rpms/selinux-policy-targeted/devel policy-20050404.patch, 1.3, 1.4 selinux-policy-targeted.spec, 1.266, 1.267
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 6 18:38:57 UTC 2005
- Previous message (by thread): rpms/cpuspeed/devel idlenice.diff, NONE, 1.1 cpuspeed.spec, 1.19, 1.20 cpuspeed-smp.patch, 1.1, NONE
- Next message (by thread): rpms/NetworkManager/FC-3 .cvsignore, 1.8, 1.9 NetworkManager.spec, 1.21, 1.22 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6631
Modified Files:
policy-20050404.patch selinux-policy-targeted.spec
Log Message:
* Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-2
- Move to a later kernel version
policy-20050404.patch:
domains/program/unused/NetworkManager.te | 82 +++++++++++++++++++++++++++++++
domains/program/unused/apache.te | 6 ++
domains/program/unused/hald.te | 1
file_contexts/distros.fc | 4 +
file_contexts/program/NetworkManager.fc | 2
macros/base_user_macros.te | 16 +-----
macros/global_macros.te | 3 +
macros/program/apache_macros.te | 2
macros/program/dbusd_macros.te | 4 +
macros/program/games_domain.te | 2
macros/program/gift_macros.te | 9 ++-
macros/program/java_macros.te | 33 +-----------
macros/program/mozilla_macros.te | 6 +-
macros/program/mplayer_macros.te | 16 ++++--
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 24 ---------
macros/program/tvtime_macros.te | 6 +-
macros/program/x_client_macros.te | 67 +++++++++++++------------
man/man8/httpd_selinux.8 | 15 +++++
targeted/domains/program/modutil.te | 17 ------
tunables/distro.tun | 2
tunables/tunable.tun | 12 ++--
22 files changed, 196 insertions(+), 135 deletions(-)
Index: policy-20050404.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050404.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050404.patch 6 Apr 2005 12:22:56 -0000 1.3
+++ policy-20050404.patch 6 Apr 2005 18:38:54 -0000 1.4
@@ -27,8 +27,8 @@
allow hald_t self:capability { net_admin sys_admin dac_override dac_read_search mknod };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.8/domains/program/unused/NetworkManager.te
--- nsapolicy/domains/program/unused/NetworkManager.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.8/domains/program/unused/NetworkManager.te 2005-04-06 07:31:54.000000000 -0400
-@@ -0,0 +1,78 @@
++++ policy-1.23.8/domains/program/unused/NetworkManager.te 2005-04-06 12:01:45.000000000 -0400
+@@ -0,0 +1,82 @@
+#DESC NetworkManager -
+#
+# Authors: Dan Walsh <dwalsh at redhat.com>
@@ -78,9 +78,13 @@
+ifdef(`dbusd.te', `
+dbusd_client(system, NetworkManager)
+allow NetworkManager_t system_dbusd_t:dbus { acquire_svc send_msg };
++ifdef(`hald.te', `
+allow NetworkManager_t hald_t:dbus send_msg;
+allow hald_t NetworkManager_t:dbus send_msg;
+')
++allow NetworkManager_t initrc_t:dbus send_msg;
++allow initrc_t NetworkManager_t:dbus send_msg;
++')
+
+allow NetworkManager_t usr_t:file { getattr read };
+
@@ -137,6 +141,15 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.8/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.8/macros/base_user_macros.te 2005-04-06 07:32:06.000000000 -0400
+@@ -124,8 +124,6 @@
+ # Use the type when relabeling pty devices.
+ type_change $1_t server_pty:chr_file $1_devpts_t;
+
+-tmpfs_domain($1)
+-
+ ifdef(`cardmgr.te', `
+ # to allow monitoring of pcmcia status
+ allow $1_t cardmgr_var_run_t:file { getattr read };
@@ -282,6 +280,9 @@
#
dontaudit $1_t usr_t:file setattr;
@@ -172,6 +185,24 @@
')dnl end ifdef xdm.te
# Access the sound device.
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.8/macros/global_macros.te
+--- nsapolicy/macros/global_macros.te 2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.8/macros/global_macros.te 2005-04-06 08:25:01.000000000 -0400
+@@ -433,11 +433,14 @@
+ ')
+
+ define(`tmpfs_domain', `
++ifdef(`$1_tmpfs_t_defined',`', `
++define(`$1_tmpfs_t_defined')
+ type $1_tmpfs_t, file_type, sysadmfile, tmpfsfile;
+ # Use this type when creating tmpfs/shm objects.
