rpms/selinux-policy-strict/devel policy-20050414.patch, 1.1, 1.2 selinux-policy-strict.spec, 1.279, 1.280
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Apr 15 18:26:28 UTC 2005
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1721
Modified Files:
policy-20050414.patch selinux-policy-strict.spec
Log Message:
* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-2
- Add additional amanda rules
policy-20050414.patch:
Makefile | 6 +--
attrib.te | 6 ++-
domains/program/crond.te | 4 +-
domains/program/cvs.te | 16 +++++++++
domains/program/initrc.te | 6 +--
domains/program/load_policy.te | 1
domains/program/login.te | 2 -
domains/program/modutil.te | 1
domains/program/ssh.te | 2 -
domains/program/syslogd.te | 2 +
domains/program/unused/NetworkManager.te | 7 +++
domains/program/unused/amanda.te | 18 +++++++---
domains/program/unused/apache.te | 1
domains/program/unused/auditd.te | 26 +++++++++++++-
domains/program/unused/cups.te | 8 ++--
domains/program/unused/dmidecode.te | 1
domains/program/unused/ftpd.te | 3 -
domains/program/unused/ntpd.te | 2 -
domains/program/unused/publicfile.te | 6 ---
domains/program/unused/rshd.te | 4 --
domains/program/unused/rsync.te | 2 -
domains/program/unused/xdm.te | 2 -
domains/program/useradd.te | 4 ++
domains/program/uucpd.te | 24 +++++++++++++
file_contexts/distros.fc | 6 +--
file_contexts/program/apache.fc | 1
file_contexts/program/auditd.fc | 8 +++-
file_contexts/program/compat.fc | 55 +++++++++++++++++++++++++++++++
file_contexts/program/crack.fc | 1
file_contexts/program/cvs.fc | 2 +
file_contexts/program/ftpd.fc | 1
file_contexts/program/i18n_input.fc | 1
file_contexts/program/lvm.fc | 1
file_contexts/program/rsync.fc | 1
file_contexts/program/uucpd.fc | 5 ++
file_contexts/types.fc | 6 +++
macros/program/apache_macros.te | 2 -
macros/program/chkpwd_macros.te | 1
macros/program/mozilla_macros.te | 5 ++
net_contexts | 12 +++++-
targeted/domains/program/compat.te | 9 +++++
targeted/domains/unconfined.te | 8 +---
tunables/distro.tun | 2 -
tunables/tunable.tun | 6 +--
types/file.te | 3 +
types/network.te | 10 ++---
types/security.te | 8 ++--
47 files changed, 243 insertions(+), 65 deletions(-)
Index: policy-20050414.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050414.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050414.patch 14 Apr 2005 20:25:35 -0000 1.1
+++ policy-20050414.patch 15 Apr 2005 18:26:24 -0000 1.2
@@ -1,3 +1,19 @@
+diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.23.11/attrib.te
+--- nsapolicy/attrib.te 2005-04-14 15:01:53.000000000 -0400
++++ policy-1.23.11/attrib.te 2005-04-15 10:17:43.000000000 -0400
+@@ -427,7 +427,11 @@
+ # For clients of nscd that can use shmem interface.
+ attribute nscd_shmem_domain;
+
+-# For labeling of content for httpd
++# For labeling of content for httpd. This attribute is only used by
++# the httpd_unified domain, which says treat all httpdcontent the
++# same. If you want content to be served in a "non-unified" system
++# you must specifically add "r_dir_file(httpd_t, your_content_t)" to
++# your policy.
+ attribute httpdcontent;
+
+ # For labeling of domains whos transition can be disabled
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.23.11/domains/program/crond.te
--- nsapolicy/domains/program/crond.te 2005-03-21 22:32:18.000000000 -0500
+++ policy-1.23.11/domains/program/crond.te 2005-04-14 15:20:16.000000000 -0400
@@ -127,6 +143,48 @@
+allow syslogd_t syslogd_port_t:tcp_socket name_bind;
+allow syslogd_t rsh_port_t:tcp_socket name_connect;
}
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amanda.te policy-1.23.11/domains/program/unused/amanda.te
+--- nsapolicy/domains/program/unused/amanda.te 2005-03-11 15:31:06.000000000 -0500
++++ policy-1.23.11/domains/program/unused/amanda.te 2005-04-15 14:13:03.000000000 -0400
+@@ -128,10 +128,7 @@
+
+ # access to device_t and similar
+ allow amanda_t device_t:dir search;
+-allow amanda_t null_device_t:chr_file { getattr read write };
+ allow amanda_t devpts_t:dir getattr;
+-allow amanda_t fixed_disk_device_t:blk_file getattr;
+-allow amanda_t removable_device_t:blk_file getattr;
+ allow amanda_t devtty_t:chr_file { read write };
+
+ # access to boot_t
+@@ -251,6 +248,9 @@
+ allow amanda_recover_t self:fifo_file { getattr ioctl read write };
+ allow amanda_recover_t self:unix_stream_socket { connect create read write };
+
++allow amanda_t self:dir search;
++allow amanda_t self:file { getattr read };
++
+
+ # amrecover file permissions
+ ############################
+@@ -302,6 +302,16 @@
+ allow inetd_t amanda_port_t:{ tcp_socket udp_socket } name_bind;
+
+ allow amanda_t file_type:dir {getattr read search };
+-allow amanda_t file_type:file {getattr read };
++allow amanda_t file_type:{ lnk_file file chr_file blk_file } {getattr read };
++dontaudit amanda_t file_type:sock_file getattr;
+ logdir_domain(amanda)
+
++dontaudit amanda_t autofs_t:dir { getattr read };
++dontaudit amanda_t binfmt_misc_fs_t:dir getattr;
++dontaudit amanda_t nfs_t:dir { getattr read };
++dontaudit amanda_t proc_t:dir read;
++dontaudit amanda_t rpc_pipefs_t:dir { getattr read };
++dontaudit amanda_t security_t:dir { getattr read };
++dontaudit amanda_t sysfs_t:dir { getattr read };
++dontaudit amanda_t unlabeled_t:file getattr;
++dontaudit amanda_t usbfs_t:dir getattr;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.11/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2005-04-07 22:22:55.000000000 -0400
+++ policy-1.23.11/domains/program/unused/apache.te 2005-04-14 15:20:16.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.279
retrieving revision 1.280
diff -u -r1.279 -r1.280
--- selinux-policy-strict.spec 14 Apr 2005 20:22:37 -0000 1.279
+++ selinux-policy-strict.spec 15 Apr 2005 18:26:24 -0000 1.280
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.11
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,6 +220,9 @@
exit 0
%changelog
+* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-2
+- Add additional amanda rules
+
* Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
- Fix login programs handling of audit messages
- Update to latest from NSA
More information about the fedora-cvs-commits
mailing list