rpms/selinux-policy-targeted/FC-3 policy-20050104.patch, 1.29, 1.30 selinux-policy-targeted.spec, 1.199, 1.200

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Apr 7 19:35:53 UTC 2005 

Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv28094

Modified Files:
	policy-20050104.patch selinux-policy-targeted.spec 
Log Message:
* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.96
- Allow snmpd to communicate with self:fifo_file.
- Add execmod/execmem privs


policy-20050104.patch:
 Makefile                              |   47 ++++++---
 attrib.te                             |    3 
 domains/program/crond.te              |    7 +
 domains/program/ldconfig.te           |   21 +++-
 domains/program/login.te              |    2 
 domains/program/logrotate.te          |   24 ++---
 domains/program/mount.te              |    2 
 domains/program/ssh.te                |    7 -
 domains/program/syslogd.te            |   36 +++++--
 domains/program/unused/acct.te        |    6 +
 domains/program/unused/apache.te      |  113 ++++++++++++++++++-----
 domains/program/unused/arpwatch.te    |   26 +++++
 domains/program/unused/cups.te        |   55 ++++++++++-
 domains/program/unused/dhcpc.te       |    5 -
 domains/program/unused/dhcpd.te       |   16 +++
 domains/program/unused/dovecot.te     |    3 
 domains/program/unused/ftpd.te        |    2 
 domains/program/unused/hald.te        |    3 
 domains/program/unused/howl.te        |    2 
 domains/program/unused/innd.te        |    7 +
 domains/program/unused/ipsec.te       |    9 +
 domains/program/unused/iptables.te    |    3 
 domains/program/unused/mailman.te     |   23 +++-
 domains/program/unused/mdadm.te       |    3 
 domains/program/unused/mta.te         |   21 +++-
 domains/program/unused/mysqld.te      |    7 -
 domains/program/unused/named.te       |   25 ++---
 domains/program/unused/nscd.te        |   26 +++--
 domains/program/unused/ntpd.te        |   21 +++-
 domains/program/unused/portmap.te     |    3 
 domains/program/unused/postfix.te     |    2 
 domains/program/unused/postgresql.te  |   47 ++++++++-
 domains/program/unused/procmail.te    |    1 
 domains/program/unused/rpcd.te        |    2 
 domains/program/unused/rpm.te         |    5 -
 domains/program/unused/rsync.te       |    2 
 domains/program/unused/samba.te       |    4 
 domains/program/unused/sendmail.te    |    2 
 domains/program/unused/slrnpull.te    |    1 
 domains/program/unused/snmpd.te       |   14 +-
 domains/program/unused/spamd.te       |    2 
 domains/program/unused/squid.te       |   21 ++--
 domains/program/unused/udev.te        |    5 -
 domains/program/unused/updfstab.te    |    1 
 domains/program/unused/winbind.te     |   34 +++++++
 domains/program/unused/xdm.te         |    4 
 domains/program/unused/ypbind.te      |    2 
 domains/program/unused/ypserv.te      |    7 +
 domains/user.te                       |    6 +
 file_contexts/distros.fc              |   76 +++++++++++-----
 file_contexts/program/apache.fc       |   14 ++
 file_contexts/program/arpwatch.fc     |    3 
 file_contexts/program/cups.fc         |    5 -
 file_contexts/program/dhcpd.fc        |    2 
 file_contexts/program/ipsec.fc        |   11 +-
 file_contexts/program/mailman.fc      |   15 +--
 file_contexts/program/mta.fc          |    5 +
 file_contexts/program/mysqld.fc       |    4 
 file_contexts/program/named.fc        |   17 ++-
 file_contexts/program/nscd.fc         |    3 
 file_contexts/program/ntpd.fc         |    2 
 file_contexts/program/postgresql.fc   |   23 +---
 file_contexts/program/sendmail.fc     |    1 
 file_contexts/program/snmpd.fc        |    3 
 file_contexts/program/squid.fc        |    2 
 file_contexts/program/winbind.fc      |   10 ++
 file_contexts/types.fc                |  161 +++++++++++-----------------------
 flask/access_vectors                  |   15 +++
 macros/base_user_macros.te            |    9 +
 macros/core_macros.te                 |    2 
 macros/global_macros.te               |    6 -
 macros/program/apache_macros.te       |   85 ++++++++++-------
 macros/program/mount_macros.te        |    2 
 macros/program/mozilla_macros.te      |    2 
 macros/program/mta_macros.te          |    5 -
 macros/program/newrole_macros.te      |    2 
 macros/program/spamassassin_macros.te |    5 -
 macros/program/ssh_agent_macros.te    |    2 
 macros/program/ssh_macros.te          |    2 
 macros/program/su_macros.te           |    2 
 macros/program/userhelper_macros.te   |    3 
 macros/program/xauth_macros.te        |    2 
 macros/program/xserver_macros.te      |    4 
 macros/program/ypbind_macros.te       |   24 +----
 targeted/assert.te                    |    4 
 targeted/domains/program/hotplug.te   |    4 
 targeted/domains/program/initrc.te    |    2 
 targeted/domains/unconfined.te        |   15 ++-
 tunables/distro.tun                   |    2 
 tunables/tunable.tun                  |   21 +---
 types/device.te                       |    6 +
 types/file.te                         |   19 ++--
 types/network.te                      |    2 
 93 files changed, 847 insertions(+), 447 deletions(-)

Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20050104.patch	7 Apr 2005 19:04:06 -0000	1.29
+++ policy-20050104.patch	7 Apr 2005 19:35:50 -0000	1.30
@@ -2469,7 +2469,7 @@
  ')dnl end general_domain_access
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.17.30/macros/global_macros.te
 --- nsapolicy/macros/global_macros.te	2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/global_macros.te	2005-04-07 14:56:52.000000000 -0400
++++ policy-1.17.30/macros/global_macros.te	2005-04-07 15:29:39.000000000 -0400
 @@ -89,9 +89,10 @@
  allow $1 ld_so_t:file rx_file_perms;
  #allow $1 ld_so_t:file execute_no_trans;
@@ -2478,7 +2478,7 @@
 +allow $1 shlib_t:file { rx_file_perms execmod };
  allow $1 shlib_t:lnk_file r_file_perms;
  allow $1 ld_so_cache_t:file r_file_perms;
-+allow $1 { ld_so_cache_t shlib_t }:file execmod;
++allow $1 { lib_t zero_device_t ld_so_t ld_so_cache_t shlib_t }:file execmod;
  allow $1 device_t:dir search;
  allow $1 null_device_t:chr_file rw_file_perms;
  ')


Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/selinux-policy-targeted.spec,v
retrieving revision 1.199
retrieving revision 1.200
diff -u -r1.199 -r1.200
--- selinux-policy-targeted.spec	7 Apr 2005 19:04:06 -0000	1.199
+++ selinux-policy-targeted.spec	7 Apr 2005 19:35:50 -0000	1.200
@@ -8,7 +8,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.17.30
-Release: 2.95
+Release: 2.96
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -210,7 +210,7 @@
 exit 0
 
 %changelog
-* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.95
+* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.96
 - Allow snmpd to communicate with self:fifo_file.
 - Add execmod/execmem privs

More information about the fedora-cvs-commits mailing list