+ file_type_auto_trans($1_t, tmpfs_t, $1_tmpfs_t)
+ allow $1_tmpfs_t tmpfs_t:filesystem associate;
+ ')
++')
+
+ define(`var_lib_domain', `
+ type $1_var_lib_t, file_type, sysadmfile;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.23.8/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.8/macros/program/apache_macros.te 2005-04-06 07:31:54.000000000 -0400
@@ -185,9 +216,35 @@
')
define(`apache_user_domain', `
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.23.8/macros/program/dbusd_macros.te
+--- nsapolicy/macros/program/dbusd_macros.te 2005-02-24 14:51:09.000000000 -0500
++++ policy-1.23.8/macros/program/dbusd_macros.te 2005-04-06 12:03:45.000000000 -0400
+@@ -41,6 +41,10 @@
+ allow $1_dbusd_t self:file { getattr read };
+ allow $1_dbusd_t proc_t:file read;
+
++can_getsecurity($1_dbusd_t)
++r_dir_file($1_dbusd_t, default_context_t)
++allow system_dbusd_t self:netlink_selinux_socket create_socket_perms;
++
+ ifdef(`pamconsole.te', `
+ r_dir_file($1_dbusd_t, pam_var_console_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/games_domain.te policy-1.23.8/macros/program/games_domain.te
+--- nsapolicy/macros/program/games_domain.te 2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.8/macros/program/games_domain.te 2005-04-06 08:32:36.000000000 -0400
+@@ -20,7 +20,7 @@
+ role $1_r types $1_games_t;
+
+ # X access, /tmp files
+-x_client_domain($1, games)
++x_client_domain($1_games, $1)
+ tmp_domain($1_games)
+
+ uses_shlib($1_games_t)
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/gift_macros.te policy-1.23.8/macros/program/gift_macros.te
--- nsapolicy/macros/program/gift_macros.te 2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.8/macros/program/gift_macros.te 2005-04-06 07:32:06.000000000 -0400
++++ policy-1.23.8/macros/program/gift_macros.te 2005-04-06 14:24:33.000000000 -0400
@@ -18,7 +18,7 @@
role $1_r types $1_gift_t;
@@ -214,6 +271,15 @@
# Launch gift daemon
allow $1_gift_t bin_t:dir search;
+@@ -92,7 +95,7 @@
+
+ # Read /proc/meminfo
+ allow $1_giftd_t proc_t:dir search;
+-allow $1_giftd_t proc_t:file read;
++allow $1_giftd_t proc_t:file { getattr read };
+
+ # Read /etc/mtab
+ allow $1_giftd_t etc_runtime_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/java_macros.te policy-1.23.8/macros/program/java_macros.te
--- nsapolicy/macros/program/java_macros.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.8/macros/program/java_macros.te 2005-04-06 07:37:13.000000000 -0400
@@ -295,7 +361,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mplayer_macros.te policy-1.23.8/macros/program/mplayer_macros.te
--- nsapolicy/macros/program/mplayer_macros.te 2005-03-21 22:32:19.000000000 -0500
-+++ policy-1.23.8/macros/program/mplayer_macros.te 2005-04-06 07:32:06.000000000 -0400
++++ policy-1.23.8/macros/program/mplayer_macros.te 2005-04-06 14:24:33.000000000 -0400
@@ -15,6 +15,10 @@
# Read global config
r_dir_file($1_$2_t, mplayer_etc_t)
@@ -307,7 +373,7 @@
# Read data in /usr/share (fonts, icons..)
r_dir_file($1_$2_t, usr_t)
-@@ -72,7 +76,7 @@
+@@ -72,22 +76,24 @@
# Home access, X access, Browse files
home_domain($1, mplayer)
@@ -316,6 +382,27 @@
file_browse_domain($1_mplayer_t)
# Mplayer common stuff
+ mplayer_common($1, mplayer)
+
+-# Audio
++# Fork
++allow $1_mplayer_t self:process { fork signal_perms getsched };
++
++# Audio, alsa.conf
+ allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;
++allow $1_mplayer_t etc_t:file read;
+
+ # RTC clock
+ allow $1_mplayer_t clock_device_t:chr_file { ioctl read };
+
+-# Read home directory content
++# Play content from /home, and from CDs
+ r_dir_file($1_mplayer_t, $1_home_t);
+-
+-# Read CDs
+ r_dir_file($1_mplayer_t, removable_t);
+
+ # Legacy domain issues
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_agent_macros.te policy-1.23.8/macros/program/ssh_agent_macros.te
--- nsapolicy/macros/program/ssh_agent_macros.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.8/macros/program/ssh_agent_macros.te 2005-04-06 07:32:40.000000000 -0400
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -r1.266 -r1.267
--- selinux-policy-targeted.spec 6 Apr 2005 12:22:56 -0000 1.266
+++ selinux-policy-targeted.spec 6 Apr 2005 18:38:54 -0000 1.267
@@ -5,11 +5,13 @@
%define POLICYVER 19
%define POLICYCOREUTILSVER 1.22-2
%define CHECKPOLICYVER 1.21.4
+%define KERNELVER 2.6.11-1.1219
+%define LIBSELINUXVER 1.23.5-1
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.8
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -22,7 +24,7 @@
BuildArch: noarch
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: python
-PreReq: kernel >= 2.6.4-1.300 policycoreutils >= %{POLICYCOREUTILSVER}
+PreReq: kernel >= %{KERNELVER} policycoreutils >= %{POLICYCOREUTILSVER} libselinux >= %{LIBSELINUXVER}
Obsoletes: policy
%description
@@ -172,7 +174,7 @@
%package sources
Summary: SELinux example policy configuration source files
Group: System Environment/Base
-PreReq: m4 make checkpolicy >= %{CHECKPOLICYVER} policycoreutils >= %{POLICYCOREUTILSVER} kernel >= 2.6.4-1.300
+PreReq: m4 make checkpolicy >= %{CHECKPOLICYVER} policycoreutils >= %{POLICYCOREUTILSVER} kernel >= %{KERNELVER}
PreReq: selinux-policy-%{type} = %{version}-%{release}
Requires: python
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} policycoreutils
@@ -231,6 +233,9 @@
exit 0
%changelog
+* Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-2
+- Move to a later kernel version
+
* Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-1
- Update from NSA
* Added netlink_kobject_uevent_socket class.
- Previous message (by thread): rpms/cpuspeed/devel idlenice.diff, NONE, 1.1 cpuspeed.spec, 1.19, 1.20 cpuspeed-smp.patch, 1.1, NONE
- Next message (by thread): rpms/NetworkManager/FC-3 .cvsignore, 1.8, 1.9 NetworkManager.spec, 1.21, 1.22 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list