rpms/selinux-policy-targeted/devel policy-20050404.patch, 1.3, 1.4 selinux-policy-targeted.spec, 1.266, 1.267

[fedora-cvs-commits at redhat.com]

Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6631

Modified Files:
	policy-20050404.patch selinux-policy-targeted.spec 
Log Message:
* Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-2
- Move to a later kernel version


policy-20050404.patch:
 domains/program/unused/NetworkManager.te |   82 +++++++++++++++++++++++++++++++
 domains/program/unused/apache.te         |    6 ++
 domains/program/unused/hald.te           |    1 
 file_contexts/distros.fc                 |    4 +
 file_contexts/program/NetworkManager.fc  |    2 
 macros/base_user_macros.te               |   16 +-----
 macros/global_macros.te                  |    3 +
 macros/program/apache_macros.te          |    2 
 macros/program/dbusd_macros.te           |    4 +
 macros/program/games_domain.te           |    2 
 macros/program/gift_macros.te            |    9 ++-
 macros/program/java_macros.te            |   33 +-----------
 macros/program/mozilla_macros.te         |    6 +-
 macros/program/mplayer_macros.te         |   16 ++++--
 macros/program/ssh_agent_macros.te       |    2 
 macros/program/ssh_macros.te             |   24 ---------
 macros/program/tvtime_macros.te          |    6 +-
 macros/program/x_client_macros.te        |   67 +++++++++++++------------
 man/man8/httpd_selinux.8                 |   15 +++++
 targeted/domains/program/modutil.te      |   17 ------
 tunables/distro.tun                      |    2 
 tunables/tunable.tun                     |   12 ++--
 22 files changed, 196 insertions(+), 135 deletions(-)

Index: policy-20050404.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050404.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050404.patch	6 Apr 2005 12:22:56 -0000	1.3
+++ policy-20050404.patch	6 Apr 2005 18:38:54 -0000	1.4
@@ -27,8 +27,8 @@
  allow hald_t self:capability { net_admin sys_admin dac_override dac_read_search mknod };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.8/domains/program/unused/NetworkManager.te
 --- nsapolicy/domains/program/unused/NetworkManager.te	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.8/domains/program/unused/NetworkManager.te	2005-04-06 07:31:54.000000000 -0400
-@@ -0,0 +1,78 @@
++++ policy-1.23.8/domains/program/unused/NetworkManager.te	2005-04-06 12:01:45.000000000 -0400
+@@ -0,0 +1,82 @@
 +#DESC NetworkManager - 
 +#
 +# Authors: Dan Walsh <dwalsh at redhat.com>
@@ -78,9 +78,13 @@
 +ifdef(`dbusd.te', `
 +dbusd_client(system, NetworkManager)
 +allow NetworkManager_t system_dbusd_t:dbus { acquire_svc send_msg };
++ifdef(`hald.te', `
 +allow NetworkManager_t hald_t:dbus send_msg;
 +allow hald_t NetworkManager_t:dbus send_msg;
 +')
++allow NetworkManager_t initrc_t:dbus send_msg;
++allow initrc_t NetworkManager_t:dbus send_msg;
++')
 +
 +allow NetworkManager_t usr_t:file { getattr read };
 +
@@ -137,6 +141,15 @@
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.8/macros/base_user_macros.te
 --- nsapolicy/macros/base_user_macros.te	2005-04-06 06:57:44.000000000 -0400
 +++ policy-1.23.8/macros/base_user_macros.te	2005-04-06 07:32:06.000000000 -0400
+@@ -124,8 +124,6 @@
+ # Use the type when relabeling pty devices.
+ type_change $1_t server_pty:chr_file $1_devpts_t;
+ 
+-tmpfs_domain($1)
+-
+ ifdef(`cardmgr.te', `
+ # to allow monitoring of pcmcia status
+ allow $1_t cardmgr_var_run_t:file { getattr read };
 @@ -282,6 +280,9 @@
  #
  dontaudit $1_t usr_t:file setattr;
@@ -172,6 +185,24 @@
  ')dnl end ifdef xdm.te
  
