rpms/selinux-policy-strict/devel policy-20050404.patch, 1.14, 1.15 selinux-policy-strict.spec, 1.278, 1.279
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 14 20:22:40 UTC 2005
- Previous message (by thread): rpms/selinux-policy-targeted/devel .cvsignore, 1.103, 1.104 policy-20050404.patch, 1.12, 1.13 selinux-policy-targeted.spec, 1.275, 1.276 sources, 1.109, 1.110
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050414.patch,NONE,1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv3558
Modified Files:
policy-20050404.patch selinux-policy-strict.spec
Log Message:
* Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
- Fix login programs handling of audit messages
- Update to latest from NSA
* Merged Dan Walsh's separation of the security manager and system
administrator.
* Removed screensaver.te as suggested by Thomas Bleher
* Cleanup of typealiases that are no longer used by Thomas Bleher.
* Cleanup of fc files and additional rules for SuSE by Thomas
Bleher.
* Merged changes to auditd and named policy by Russell Coker.
* Merged MLS change from Darrel Goeddel to support the policy
hierarchy patch.
policy-20050404.patch:
Makefile | 6 +-
appconfig/default_type | 1
assert.te | 4 -
attrib.te | 14 +++++
domains/admin.te | 23 +++++----
domains/misc/kernel.te | 2
domains/program/checkpolicy.te | 5 -
domains/program/crond.te | 4 +
domains/program/cvs.te | 16 ++++++
domains/program/initrc.te | 3 -
domains/program/load_policy.te | 5 +
domains/program/login.te | 3 -
domains/program/modutil.te | 3 -
domains/program/newrole.te | 1
domains/program/restorecon.te | 3 -
domains/program/setfiles.te | 3 -
domains/program/ssh.te | 2
domains/program/syslogd.te | 5 +
domains/program/unused/NetworkManager.te | 15 +++++
domains/program/unused/apache.te | 1
domains/program/unused/auditd.te | 26 +++++++++-
domains/program/unused/cups.te | 12 +---
domains/program/unused/dmidecode.te | 1
domains/program/unused/ftpd.te | 3 -
domains/program/unused/howl.te | 2
domains/program/unused/kudzu.te | 1
domains/program/unused/named.te | 3 +
domains/program/unused/ntpd.te | 2
domains/program/unused/publicfile.te | 6 --
domains/program/unused/rsync.te | 2
domains/program/unused/snmpd.te | 3 +
domains/program/unused/updfstab.te | 1
domains/program/unused/xdm.te | 2
domains/program/useradd.te | 4 +
domains/program/uucpd.te | 24 +++++++++
domains/user.te | 2
file_contexts/distros.fc | 10 ++-
file_contexts/program/apache.fc | 1
file_contexts/program/auditd.fc | 5 +
file_contexts/program/compat.fc | 55 +++++++++++++++++++++
file_contexts/program/crack.fc | 1
file_contexts/program/cvs.fc | 2
file_contexts/program/ftpd.fc | 1
file_contexts/program/i18n_input.fc | 1
file_contexts/program/lvm.fc | 1
file_contexts/program/named.fc | 1
file_contexts/program/rsync.fc | 1
file_contexts/program/uucpd.fc | 5 +
file_contexts/types.fc | 6 ++
macros/admin_macros.te | 75 ++++++++++++++++++-----------
macros/base_user_macros.te | 9 ---
macros/program/apache_macros.te | 2
macros/program/chkpwd_macros.te | 1
macros/program/dbusd_macros.te | 4 +
macros/program/gift_macros.te | 2
macros/program/mozilla_macros.te | 5 +
macros/program/mplayer_macros.te | 10 ++-
macros/user_macros.te | 78 +++++++++++++++++++++----------
net_contexts | 10 +++
targeted/domains/program/compat.te | 9 +++
targeted/domains/unconfined.te | 8 +--
tunables/distro.tun | 2
tunables/tunable.tun | 6 +-
types/file.te | 3 -
types/network.te | 9 +--
types/security.te | 8 +--
users | 2
67 files changed, 396 insertions(+), 150 deletions(-)
Index: policy-20050404.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050404.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- policy-20050404.patch 13 Apr 2005 21:22:47 -0000 1.14
+++ policy-20050404.patch 14 Apr 2005 20:22:37 -0000 1.15
@@ -234,7 +234,7 @@
+allow load_policy_t proc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.23.10/domains/program/login.te
--- nsapolicy/domains/program/login.te 2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.10/domains/program/login.te 2005-04-13 14:11:21.000000000 -0400
++++ policy-1.23.10/domains/program/login.te 2005-04-14 10:32:59.000000000 -0400
@@ -57,6 +57,7 @@
tmp_domain($1_login)
@@ -360,7 +360,7 @@
+allow httpd_t var_t:file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.10/domains/program/unused/auditd.te
