ allow auditd_t self:unix_dgram_socket create_socket_perms;
allow auditd_t self:capability { audit_write audit_control sys_nice };
allow auditd_t etc_t:file { getattr read };
@@ -283,6 +310,15 @@
can_exec(auditd_t, init_exec_t)
+@@ -28,7 +30,7 @@
+ type auditctl_t, domain, privlog;
+ type auditctl_exec_t, file_type, sysadmfile;
+ uses_shlib(auditctl_t)
+-allow auditctl_t self:netlink_audit_socket create_netlink_socket_perms;
++allow auditctl_t self:netlink_audit_socket { nlmsg_readpriv create_netlink_socket_perms };
+ allow auditctl_t self:capability { audit_write audit_control };
+ allow auditctl_t etc_t:file { getattr read };
+ allow auditctl_t admin_tty_type:chr_file rw_file_perms;
@@ -43,7 +45,15 @@
ifdef(`separate_secadm', `', `
audit_manager_domain(sysadm_t)
@@ -327,7 +363,7 @@
# not sure why it needs this
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/consoletype.te policy-1.23.13/domains/program/unused/consoletype.te
--- nsapolicy/domains/program/unused/consoletype.te 2005-04-27 10:28:50.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/consoletype.te 2005-04-25 15:18:00.000000000 -0400
++++ policy-1.23.13/domains/program/unused/consoletype.te 2005-04-29 13:30:02.000000000 -0400
@@ -19,29 +19,28 @@
uses_shlib(consoletype_t)
general_domain_access(consoletype_t)
@@ -364,6 +400,14 @@
allow consoletype_t nfs_t:file write;
allow consoletype_t sysadm_t:fifo_file rw_file_perms;
+@@ -58,6 +57,7 @@
+ ifdef(`firstboot.te', `
+ allow consoletype_t firstboot_t:fifo_file write;
+ ')
++dontaudit consoletype_t proc_t:dir search;
+ dontaudit consoletype_t proc_t:file read;
+ dontaudit consoletype_t root_t:file read;
+ allow consoletype_t crond_t:fifo_file { read getattr ioctl };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.13/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.13/domains/program/unused/cups.te 2005-04-28 10:38:02.000000000 -0400
@@ -417,7 +461,16 @@
allow cyrus_t mail_port_t:tcp_socket name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.13/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2005-04-27 10:28:51.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/hald.te 2005-04-25 15:18:00.000000000 -0400
++++ policy-1.23.13/domains/program/unused/hald.te 2005-04-29 13:52:09.000000000 -0400
+@@ -15,7 +15,7 @@
+ can_exec_any(hald_t)
+
+ allow hald_t { etc_t etc_runtime_t }:file { getattr read };
+-allow hald_t self:unix_stream_socket create_stream_socket_perms;
++allow hald_t self:unix_stream_socket { connectto create_stream_socket_perms };
+ allow hald_t self:unix_dgram_socket create_socket_perms;
+
+ ifdef(`dbusd.te', `
@@ -93,3 +93,7 @@
ifdef(`lvm.te', `
allow hald_t lvm_control_t:chr_file r_file_perms;
@@ -428,7 +481,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.13/domains/program/unused/hotplug.te
--- nsapolicy/domains/program/unused/hotplug.te 2005-04-27 10:28:51.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/hotplug.te 2005-04-25 15:18:00.000000000 -0400
++++ policy-1.23.13/domains/program/unused/hotplug.te 2005-04-29 14:29:12.000000000 -0400
@@ -83,7 +83,9 @@
allow hotplug_t self:file getattr;
@@ -449,7 +502,8 @@
-unconfined_domain(hotplug_t)
-')
-
- allow kernel_t hotplug_etc_t:dir search;
+-allow kernel_t hotplug_etc_t:dir search;
++allow { insmod_t kernel_t } hotplug_etc_t:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/i18n_input.te policy-1.23.13/domains/program/unused/i18n_input.te