  # Access the sound device.
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.8/macros/global_macros.te
+--- nsapolicy/macros/global_macros.te	2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.8/macros/global_macros.te	2005-04-06 08:25:01.000000000 -0400
+@@ -433,11 +433,14 @@
+ ')
+ 
+ define(`tmpfs_domain', `
++ifdef(`$1_tmpfs_t_defined',`', `
++define(`$1_tmpfs_t_defined')
+ type $1_tmpfs_t, file_type, sysadmfile, tmpfsfile;
+ # Use this type when creating tmpfs/shm objects.
+ file_type_auto_trans($1_t, tmpfs_t, $1_tmpfs_t)
+ allow $1_tmpfs_t tmpfs_t:filesystem associate;
+ ')
++')
+ 
+ define(`var_lib_domain', `
+ type $1_var_lib_t, file_type, sysadmfile;
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.23.8/macros/program/apache_macros.te
 --- nsapolicy/macros/program/apache_macros.te	2005-04-06 06:57:44.000000000 -0400
 +++ policy-1.23.8/macros/program/apache_macros.te	2005-04-06 07:31:54.000000000 -0400
@@ -185,9 +216,35 @@
  
  ')
  define(`apache_user_domain', `
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.23.8/macros/program/dbusd_macros.te
+--- nsapolicy/macros/program/dbusd_macros.te	2005-02-24 14:51:09.000000000 -0500
++++ policy-1.23.8/macros/program/dbusd_macros.te	2005-04-06 12:03:45.000000000 -0400
+@@ -41,6 +41,10 @@
+ allow $1_dbusd_t self:file { getattr read };
+ allow $1_dbusd_t proc_t:file read;
+ 
++can_getsecurity($1_dbusd_t)
++r_dir_file($1_dbusd_t, default_context_t)
++allow system_dbusd_t self:netlink_selinux_socket create_socket_perms;
++
+ ifdef(`pamconsole.te', `
+ r_dir_file($1_dbusd_t, pam_var_console_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/games_domain.te policy-1.23.8/macros/program/games_domain.te
+--- nsapolicy/macros/program/games_domain.te	2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.8/macros/program/games_domain.te	2005-04-06 08:32:36.000000000 -0400
+@@ -20,7 +20,7 @@
+ role $1_r types $1_games_t;
+ 
+ # X access, /tmp files
+-x_client_domain($1, games)
++x_client_domain($1_games, $1)
+ tmp_domain($1_games)
+ 
+ uses_shlib($1_games_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/gift_macros.te policy-1.23.8/macros/program/gift_macros.te
 --- nsapolicy/macros/program/gift_macros.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.8/macros/program/gift_macros.te	2005-04-06 07:32:06.000000000 -0400
++++ policy-1.23.8/macros/program/gift_macros.te	2005-04-06 14:24:33.000000000 -0400
 @@ -18,7 +18,7 @@
  role $1_r types $1_gift_t;
  
@@ -214,6 +271,15 @@
  
  # Launch gift daemon
  allow $1_gift_t bin_t:dir search;
+@@ -92,7 +95,7 @@
+ 
+ # Read /proc/meminfo
+ allow $1_giftd_t proc_t:dir search;
+-allow $1_giftd_t proc_t:file read;
++allow $1_giftd_t proc_t:file { getattr read };
+ 
+ # Read /etc/mtab
+ allow $1_giftd_t etc_runtime_t:file { getattr read };
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/java_macros.te policy-1.23.8/macros/program/java_macros.te
 --- nsapolicy/macros/program/java_macros.te	2005-04-06 06:57:44.000000000 -0400
 +++ policy-1.23.8/macros/program/java_macros.te	2005-04-06 07:37:13.000000000 -0400
@@ -295,7 +361,7 @@
  
