rpms/selinux-policy-strict/devel policy-20050425.patch, 1.3, 1.4 selinux-policy-strict.spec, 1.291, 1.292 policy-20050309.patch, 1.5, NONE policy-20050311.patch, 1.4, NONE policy-20050317.patch, 1.3, NONE policy-20050322.patch, 1.9, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 27 21:31:46 UTC 2005
- Previous message (by thread): rpms/rhpl/devel .cvsignore, 1.33, 1.34 rhpl.spec, 1.36, 1.37 sources, 1.35, 1.36
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050425.patch, 1.3, 1.4 selinux-policy-targeted.spec, 1.287, 1.288
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20709
Modified Files:
policy-20050425.patch selinux-policy-strict.spec
Removed Files:
policy-20050309.patch policy-20050311.patch
policy-20050317.patch policy-20050322.patch
Log Message:
* Wed Apr 27 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-4
- Update to fix smtp random device access
- Add i18n_input changes from Akira TAGOH
policy-20050425.patch:
domains/misc/kernel.te | 4 +-
domains/program/fsadm.te | 2 -
domains/program/getty.te | 14 ++-------
domains/program/hostname.te | 1
domains/program/ifconfig.te | 2 +
domains/program/init.te | 4 +-
domains/program/initrc.te | 1
domains/program/klogd.te | 3 +
domains/program/load_policy.te | 3 -
domains/program/mount.te | 1
domains/program/unused/NetworkManager.te | 4 ++
domains/program/unused/amanda.te | 2 +
domains/program/unused/amavis.te | 7 ----
domains/program/unused/apache.te | 16 +++-------
domains/program/unused/apmd.te | 1
domains/program/unused/auditd.te | 15 +++++++--
domains/program/unused/cardmgr.te | 4 +-
domains/program/unused/clamav.te | 2 -
domains/program/unused/consoletype.te | 13 +++-----
domains/program/unused/cups.te | 2 +
domains/program/unused/cyrus.te | 4 --
domains/program/unused/hald.te | 4 ++
domains/program/unused/hotplug.te | 8 +----
domains/program/unused/ntpd.te | 7 ++--
domains/program/unused/portmap.te | 5 +--
domains/program/unused/samba.te | 1
domains/program/unused/snmpd.te | 2 -
domains/program/unused/squid.te | 4 --
domains/program/unused/tinydns.te | 2 -
domains/program/unused/udev.te | 8 +++--
domains/program/unused/webalizer.te | 2 -
domains/user.te | 7 ++++
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 3 +
file_contexts/program/compat.fc | 17 +++++++----
file_contexts/program/crack.fc | 1
file_contexts/program/getty.fc | 2 +
file_contexts/program/i18n_input.fc | 3 +
file_contexts/program/lvm.fc | 1
file_contexts/program/portmap.fc | 1
file_contexts/program/traceroute.fc | 1
file_contexts/program/webalizer.fc | 2 +
file_contexts/types.fc | 8 ++++-
macros/base_user_macros.te | 2 -
macros/core_macros.te | 1
macros/global_macros.te | 12 +++++++
macros/program/cdrecord_macros.te | 2 -
macros/program/mozilla_macros.te | 2 -
man/man8/httpd_selinux.8 | 6 +++
targeted/appconfig/default_contexts | 1
targeted/domains/program/compat.te | 7 ----
targeted/domains/program/crond.te | 2 -
targeted/domains/program/hotplug.te | 17 -----------
targeted/domains/program/sendmail.te | 3 +
targeted/domains/program/udev.te | 17 -----------
targeted/domains/program/xdm.te | 1
targeted/domains/unconfined.te | 3 +
targeted/initial_sid_contexts | 47 -------------------------------
tunables/distro.tun | 2 -
tunables/tunable.tun | 6 +--
types/network.te | 1
61 files changed, 153 insertions(+), 174 deletions(-)
Index: policy-20050425.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050425.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050425.patch 26 Apr 2005 16:12:27 -0000 1.3