--- nsapolicy/domains/program/unused/auditd.te 2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.10/domains/program/unused/auditd.te 2005-04-13 17:06:26.000000000 -0400
++++ policy-1.23.10/domains/program/unused/auditd.te 2005-04-14 10:39:36.000000000 -0400
@@ -2,11 +2,33 @@
#
# Authors: Colin Walters <walters at verbum.org>
@@ -373,8 +373,9 @@
+type auditd_etc_t, file_type, secure_file_type;
daemon_domain(auditd)
+-allow auditd_t self:netlink_audit_socket { bind create getattr nlmsg_read nlmsg_write read write };
+
- allow auditd_t self:netlink_audit_socket { bind create getattr nlmsg_read nlmsg_write read write };
++allow auditd_t self:netlink_audit_socket create_netlink_socket_perms;
allow auditd_t self:capability { audit_write audit_control };
allow auditd_t sysadm_tty_device_t:chr_file rw_file_perms;
allow auditd_t self:unix_dgram_socket create_socket_perms;
@@ -550,6 +551,15 @@
domain_auto_trans(NetworkManager_t, insmod_exec_t, insmod_t)
+allow NetworkManager_t self:netlink_route_socket r_netlink_socket_perms;
+
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.23.10/domains/program/unused/ntpd.te
+--- nsapolicy/domains/program/unused/ntpd.te 2005-04-06 06:57:44.000000000 -0400
++++ policy-1.23.10/domains/program/unused/ntpd.te 2005-04-14 07:20:13.000000000 -0400
+@@ -84,4 +84,4 @@
+ allow ntpd_t winbind_var_run_t:dir r_dir_perms;
+ allow ntpd_t winbind_var_run_t:sock_file rw_file_perms;
+ ')
+-
++allow sysadm_t ntp_port_t:udp_socket name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/publicfile.te policy-1.23.10/domains/program/unused/publicfile.te
--- nsapolicy/domains/program/unused/publicfile.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.10/domains/program/unused/publicfile.te 2005-04-13 14:11:21.000000000 -0400
@@ -1015,6 +1025,17 @@
allow httpd_$1_script_t { self proc_t }:dir r_dir_perms;
allow httpd_$1_script_t { self proc_t }:lnk_file read;
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/chkpwd_macros.te policy-1.23.10/macros/program/chkpwd_macros.te
+--- nsapolicy/macros/program/chkpwd_macros.te 2005-02-24 14:51:09.000000000 -0500
++++ policy-1.23.10/macros/program/chkpwd_macros.te 2005-04-14 10:37:24.000000000 -0400
+@@ -35,6 +35,7 @@
+ can_kerberos(auth_chkpwd)
+ can_ldap(auth_chkpwd)
+ can_resolve(auth_chkpwd)
++allow auth_chkpwd self:netlink_audit_socket create_netlink_socket_perms;
+ ', `
+ domain_auto_trans($1_t, chkpwd_exec_t, $1_chkpwd_t)
+ allow $1_t sbin_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.23.10/macros/program/dbusd_macros.te
--- nsapolicy/macros/program/dbusd_macros.te 2005-02-24 14:51:09.000000000 -0500
+++ policy-1.23.10/macros/program/dbusd_macros.te 2005-04-13 14:11:21.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.278
retrieving revision 1.279
diff -u -r1.278 -r1.279
--- selinux-policy-strict.spec 13 Apr 2005 21:22:47 -0000 1.278
+++ selinux-policy-strict.spec 14 Apr 2005 20:22:37 -0000 1.279
@@ -10,15 +10,15 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
-Version: 1.23.10
-Release: 6
+Version: 1.23.11
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
Source1: booleans
Prefix: %{_prefix}
BuildRoot: %{_tmppath}/%{name}-buildroot
-Patch1: policy-20050404.patch
+Patch1: policy-20050414.patch
BuildArch: noarch
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
@@ -220,6 +220,19 @@
exit 0
%changelog
+* Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
+- Fix login programs handling of audit messages
+- Update to latest from NSA
+ * Merged Dan Walsh's separation of the security manager and system
+ administrator.
+ * Removed screensaver.te as suggested by Thomas Bleher
+ * Cleanup of typealiases that are no longer used by Thomas Bleher.
+ * Cleanup of fc files and additional rules for SuSE by Thomas
+ Bleher.
+ * Merged changes to auditd and named policy by Russell Coker.
+ * Merged MLS change from Darrel Goeddel to support the policy
+ hierarchy patch.
+
* Wed Apr 12 2005 Dan Walsh <dwalsh at redhat.com> 1.23.10-6
- Add auditd policy to targeted
- fix auditd policy
- Previous message (by thread): rpms/selinux-policy-targeted/devel .cvsignore, 1.103, 1.104 policy-20050404.patch, 1.12, 1.13 selinux-policy-targeted.spec, 1.275, 1.276 sources, 1.109, 1.110
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050414.patch,NONE,1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list