rpms/selinux-policy-targeted/devel policy-20050414.patch,1.4,1.5
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 20 15:28:11 UTC 2005
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14936
Modified Files:
policy-20050414.patch
Log Message:
* Tue Apr 19 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-4
- Fix httpd_suexec_t to be able to creat log file
- Add auditctl_t
- Misc fixes
policy-20050414.patch:
Makefile | 6 +--
attrib.te | 6 ++-
domains/program/crond.te | 4 +-
domains/program/cvs.te | 16 +++++++++
domains/program/initrc.te | 6 +--
domains/program/load_policy.te | 1
domains/program/login.te | 2 -
domains/program/modutil.te | 5 ++
domains/program/ssh.te | 2 -
domains/program/syslogd.te | 2 +
domains/program/unused/NetworkManager.te | 7 +++
domains/program/unused/amanda.te | 18 +++++++---
domains/program/unused/apache.te | 5 +-
domains/program/unused/auditd.te | 45 +++++++++++++++++++++++--
domains/program/unused/cups.te | 9 +++--
domains/program/unused/dmidecode.te | 1
domains/program/unused/ftpd.te | 3 -
domains/program/unused/named.te | 1
domains/program/unused/ntpd.te | 2 -
domains/program/unused/prelink.te | 2 -
domains/program/unused/publicfile.te | 6 ---
domains/program/unused/rshd.te | 4 --
domains/program/unused/rsync.te | 2 -
domains/program/unused/xdm.te | 2 -
domains/program/useradd.te | 4 ++
domains/program/uucpd.te | 24 +++++++++++++
file_contexts/distros.fc | 6 +--
file_contexts/program/apache.fc | 1
file_contexts/program/auditd.fc | 8 +++-
file_contexts/program/compat.fc | 55 +++++++++++++++++++++++++++++++
file_contexts/program/crack.fc | 1
file_contexts/program/cvs.fc | 2 +
file_contexts/program/ftpd.fc | 1
file_contexts/program/i18n_input.fc | 1
file_contexts/program/lvm.fc | 1
file_contexts/program/rsync.fc | 1
file_contexts/program/udev.fc | 1
file_contexts/program/uucpd.fc | 5 ++
file_contexts/types.fc | 6 +++
macros/program/apache_macros.te | 2 -
macros/program/chkpwd_macros.te | 1
macros/program/mozilla_macros.te | 5 ++
macros/program/su_macros.te | 1
macros/program/ypbind_macros.te | 4 +-
net_contexts | 12 +++++-
targeted/domains/program/compat.te | 9 +++++
targeted/domains/unconfined.te | 8 +---
tunables/distro.tun | 2 -
tunables/tunable.tun | 6 +--
types/file.te | 3 +
types/network.te | 10 ++---
types/security.te | 8 ++--
52 files changed, 273 insertions(+), 72 deletions(-)
Index: policy-20050414.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050414.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20050414.patch 20 Apr 2005 14:37:00 -0000 1.4
+++ policy-20050414.patch 20 Apr 2005 15:28:08 -0000 1.5
@@ -314,17 +314,6 @@
allow initrc_t cupsd_t:dbus send_msg;
+allow cupsd_t unconfined_t:dbus send_msg;
')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.23.11/domains/program/unused/dhcpc.te
---- nsapolicy/domains/program/unused/dhcpc.te 2005-04-14 15:01:53.000000000 -0400
-+++ policy-1.23.11/domains/program/unused/dhcpc.te 2005-04-20 10:22:14.000000000 -0400
-@@ -110,6 +110,7 @@
- ')
- ifdef(`ifconfig.te', `
- domain_auto_trans(dhcpc_t, ifconfig_exec_t, ifconfig_t)
-+allow ifconfig_t net_conf_t:file ra_file_perms;
- ')dnl end if def ifconfig
-
-
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dmidecode.te policy-1.23.11/domains/program/unused/dmidecode.te
--- nsapolicy/domains/program/unused/dmidecode.te 2005-04-07 13:17:30.000000000 -0400
+++ policy-1.23.11/domains/program/unused/dmidecode.te 2005-04-14 15:20:16.000000000 -0400
@@ -746,20 +735,21 @@
allow $1_su_t etc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ypbind_macros.te policy-1.23.11/macros/program/ypbind_macros.te
--- nsapolicy/macros/program/ypbind_macros.te 2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.11/macros/program/ypbind_macros.te 2005-04-20 10:20:36.000000000 -0400
-@@ -1,9 +1,11 @@
++++ policy-1.23.11/macros/program/ypbind_macros.te 2005-04-20 10:50:42.000000000 -0400
+@@ -1,10 +1,12 @@
define(`uncond_can_ypbind', `
-dontaudit $1 reserved_port_type:{ tcp_socket udp_socket } name_bind;
-+dontaudit $1 reserved_port_type:{ tcp_socket udp_socket } { name_bind name_connect };
can_network($1)
r_dir_file($1,var_yp_t)
allow $1 { reserved_port_t port_t }:{ tcp_socket udp_socket } name_bind;
-+allow $1 portmap_port_t:tcp_socket name_connect;
-+allow $1 port_t:{ tcp_socket udp_socket } name_connect;
++allow $1 { portmap_port_t port_t }:tcp_socket name_connect;
dontaudit $1 self:capability net_bind_service;
++dontaudit $1 reserved_port_type:tcp_socket name_connect;
++dontaudit $1 reserved_port_type:{ tcp_socket udp_socket } name_bind;
')
+ define(`can_ypbind', `
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.23.11/Makefile
--- nsapolicy/Makefile 2005-04-14 15:01:52.000000000 -0400
+++ policy-1.23.11/Makefile 2005-04-14 15:20:16.000000000 -0400
More information about the fedora-cvs-commits
mailing list