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mplayer_macros.te policy-1.23.8/macros/program/mplayer_macros.te
 --- nsapolicy/macros/program/mplayer_macros.te	2005-03-21 22:32:19.000000000 -0500
-+++ policy-1.23.8/macros/program/mplayer_macros.te	2005-04-06 07:32:06.000000000 -0400
++++ policy-1.23.8/macros/program/mplayer_macros.te	2005-04-06 14:24:33.000000000 -0400
 @@ -15,6 +15,10 @@
  # Read global config
  r_dir_file($1_$2_t, mplayer_etc_t)
@@ -307,7 +373,7 @@
  # Read data in /usr/share (fonts, icons..)
  r_dir_file($1_$2_t, usr_t)
  
-@@ -72,7 +76,7 @@
+@@ -72,22 +76,24 @@
  
  # Home access, X access, Browse files
  home_domain($1, mplayer)
@@ -316,6 +382,27 @@
  file_browse_domain($1_mplayer_t)
  
  # Mplayer common stuff
+ mplayer_common($1, mplayer)
+ 
+-# Audio
++# Fork 
++allow $1_mplayer_t self:process { fork signal_perms getsched };
++
++# Audio, alsa.conf
+ allow $1_mplayer_t sound_device_t:chr_file rw_file_perms;
++allow $1_mplayer_t etc_t:file read;
+ 
+ # RTC clock 
+ allow $1_mplayer_t clock_device_t:chr_file { ioctl read };
+ 
+-# Read home directory content
++# Play content from /home, and from CDs
+ r_dir_file($1_mplayer_t, $1_home_t);
+-
+-# Read CDs
+ r_dir_file($1_mplayer_t, removable_t);
+ 
+ # Legacy domain issues
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_agent_macros.te policy-1.23.8/macros/program/ssh_agent_macros.te
 --- nsapolicy/macros/program/ssh_agent_macros.te	2005-04-06 06:57:44.000000000 -0400
 +++ policy-1.23.8/macros/program/ssh_agent_macros.te	2005-04-06 07:32:40.000000000 -0400


Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -r1.266 -r1.267
--- selinux-policy-targeted.spec	6 Apr 2005 12:22:56 -0000	1.266
+++ selinux-policy-targeted.spec	6 Apr 2005 18:38:54 -0000	1.267
@@ -5,11 +5,13 @@
 %define POLICYVER 19
 %define POLICYCOREUTILSVER 1.22-2
 %define CHECKPOLICYVER 1.21.4
+%define KERNELVER 2.6.11-1.1219 
+%define LIBSELINUXVER 1.23.5-1
 
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.23.8
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -22,7 +24,7 @@
 BuildArch: noarch
 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
 BuildRequires: python
-PreReq: kernel >= 2.6.4-1.300 policycoreutils >= %{POLICYCOREUTILSVER}
+PreReq: kernel >= %{KERNELVER} policycoreutils >= %{POLICYCOREUTILSVER} libselinux >= %{LIBSELINUXVER}
 Obsoletes: policy
 
 %description
@@ -172,7 +174,7 @@
 %package sources
 Summary: SELinux example policy configuration source files 
 Group: System Environment/Base
-PreReq: m4 make checkpolicy >= %{CHECKPOLICYVER} policycoreutils >= %{POLICYCOREUTILSVER} kernel >= 2.6.4-1.300
+PreReq: m4 make checkpolicy >= %{CHECKPOLICYVER} policycoreutils >= %{POLICYCOREUTILSVER} kernel >= %{KERNELVER} 
 PreReq: selinux-policy-%{type} = %{version}-%{release}
 Requires: python
 BuildRequires: checkpolicy  >= %{CHECKPOLICYVER} policycoreutils
@@ -231,6 +233,9 @@
 exit 0
 
 %changelog
+* Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-2
+- Move to a later kernel version
+
 * Wed Apr 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.8-1
 - Update from NSA
 	* Added netlink_kobject_uevent_socket class.