rpms/selinux-policy-targeted/FC-3 policy-20050104.patch, 1.29, 1.30 selinux-policy-targeted.spec, 1.199, 1.200
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 7 19:35:53 UTC 2005
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv28094
Modified Files:
policy-20050104.patch selinux-policy-targeted.spec
Log Message:
* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.96
- Allow snmpd to communicate with self:fifo_file.
- Add execmod/execmem privs
policy-20050104.patch:
Makefile | 47 ++++++---
attrib.te | 3
domains/program/crond.te | 7 +
domains/program/ldconfig.te | 21 +++-
domains/program/login.te | 2
domains/program/logrotate.te | 24 ++---
domains/program/mount.te | 2
domains/program/ssh.te | 7 -
domains/program/syslogd.te | 36 +++++--
domains/program/unused/acct.te | 6 +
domains/program/unused/apache.te | 113 ++++++++++++++++++-----
domains/program/unused/arpwatch.te | 26 +++++
domains/program/unused/cups.te | 55 ++++++++++-
domains/program/unused/dhcpc.te | 5 -
domains/program/unused/dhcpd.te | 16 +++
domains/program/unused/dovecot.te | 3
domains/program/unused/ftpd.te | 2
domains/program/unused/hald.te | 3
domains/program/unused/howl.te | 2
domains/program/unused/innd.te | 7 +
domains/program/unused/ipsec.te | 9 +
domains/program/unused/iptables.te | 3
domains/program/unused/mailman.te | 23 +++-
domains/program/unused/mdadm.te | 3
domains/program/unused/mta.te | 21 +++-
domains/program/unused/mysqld.te | 7 -
domains/program/unused/named.te | 25 ++---
domains/program/unused/nscd.te | 26 +++--
domains/program/unused/ntpd.te | 21 +++-
domains/program/unused/portmap.te | 3
domains/program/unused/postfix.te | 2
domains/program/unused/postgresql.te | 47 ++++++++-
domains/program/unused/procmail.te | 1
domains/program/unused/rpcd.te | 2
domains/program/unused/rpm.te | 5 -
domains/program/unused/rsync.te | 2
domains/program/unused/samba.te | 4
domains/program/unused/sendmail.te | 2
domains/program/unused/slrnpull.te | 1
domains/program/unused/snmpd.te | 14 +-
domains/program/unused/spamd.te | 2
domains/program/unused/squid.te | 21 ++--
domains/program/unused/udev.te | 5 -
domains/program/unused/updfstab.te | 1
domains/program/unused/winbind.te | 34 +++++++
domains/program/unused/xdm.te | 4
domains/program/unused/ypbind.te | 2
domains/program/unused/ypserv.te | 7 +
domains/user.te | 6 +
file_contexts/distros.fc | 76 +++++++++++-----
file_contexts/program/apache.fc | 14 ++
file_contexts/program/arpwatch.fc | 3
file_contexts/program/cups.fc | 5 -
file_contexts/program/dhcpd.fc | 2
file_contexts/program/ipsec.fc | 11 +-
file_contexts/program/mailman.fc | 15 +--
file_contexts/program/mta.fc | 5 +
file_contexts/program/mysqld.fc | 4
file_contexts/program/named.fc | 17 ++-
file_contexts/program/nscd.fc | 3
file_contexts/program/ntpd.fc | 2
file_contexts/program/postgresql.fc | 23 +---
file_contexts/program/sendmail.fc | 1
file_contexts/program/snmpd.fc | 3
file_contexts/program/squid.fc | 2
file_contexts/program/winbind.fc | 10 ++
file_contexts/types.fc | 161 +++++++++++-----------------------
flask/access_vectors | 15 +++
macros/base_user_macros.te | 9 +
macros/core_macros.te | 2
macros/global_macros.te | 6 -
macros/program/apache_macros.te | 85 ++++++++++-------
macros/program/mount_macros.te | 2
macros/program/mozilla_macros.te | 2
macros/program/mta_macros.te | 5 -
macros/program/newrole_macros.te | 2
macros/program/spamassassin_macros.te | 5 -
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 2
macros/program/su_macros.te | 2
macros/program/userhelper_macros.te | 3
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 4
macros/program/ypbind_macros.te | 24 +----
targeted/assert.te | 4
targeted/domains/program/hotplug.te | 4
targeted/domains/program/initrc.te | 2
targeted/domains/unconfined.te | 15 ++-
tunables/distro.tun | 2
tunables/tunable.tun | 21 +---
types/device.te | 6 +
types/file.te | 19 ++--
types/network.te | 2
93 files changed, 847 insertions(+), 447 deletions(-)
Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20050104.patch 7 Apr 2005 19:04:06 -0000 1.29
+++ policy-20050104.patch 7 Apr 2005 19:35:50 -0000 1.30
@@ -2469,7 +2469,7 @@
')dnl end general_domain_access
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.17.30/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/global_macros.te 2005-04-07 14:56:52.000000000 -0400
++++ policy-1.17.30/macros/global_macros.te 2005-04-07 15:29:39.000000000 -0400
@@ -89,9 +89,10 @@
allow $1 ld_so_t:file rx_file_perms;
#allow $1 ld_so_t:file execute_no_trans;
@@ -2478,7 +2478,7 @@
+allow $1 shlib_t:file { rx_file_perms execmod };
allow $1 shlib_t:lnk_file r_file_perms;
allow $1 ld_so_cache_t:file r_file_perms;
-+allow $1 { ld_so_cache_t shlib_t }:file execmod;
++allow $1 { lib_t zero_device_t ld_so_t ld_so_cache_t shlib_t }:file execmod;
allow $1 device_t:dir search;
allow $1 null_device_t:chr_file rw_file_perms;
')
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/selinux-policy-targeted.spec,v
retrieving revision 1.199
retrieving revision 1.200
diff -u -r1.199 -r1.200
--- selinux-policy-targeted.spec 7 Apr 2005 19:04:06 -0000 1.199
+++ selinux-policy-targeted.spec 7 Apr 2005 19:35:50 -0000 1.200
@@ -8,7 +8,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.17.30
-Release: 2.95
+Release: 2.96
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -210,7 +210,7 @@
exit 0
%changelog
-* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.95
+* Thu Apr 7 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.96
- Allow snmpd to communicate with self:fifo_file.
- Add execmod/execmem privs
More information about the fedora-cvs-commits
mailing list