+++ policy-20050425.patch 27 Apr 2005 21:31:43 -0000 1.4
@@ -1,5 +1,5 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.13/domains/misc/kernel.te
---- nsapolicy/domains/misc/kernel.te 2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/misc/kernel.te 2005-04-27 10:28:48.000000000 -0400
+++ policy-1.23.13/domains/misc/kernel.te 2005-04-26 10:00:08.000000000 -0400
@@ -63,4 +63,6 @@
# /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
@@ -10,7 +10,7 @@
+unconfined_domain(kernel_t)
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.23.13/domains/program/fsadm.te
---- nsapolicy/domains/program/fsadm.te 2005-04-04 10:21:10.000000000 -0400
+--- nsapolicy/domains/program/fsadm.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/fsadm.te 2005-04-25 15:18:00.000000000 -0400
@@ -100,7 +100,7 @@
allow fsadm_t kernel_t:system syslog_console;
@@ -22,7 +22,7 @@
allow fsadm_t privfd:fd use;
allow fsadm_t devpts_t:dir { getattr search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.23.13/domains/program/getty.te
---- nsapolicy/domains/program/getty.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/getty.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/getty.te 2005-04-25 15:18:00.000000000 -0400
@@ -23,18 +23,9 @@
allow getty_t self:unix_dgram_socket create_socket_perms;
@@ -59,15 +59,28 @@
+var_run_domain(getty)
+allow getty_t self:capability { fowner fsetid };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/hostname.te policy-1.23.13/domains/program/hostname.te
---- nsapolicy/domains/program/hostname.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/hostname.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/hostname.te 2005-04-25 15:48:24.000000000 -0400
@@ -24,3 +24,4 @@
ifdef(`distro_redhat', `
allow hostname_t tmpfs_t:chr_file rw_file_perms;
')
+allow hostname_t initrc_devpts_t:chr_file { read write };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.23.13/domains/program/ifconfig.te
+--- nsapolicy/domains/program/ifconfig.te 2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/ifconfig.te 2005-04-27 17:29:26.000000000 -0400
+@@ -21,7 +21,9 @@
+ general_domain_access(ifconfig_t)
+
+ domain_auto_trans(initrc_t, ifconfig_exec_t, ifconfig_t)
++ifdef(`targeted_policy', `', `
+ domain_auto_trans(sysadm_t, ifconfig_exec_t, ifconfig_t)
++')
+
+ # for /sbin/ip
+ allow ifconfig_t self:netlink_route_socket rw_netlink_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.23.13/domains/program/initrc.te
---- nsapolicy/domains/program/initrc.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/initrc.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/initrc.te 2005-04-25 15:18:00.000000000 -0400
@@ -253,6 +253,7 @@
allow unconfined_t initrc_t:dbus { acquire_svc send_msg };
@@ -78,9 +91,17 @@
run_program(sysadm_t, sysadm_r, init, initrc_exec_t, initrc_t)
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/init.te policy-1.23.13/domains/program/init.te
---- nsapolicy/domains/program/init.te 2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.13/domains/program/init.te 2005-04-25 16:11:57.000000000 -0400
-@@ -131,10 +131,9 @@
+--- nsapolicy/domains/program/init.te 2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/init.te 2005-04-27 16:52:24.000000000 -0400
+@@ -82,6 +82,7 @@
+ # Modify utmp.
+ allow init_t var_run_t:file rw_file_perms;
+ allow init_t initrc_var_run_t:file { setattr rw_file_perms };
++can_unix_connect(init_t, initrc_t)
+
+ # For /var/run/shutdown.pid.