--- nsapolicy/domains/program/unused/i18n_input.te 2005-04-27 10:28:51.000000000 -0400
+++ policy-1.23.13/domains/program/unused/i18n_input.te 2005-04-28 10:52:08.000000000 -0400
@@ -466,6 +520,29 @@
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
+allow i18n_input_t usr_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/kudzu.te policy-1.23.13/domains/program/unused/kudzu.te
+--- nsapolicy/domains/program/unused/kudzu.te 2005-04-27 10:28:51.000000000 -0400
++++ policy-1.23.13/domains/program/unused/kudzu.te 2005-04-29 13:29:29.000000000 -0400
+@@ -26,6 +26,7 @@
+ allow kudzu_t mouse_device_t:chr_file { read write };
+ allow kudzu_t proc_net_t:dir r_dir_perms;
+ allow kudzu_t { proc_net_t proc_t }:file { getattr read };
++allow kudzu_t proc_t:lnk_file getattr;
+ allow kudzu_t { fixed_disk_device_t removable_device_t }:blk_file rw_file_perms;
+ allow kudzu_t scsi_generic_device_t:chr_file r_file_perms;
+ allow kudzu_t { bin_t sbin_t }:dir { getattr search };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/lvm.te policy-1.23.13/domains/program/unused/lvm.te
+--- nsapolicy/domains/program/unused/lvm.te 2005-04-27 10:28:51.000000000 -0400
++++ policy-1.23.13/domains/program/unused/lvm.te 2005-04-29 14:30:46.000000000 -0400
+@@ -112,7 +112,7 @@
+ allow lvm_t lvm_control_t:chr_file rw_file_perms;
+ allow initrc_t lvm_control_t:chr_file { getattr read unlink };
+ allow initrc_t device_t:chr_file create;
+-dontaudit lvm_t var_run_t:dir getattr;
++var_run_domain(lvm)
+
+ # for when /usr is not mounted
+ dontaudit lvm_t file_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.13/domains/program/unused/NetworkManager.te
--- nsapolicy/domains/program/unused/NetworkManager.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/NetworkManager.te 2005-04-27 16:52:07.000000000 -0400
@@ -631,7 +708,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/updfstab.te policy-1.23.13/domains/program/unused/updfstab.te
--- nsapolicy/domains/program/unused/updfstab.te 2005-04-27 10:28:53.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/updfstab.te 2005-04-28 10:35:40.000000000 -0400
++++ policy-1.23.13/domains/program/unused/updfstab.te 2005-04-29 13:53:21.000000000 -0400
@@ -31,6 +31,8 @@
ifdef(`dbusd.te', `
dbusd_client(system, updfstab)
@@ -641,6 +718,14 @@
')
# not sure what the sysctl_kernel_t file is, or why it wants to write it, so
+@@ -73,3 +75,7 @@
+ dontaudit updfstab_t { home_dir_type home_type }:dir search;
+ allow updfstab_t fs_t:filesystem { getattr };
+ allow updfstab_t tmpfs_t:dir getattr;
++ifdef(`hald.te', `
++can_unix_connect(updfstab_t, hald_t)
++')
++
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.23.13/domains/program/unused/webalizer.te
--- nsapolicy/domains/program/unused/webalizer.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/domains/program/unused/webalizer.te 2005-04-25 15:18:00.000000000 -0400
@@ -687,12 +772,13 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.23.13/file_contexts/distros.fc
--- nsapolicy/file_contexts/distros.fc 2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.13/file_contexts/distros.fc 2005-04-25 15:18:00.000000000 -0400
-@@ -37,6 +37,7 @@
++++ policy-1.23.13/file_contexts/distros.fc 2005-04-29 13:46:24.000000000 -0400
+@@ -37,6 +37,8 @@
/usr/share/texmf/web2c/mktexupd -- system_u:object_r:bin_t
