rpms/selinux-policy-targeted/devel policy-20050404.patch, 1.10, 1.11 selinux-policy-targeted.spec, 1.273, 1.274
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 13 02:32:28 UTC 2005
- Previous message (by thread): rpms/selinux-policy-strict/devel policy-20050404.patch, 1.12, 1.13 selinux-policy-strict.spec, 1.276, 1.277
- Next message (by thread): rpms/kernel/devel kernel-2.6.spec, 1.1237, 1.1238 linux-2.6.0-compile.patch, 1.150, 1.151 linux-2.6.11-execshield-vdso.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1383
Modified Files:
policy-20050404.patch selinux-policy-targeted.spec
Log Message:
* Tue Apr 12 2005 Dan Walsh <dwalsh at redhat.com> 1.23.10-5
- Allow NetworkManager to communicate with hal in targeted_policy
policy-20050404.patch:
Makefile | 6 +-
appconfig/default_type | 1
assert.te | 4 -
attrib.te | 14 +++++
domains/admin.te | 23 +++++----
domains/misc/kernel.te | 2
domains/program/checkpolicy.te | 5 -
domains/program/crond.te | 2
domains/program/cvs.te | 16 ++++++
domains/program/load_policy.te | 5 +
domains/program/login.te | 3 -
domains/program/modutil.te | 3 -
domains/program/newrole.te | 1
domains/program/restorecon.te | 3 -
domains/program/setfiles.te | 3 -
domains/program/ssh.te | 2
domains/program/unused/NetworkManager.te | 13 ++++-
domains/program/unused/apache.te | 1
domains/program/unused/auditd.te | 2
domains/program/unused/cups.te | 12 +---
domains/program/unused/dmidecode.te | 1
domains/program/unused/ftpd.te | 3 -
domains/program/unused/howl.te | 2
domains/program/unused/kudzu.te | 1
domains/program/unused/named.te | 3 +
domains/program/unused/publicfile.te | 6 --
domains/program/unused/rsync.te | 2
domains/program/unused/snmpd.te | 3 +
domains/program/unused/updfstab.te | 1
domains/program/unused/xdm.te | 2
domains/program/useradd.te | 4 +
domains/program/uucpd.te | 24 +++++++++
domains/user.te | 2
file_contexts/distros.fc | 10 ++-
file_contexts/program/apache.fc | 1
file_contexts/program/auditd.fc | 1
file_contexts/program/compat.fc | 55 +++++++++++++++++++++
file_contexts/program/crack.fc | 1
file_contexts/program/cvs.fc | 2
file_contexts/program/ftpd.fc | 1
file_contexts/program/named.fc | 1
file_contexts/program/rsync.fc | 1
file_contexts/program/uucpd.fc | 5 +
file_contexts/types.fc | 6 ++
macros/admin_macros.te | 75 ++++++++++++++++++-----------
macros/base_user_macros.te | 9 ---
macros/program/apache_macros.te | 2
macros/program/dbusd_macros.te | 4 +
macros/program/gift_macros.te | 2
macros/program/mozilla_macros.te | 5 +
macros/program/mplayer_macros.te | 10 ++-
macros/user_macros.te | 78 +++++++++++++++++++++----------
net_contexts | 9 ++-
targeted/domains/program/compat.te | 9 +++
targeted/domains/unconfined.te | 6 --
tunables/distro.tun | 2
tunables/tunable.tun | 6 +-
types/file.te | 3 -
types/network.te | 9 +--
users | 2
60 files changed, 351 insertions(+), 139 deletions(-)
Index: policy-20050404.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050404.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20050404.patch 12 Apr 2005 19:15:58 -0000 1.10
+++ policy-20050404.patch 13 Apr 2005 02:32:24 -0000 1.11
@@ -175,7 +175,7 @@
+create_dir_file(cvs_t, cvs_data_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.10/domains/program/load_policy.te
--- nsapolicy/domains/program/load_policy.te 2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.10/domains/program/load_policy.te 2005-04-12 09:53:46.000000000 -0400
++++ policy-1.23.10/domains/program/load_policy.te 2005-04-12 17:33:09.000000000 -0400
@@ -11,6 +11,7 @@
type load_policy_t, domain;
@@ -193,13 +193,14 @@
allow load_policy_t console_device_t:chr_file { read write };
-@@ -55,6 +56,5 @@
+@@ -55,6 +56,6 @@
allow load_policy_t fs_t:filesystem getattr;
-allow load_policy_t sysadm_tmp_t:file { getattr write } ;
read_locale(load_policy_t)
r_dir_file(load_policy_t, selinux_config_t)
++allow load_policy_t proc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.23.10/domains/program/login.te
--- nsapolicy/domains/program/login.te 2005-04-04 10:21:10.000000000 -0400
+++ policy-1.23.10/domains/program/login.te 2005-04-12 09:53:46.000000000 -0400
@@ -416,7 +417,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.10/domains/program/unused/NetworkManager.te
--- nsapolicy/domains/program/unused/NetworkManager.te 2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.10/domains/program/unused/NetworkManager.te 2005-04-12 09:53:46.000000000 -0400
++++ policy-1.23.10/domains/program/unused/NetworkManager.te 2005-04-12 22:23:49.000000000 -0400
@@ -11,7 +11,7 @@
# NetworkManager_t is the domain for the NetworkManager daemon.
# NetworkManager_exec_t is the type of the NetworkManager executable.
@@ -435,7 +436,7 @@
allow NetworkManager_t { random_device_t urandom_device_t }:chr_file { getattr read };
-@@ -47,9 +47,13 @@
+@@ -47,9 +47,17 @@
ifdef(`dbusd.te', `
dbusd_client(system, NetworkManager)
allow NetworkManager_t system_dbusd_t:dbus { acquire_svc send_msg };
@@ -445,11 +446,15 @@
')
+allow NetworkManager_t initrc_t:dbus send_msg;
+allow initrc_t NetworkManager_t:dbus send_msg;
++ifdef(`targeted_policy', `
++allow NetworkManager_t unconfined_t:dbus send_msg;
++allow unconfined_t NetworkManager_t:dbus send_msg;
++')
+')
allow NetworkManager_t usr_t:file { getattr read };
-@@ -66,6 +70,7 @@
+@@ -66,6 +74,7 @@
allow NetworkManager_t { etc_t etc_runtime_t }:file { getattr read };
allow NetworkManager_t proc_t:file { getattr read };
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.273
retrieving revision 1.274
diff -u -r1.273 -r1.274
--- selinux-policy-targeted.spec 12 Apr 2005 19:15:58 -0000 1.273
+++ selinux-policy-targeted.spec 13 Apr 2005 02:32:24 -0000 1.274
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.10
-Release: 4
+Release: 5
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -233,6 +233,9 @@
exit 0
%changelog
+* Tue Apr 12 2005 Dan Walsh <dwalsh at redhat.com> 1.23.10-5
+- Allow NetworkManager to communicate with hal in targeted_policy
+
* Tue Apr 12 2005 Dan Walsh <dwalsh at redhat.com> 1.23.10-4
- Add Russell compat.(fc, te) for switching from strict to targeted
- Previous message (by thread): rpms/selinux-policy-strict/devel policy-20050404.patch, 1.12, 1.13 selinux-policy-strict.spec, 1.276, 1.277
- Next message (by thread): rpms/kernel/devel kernel-2.6.spec, 1.1237, 1.1238 linux-2.6.0-compile.patch, 1.150, 1.151 linux-2.6.11-execshield-vdso.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list