rpms/selinux-policy-strict/devel policy-20050414.patch, 1.3, 1.4 selinux-policy-strict.spec, 1.280, 1.281

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Apr 15 22:24:51 UTC 2005 

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8664

Modified Files:
	policy-20050414.patch selinux-policy-strict.spec 
Log Message:
* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-3
- Add additional amanda rules
- Fix prelink to privowner
- Fix udev startup


policy-20050414.patch:
 Makefile                                 |    6 +--
 attrib.te                                |    6 ++-
 domains/program/crond.te                 |    4 +-
 domains/program/cvs.te                   |   16 +++++++++
 domains/program/initrc.te                |    6 +--
 domains/program/load_policy.te           |    1 
 domains/program/login.te                 |    2 -
 domains/program/modutil.te               |    1 
 domains/program/ssh.te                   |    2 -
 domains/program/syslogd.te               |    2 +
 domains/program/unused/NetworkManager.te |    7 +++
 domains/program/unused/amanda.te         |   18 +++++++---
 domains/program/unused/apache.te         |    1 
 domains/program/unused/auditd.te         |   26 +++++++++++++-
 domains/program/unused/cups.te           |    9 +++--
 domains/program/unused/dmidecode.te      |    1 
 domains/program/unused/ftpd.te           |    3 -
 domains/program/unused/ntpd.te           |    2 -
 domains/program/unused/prelink.te        |    2 -
 domains/program/unused/publicfile.te     |    6 ---
 domains/program/unused/rshd.te           |    4 --
 domains/program/unused/rsync.te          |    2 -
 domains/program/unused/xdm.te            |    2 -
 domains/program/useradd.te               |    4 ++
 domains/program/uucpd.te                 |   24 +++++++++++++
 file_contexts/distros.fc                 |    6 +--
 file_contexts/program/apache.fc          |    1 
 file_contexts/program/auditd.fc          |    8 +++-
 file_contexts/program/compat.fc          |   55 +++++++++++++++++++++++++++++++
 file_contexts/program/crack.fc           |    1 
 file_contexts/program/cvs.fc             |    2 +
 file_contexts/program/ftpd.fc            |    1 
 file_contexts/program/i18n_input.fc      |    1 
 file_contexts/program/lvm.fc             |    1 
 file_contexts/program/rsync.fc           |    1 
 file_contexts/program/udev.fc            |    1 
 file_contexts/program/uucpd.fc           |    5 ++
 file_contexts/types.fc                   |    6 +++
 macros/program/apache_macros.te          |    2 -
 macros/program/chkpwd_macros.te          |    1 
 macros/program/mozilla_macros.te         |    5 ++
 net_contexts                             |   12 +++++-
 targeted/domains/program/compat.te       |    9 +++++
 targeted/domains/unconfined.te           |    8 +---
 tunables/distro.tun                      |    2 -
 tunables/tunable.tun                     |    6 +--
 types/file.te                            |    3 +
 types/network.te                         |   10 ++---
 types/security.te                        |    8 ++--
 49 files changed, 246 insertions(+), 66 deletions(-)

Index: policy-20050414.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050414.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050414.patch	15 Apr 2005 20:58:30 -0000	1.3
+++ policy-20050414.patch	15 Apr 2005 22:24:48 -0000	1.4
@@ -335,6 +335,18 @@
  ')
 -
 +allow sysadm_t ntp_port_t:udp_socket name_bind;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/prelink.te policy-1.23.11/domains/program/unused/prelink.te
+--- nsapolicy/domains/program/unused/prelink.te	2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.11/domains/program/unused/prelink.te	2005-04-15 18:15:23.000000000 -0400
+@@ -9,7 +9,7 @@
+ #
+ # prelink_exec_t is the type of the prelink executable.
+ #
+-daemon_base_domain(prelink, `, admin')
++daemon_base_domain(prelink, `, admin, privowner')
+ 
+ if (allow_execmem) {
+ allow prelink_t self:process execmem;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/publicfile.te policy-1.23.11/domains/program/unused/publicfile.te
 --- nsapolicy/domains/program/unused/publicfile.te	2005-04-06 06:57:44.000000000 -0400
 +++ policy-1.23.11/domains/program/unused/publicfile.te	2005-04-14 15:20:16.000000000 -0400
@@ -581,6 +593,17 @@
  # rsync program
  /usr/bin/rsync	--	system_u:object_r:rsync_exec_t
 +/srv/([^/]*/)?rsync(/.*)?	system_u:object_r:ftpd_anon_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/udev.fc policy-1.23.11/file_contexts/program/udev.fc
+--- nsapolicy/file_contexts/program/udev.fc	2005-02-24 14:51:09.000000000 -0500
++++ policy-1.23.11/file_contexts/program/udev.fc	2005-04-15 15:16:26.000000000 -0400
+@@ -3,6 +3,7 @@
+ /sbin/udev	--	system_u:object_r:udev_exec_t
+ /sbin/udevd	--	system_u:object_r:udev_exec_t
+ /sbin/start_udev --	system_u:object_r:udev_exec_t
++/sbin/udevstart  --	system_u:object_r:udev_exec_t
+ /usr/bin/udevinfo --	system_u:object_r:udev_exec_t
+ /etc/dev\.d/.+	--	system_u:object_r:udev_helper_exec_t
+ /etc/udev/scripts/.+	-- system_u:object_r:udev_helper_exec_t
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/uucpd.fc policy-1.23.11/file_contexts/program/uucpd.fc
 --- nsapolicy/file_contexts/program/uucpd.fc	1969-12-31 19:00:00.000000000 -0500
 +++ policy-1.23.11/file_contexts/program/uucpd.fc	2005-04-14 15:20:16.000000000 -0400


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.280
retrieving revision 1.281
diff -u -r1.280 -r1.281
--- selinux-policy-strict.spec	15 Apr 2005 18:26:24 -0000	1.280
+++ selinux-policy-strict.spec	15 Apr 2005 22:24:48 -0000	1.281
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.23.11
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,8 +220,10 @@
 exit 0
 
 %changelog
-* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-2
+* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-3
 - Add additional amanda rules
+- Fix prelink to privowner
+- Fix udev startup
 
 * Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
 - Fix login programs handling of audit messages

More information about the fedora-cvs-commits mailing list