/usr/share/ssl/certs(/.*)? system_u:object_r:cert_t
/usr/share/ssl/private(/.*)? system_u:object_r:cert_t
-+/etc/pki(/.*)? system_u:object_r:cert_t
++/etc/pki(/.*)? system_u:object_r:cert_t
++/etc/rhgb(/.*)? -d system_u:object_r:mnt_t
/usr/share/ssl/misc(/.*)? system_u:object_r:bin_t
#
# /emul/ia32-linux/usr
@@ -809,6 +895,12 @@
/usr/sbin/pmap_set -- system_u:object_r:portmap_helper_exec_t
')
+/var/run/portmap.upgrade-state -- system_u:object_r:portmap_var_run_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rhgb.fc policy-1.23.13/file_contexts/program/rhgb.fc
+--- nsapolicy/file_contexts/program/rhgb.fc 2005-02-24 14:51:08.000000000 -0500
++++ policy-1.23.13/file_contexts/program/rhgb.fc 2005-04-29 13:46:07.000000000 -0400
+@@ -1,2 +1 @@
+ /usr/bin/rhgb -- system_u:object_r:rhgb_exec_t
+-/etc/rhgb(/.*)? -d system_u:object_r:mnt_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/traceroute.fc policy-1.23.13/file_contexts/program/traceroute.fc
--- nsapolicy/file_contexts/program/traceroute.fc 2005-04-25 14:48:59.000000000 -0400
+++ policy-1.23.13/file_contexts/program/traceroute.fc 2005-04-25 15:18:00.000000000 -0400
@@ -829,7 +921,7 @@
+/var/lib/webalizer(/.*) system_u:object_r:webalizer_var_lib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.13/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.13/file_contexts/types.fc 2005-04-26 08:20:01.000000000 -0400
++++ policy-1.23.13/file_contexts/types.fc 2005-04-29 13:35:04.000000000 -0400
@@ -58,7 +58,7 @@
#
@@ -839,7 +931,15 @@
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
/mnt/[^/]*/.* <<none>>
/media(/[^/]*)? -d system_u:object_r:mnt_t
-@@ -157,6 +157,7 @@
+@@ -129,6 +129,7 @@
+ /dev/nvram -c system_u:object_r:memory_device_t
+ /dev/random -c system_u:object_r:random_device_t
+ /dev/urandom -c system_u:object_r:urandom_device_t
++/dev/adb.* -c system_u:object_r:tty_device_t
+ /dev/capi.* -c system_u:object_r:tty_device_t
+ /dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
+ /dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
+@@ -157,6 +158,7 @@
/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t
@@ -847,7 +947,7 @@
/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t
-@@ -461,6 +462,11 @@
+@@ -461,6 +463,11 @@
/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t
#
@@ -990,6 +1090,25 @@
allow $1_cdrecord_t device_t:lnk_file { getattr read };
# allow cdrecord to write the CD
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.23.13/macros/program/chkpwd_macros.te
+--- nsapolicy/macros/program/chkpwd_macros.te 2005-04-27 10:28:54.000000000 -0400
++++ policy-1.23.13/macros/program/chkpwd_macros.te 2005-04-29 14:34:09.000000000 -0400
+@@ -31,13 +31,13 @@
+ ifelse($1, system, `
+ domain_auto_trans(auth_chkpwd, chkpwd_exec_t, system_chkpwd_t)
+ allow auth_chkpwd sbin_t:dir search;
+-allow auth_chkpwd self:netlink_audit_socket create_netlink_socket_perms;
++allow auth_chkpwd self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+ dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
+ dontaudit auth_chkpwd shadow_t:file { getattr read };
+ ', `
+ domain_auto_trans($1_t, chkpwd_exec_t, $1_chkpwd_t)
+ allow $1_t sbin_t:dir search;
+-allow $1_t self:netlink_audit_socket create_netlink_socket_perms;
++allow $1_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+
+ # Write to the user domain tty.
