rpms/selinux-policy-strict/devel policy-20050414.patch, 1.3, 1.4 selinux-policy-strict.spec, 1.280, 1.281
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Apr 15 22:24:51 UTC 2005
- Previous message (by thread): rpms/initscripts/devel .cvsignore, 1.73, 1.74 initscripts.spec, 1.81, 1.82 sources, 1.78, 1.79
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050414.patch, 1.2, 1.3 selinux-policy-targeted.spec, 1.277, 1.278
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8664
Modified Files:
policy-20050414.patch selinux-policy-strict.spec
Log Message:
* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-3
- Add additional amanda rules
- Fix prelink to privowner
- Fix udev startup
policy-20050414.patch:
Makefile | 6 +--
attrib.te | 6 ++-
domains/program/crond.te | 4 +-
domains/program/cvs.te | 16 +++++++++
domains/program/initrc.te | 6 +--
domains/program/load_policy.te | 1
domains/program/login.te | 2 -
domains/program/modutil.te | 1
domains/program/ssh.te | 2 -
domains/program/syslogd.te | 2 +
domains/program/unused/NetworkManager.te | 7 +++
domains/program/unused/amanda.te | 18 +++++++---
domains/program/unused/apache.te | 1
domains/program/unused/auditd.te | 26 +++++++++++++-
domains/program/unused/cups.te | 9 +++--
domains/program/unused/dmidecode.te | 1
domains/program/unused/ftpd.te | 3 -
domains/program/unused/ntpd.te | 2 -
domains/program/unused/prelink.te | 2 -
domains/program/unused/publicfile.te | 6 ---
domains/program/unused/rshd.te | 4 --
domains/program/unused/rsync.te | 2 -
domains/program/unused/xdm.te | 2 -
domains/program/useradd.te | 4 ++
domains/program/uucpd.te | 24 +++++++++++++
file_contexts/distros.fc | 6 +--
file_contexts/program/apache.fc | 1
file_contexts/program/auditd.fc | 8 +++-
file_contexts/program/compat.fc | 55 +++++++++++++++++++++++++++++++
file_contexts/program/crack.fc | 1
file_contexts/program/cvs.fc | 2 +
file_contexts/program/ftpd.fc | 1
file_contexts/program/i18n_input.fc | 1
file_contexts/program/lvm.fc | 1
file_contexts/program/rsync.fc | 1
file_contexts/program/udev.fc | 1
file_contexts/program/uucpd.fc | 5 ++
file_contexts/types.fc | 6 +++
macros/program/apache_macros.te | 2 -
macros/program/chkpwd_macros.te | 1
macros/program/mozilla_macros.te | 5 ++
net_contexts | 12 +++++-
targeted/domains/program/compat.te | 9 +++++
targeted/domains/unconfined.te | 8 +---
tunables/distro.tun | 2 -
tunables/tunable.tun | 6 +--
types/file.te | 3 +
types/network.te | 10 ++---
types/security.te | 8 ++--
49 files changed, 246 insertions(+), 66 deletions(-)
Index: policy-20050414.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050414.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050414.patch 15 Apr 2005 20:58:30 -0000 1.3
+++ policy-20050414.patch 15 Apr 2005 22:24:48 -0000 1.4
@@ -335,6 +335,18 @@
')
-
+allow sysadm_t ntp_port_t:udp_socket name_bind;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/prelink.te policy-1.23.11/domains/program/unused/prelink.te
+--- nsapolicy/domains/program/unused/prelink.te 2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.11/domains/program/unused/prelink.te 2005-04-15 18:15:23.000000000 -0400
+@@ -9,7 +9,7 @@
+ #
+ # prelink_exec_t is the type of the prelink executable.
+ #
+-daemon_base_domain(prelink, `, admin')
++daemon_base_domain(prelink, `, admin, privowner')
+
+ if (allow_execmem) {
+ allow prelink_t self:process execmem;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/publicfile.te policy-1.23.11/domains/program/unused/publicfile.te
--- nsapolicy/domains/program/unused/publicfile.te 2005-04-06 06:57:44.000000000 -0400
+++ policy-1.23.11/domains/program/unused/publicfile.te 2005-04-14 15:20:16.000000000 -0400
@@ -581,6 +593,17 @@
# rsync program
/usr/bin/rsync -- system_u:object_r:rsync_exec_t
+/srv/([^/]*/)?rsync(/.*)? system_u:object_r:ftpd_anon_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/udev.fc policy-1.23.11/file_contexts/program/udev.fc
+--- nsapolicy/file_contexts/program/udev.fc 2005-02-24 14:51:09.000000000 -0500
++++ policy-1.23.11/file_contexts/program/udev.fc 2005-04-15 15:16:26.000000000 -0400
+@@ -3,6 +3,7 @@
+ /sbin/udev -- system_u:object_r:udev_exec_t
+ /sbin/udevd -- system_u:object_r:udev_exec_t
+ /sbin/start_udev -- system_u:object_r:udev_exec_t
++/sbin/udevstart -- system_u:object_r:udev_exec_t
+ /usr/bin/udevinfo -- system_u:object_r:udev_exec_t
+ /etc/dev\.d/.+ -- system_u:object_r:udev_helper_exec_t
+ /etc/udev/scripts/.+ -- system_u:object_r:udev_helper_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/uucpd.fc policy-1.23.11/file_contexts/program/uucpd.fc
--- nsapolicy/file_contexts/program/uucpd.fc 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.11/file_contexts/program/uucpd.fc 2005-04-14 15:20:16.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.280
retrieving revision 1.281
diff -u -r1.280 -r1.281
--- selinux-policy-strict.spec 15 Apr 2005 18:26:24 -0000 1.280
+++ selinux-policy-strict.spec 15 Apr 2005 22:24:48 -0000 1.281
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.11
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,8 +220,10 @@
exit 0
%changelog
-* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-2
+* Fri Apr 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-3
- Add additional amanda rules
+- Fix prelink to privowner
+- Fix udev startup
* Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
- Fix login programs handling of audit messages
- Previous message (by thread): rpms/initscripts/devel .cvsignore, 1.73, 1.74 initscripts.spec, 1.81, 1.82 sources, 1.78, 1.79
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050414.patch, 1.2, 1.3 selinux-policy-targeted.spec, 1.277, 1.278
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list