+ access_terminal($1_chkpwd_t, $1)
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.13/macros/program/mozilla_macros.te
--- nsapolicy/macros/program/mozilla_macros.te 2005-04-27 10:28:55.000000000 -0400
+++ policy-1.23.13/macros/program/mozilla_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -1002,6 +1121,18 @@
#allow $1_mozilla_t port_type:tcp_socket name_connect;
uses_shlib($1_mozilla_t)
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/su_macros.te policy-1.23.13/macros/program/su_macros.te
+--- nsapolicy/macros/program/su_macros.te 2005-04-27 10:28:55.000000000 -0400
++++ policy-1.23.13/macros/program/su_macros.te 2005-04-29 14:34:15.000000000 -0400
+@@ -90,7 +90,7 @@
+
+ ifdef(`chkpwd.te', `
+ domain_auto_trans($1_su_t, chkpwd_exec_t, $2_chkpwd_t)
+-allow $1_su_t self:netlink_audit_socket create_netlink_socket_perms;
++allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+ ')
+
+ ') dnl end su_restricted_domain
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xserver_macros.te policy-1.23.13/macros/program/xserver_macros.te
--- nsapolicy/macros/program/xserver_macros.te 2005-04-27 10:28:55.000000000 -0400
+++ policy-1.23.13/macros/program/xserver_macros.te 2005-04-28 10:47:53.000000000 -0400
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.289
retrieving revision 1.290
diff -u -r1.289 -r1.290
--- selinux-policy-targeted.spec 28 Apr 2005 15:00:10 -0000 1.289
+++ selinux-policy-targeted.spec 29 Apr 2005 19:02:38 -0000 1.290
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.13
-Release: 5
+Release: 7
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -52,7 +52,7 @@
mv domains/misc/unused/kernel.te domains/misc/
mv domains/program/*.te domains/program/unused/
rm domains/*.te
-for i in amanda.te apache.te apmd.te arpwatch.te auditd.te bluetooth.te checkpolicy.te cardmgr.te chkpwd.te comsat.te consoletype.te cpucontrol.te cpuspeed.te cups.te cvs.te cyrus.te dbskkd.te dmidecode.te dbusd.te dhcpc.te dhcpd.te dictd.te dovecot.te fingerd.te fsadm.te ftpd.te getty.te hald.te hostname.te hotplug.te howl.te hwclock.te kudzu.te i18n_input.te ifconfig.te init.te initrc.te inetd.te innd.te kerberos.te klogd.te ktalkd.te ldconfig.te load_policy.te login.te lpd.te mailman.te modutil.te mta.te mysqld.te named.te netutils.te NetworkManager.te nscd.te ntpd.te portmap.te postgresql.te pppd.te privoxy.te radius.te radvd.te restorecon.te rlogind.te rpcd.te rshd.te rsync.te saslauthd.te samba.te setfiles.te slapd.te snmpd.te squid.te stunnel.te syslogd.te telnetd.te tftpd.te udev.te updfstab.te uucpd.te webalizer.te winbind.te ypbind.te ypserv.te zebra.te; do
+for i in amanda.te apache.te apmd.te arpwatch.te auditd.te bluetooth.te checkpolicy.te canna.te cardmgr.te chkpwd.te comsat.te consoletype.te cpucontrol.te cpuspeed.te cups.te cvs.te cyrus.te dbskkd.te dmidecode.te dbusd.te dhcpc.te dhcpd.te dictd.te dovecot.te fingerd.te fsadm.te ftpd.te getty.te hald.te hostname.te hotplug.te howl.te hwclock.te kudzu.te i18n_input.te ifconfig.te init.te initrc.te inetd.te innd.te kerberos.te klogd.te ktalkd.te ldconfig.te load_policy.te login.te lpd.te mailman.te modutil.te mta.te mysqld.te named.te netutils.te NetworkManager.te nscd.te ntpd.te portmap.te postgresql.te pppd.te privoxy.te radius.te radvd.te restorecon.te rlogind.te rpcd.te rshd.te rsync.te saslauthd.te samba.te setfiles.te slapd.te snmpd.te squid.te stunnel.te syslogd.te telnetd.te tftpd.te udev.te updfstab.te uucpd.te webalizer.te winbind.te ypbind.te ypserv.te zebra.te; do
mv domains/program/unused/$i domains/program/
done
rm -rf domains/program/unused
@@ -234,7 +234,12 @@
exit 0
%changelog
-* Thu Apr 28 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-5
+* Fri Apr 29 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-7
+- Fixes for consoletype, kudzu reading proc_t
+- Add label /dev/adb
+
+* Thu Apr 28 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-6
+- Allow hal to connect to self
- Fix turboprint/cups problem.
- Fixes fir i18n_input errors
More information about the fedora-cvs-commits
mailing list