+ var_run_domain(init)
+@@ -131,10 +132,9 @@
allow init_t lib_t:file { getattr read };
@@ -93,7 +114,7 @@
r_dir_file(init_t, selinux_config_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/klogd.te policy-1.23.13/domains/program/klogd.te
---- nsapolicy/domains/program/klogd.te 2005-02-24 14:51:08.000000000 -0500
+--- nsapolicy/domains/program/klogd.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/klogd.te 2005-04-25 15:18:00.000000000 -0400
@@ -43,3 +43,6 @@
# Read /boot/System.map*
@@ -103,7 +124,7 @@
+allow klogd_t unconfined_t:system syslog_mod;
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.13/domains/program/load_policy.te
---- nsapolicy/domains/program/load_policy.te 2005-04-20 15:40:34.000000000 -0400
+--- nsapolicy/domains/program/load_policy.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/load_policy.te 2005-04-25 15:18:00.000000000 -0400
@@ -39,6 +39,7 @@
# only allow read of policy config files
@@ -119,8 +140,19 @@
read_locale(load_policy_t)
-r_dir_file(load_policy_t, selinux_config_t)
-allow load_policy_t proc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.23.13/domains/program/mount.te
+--- nsapolicy/domains/program/mount.te 2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/mount.te 2005-04-27 10:42:39.000000000 -0400
+@@ -40,6 +40,7 @@
+ allow mount_t default_t:dir mounton;
+ allow mount_t file_t:dir mounton;
+ allow mount_t usr_t:dir mounton;
++allow mount_t src_t:dir mounton;
+ allow mount_t var_t:dir mounton;
+ allow mount_t proc_t:dir mounton;
+ allow mount_t root_t:dir mounton;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amanda.te policy-1.23.13/domains/program/unused/amanda.te
---- nsapolicy/domains/program/unused/amanda.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/amanda.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/amanda.te 2005-04-26 12:02:46.000000000 -0400
@@ -303,6 +303,7 @@
@@ -139,7 +171,7 @@
dontaudit amanda_t security_t:dir { getattr read };
dontaudit amanda_t sysfs_t:dir { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amavis.te policy-1.23.13/domains/program/unused/amavis.te
---- nsapolicy/domains/program/unused/amavis.te 2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/domains/program/unused/amavis.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/amavis.te 2005-04-25 15:18:00.000000000 -0400
@@ -13,7 +13,7 @@
type amavisd_lib_t, file_type, sysadmfile;
@@ -160,7 +192,7 @@
-allow tmpreaper_t amavisd_quarantine_t:file getattr;
-')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.13/domains/program/unused/apache.te
---- nsapolicy/domains/program/unused/apache.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/apache.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/apache.te 2005-04-25 15:18:00.000000000 -0400
@@ -290,7 +290,7 @@
allow httpd_helper_t httpd_log_t:file { append };
@@ -215,7 +247,7 @@
-
-allow httpd_t var_t:file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.23.13/domains/program/unused/apmd.te
---- nsapolicy/domains/program/unused/apmd.te 2005-04-04 10:21:10.000000000 -0400
+--- nsapolicy/domains/program/unused/apmd.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/apmd.te 2005-04-25 16:03:20.000000000 -0400
@@ -108,6 +108,7 @@
#
@@ -226,7 +258,7 @@
# Same for apm/acpid scripts
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.13/domains/program/unused/auditd.te
---- nsapolicy/domains/program/unused/auditd.te 2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/auditd.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/auditd.te 2005-04-25 15:18:00.000000000 -0400
@@ -2,6 +2,8 @@
#
@@ -267,7 +299,7 @@
+allow auditd_t self:process setsched;
+dontaudit auditctl_t init_t:fd use;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cardmgr.te policy-1.23.13/domains/program/unused/cardmgr.te
---- nsapolicy/domains/program/unused/cardmgr.te 2005-02-24 14:51:07.000000000 -0500
+--- nsapolicy/domains/program/unused/cardmgr.te 2005-04-27 10:28:49.000000000 -0400
+++ policy-1.23.13/domains/program/unused/cardmgr.te 2005-04-26 09:57:58.000000000 -0400
@@ -61,7 +61,9 @@
allow cardmgr_t proc_t:file { getattr read ioctl };
@@ -281,7 +313,7 @@
allow cardmgr_t ttyfile:chr_file getattr;
dontaudit cardmgr_t ptyfile:chr_file getattr;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/clamav.te policy-1.23.13/domains/program/unused/clamav.te
---- nsapolicy/domains/program/unused/clamav.te 2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/domains/program/unused/clamav.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.13/domains/program/unused/clamav.te 2005-04-25 15:18:00.000000000 -0400
@@ -22,7 +22,7 @@
# Freshclam
@@ -293,7 +325,7 @@
# not sure why it needs this
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/consoletype.te policy-1.23.13/domains/program/unused/consoletype.te
---- nsapolicy/domains/program/unused/consoletype.te 2005-03-21 22:32:18.000000000 -0500
+--- nsapolicy/domains/program/unused/consoletype.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.13/domains/program/unused/consoletype.te 2005-04-25 15:18:00.000000000 -0400
@@ -19,29 +19,28 @@
uses_shlib(consoletype_t)
@@ -332,7 +364,7 @@
allow consoletype_t sysadm_t:fifo_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.13/domains/program/unused/cups.te
---- nsapolicy/domains/program/unused/cups.te 2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/domains/program/unused/cups.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.13/domains/program/unused/cups.te 2005-04-25 15:18:00.000000000 -0400
@@ -17,6 +17,7 @@
type cupsd_rw_etc_t, file_type, sysadmfile, usercanread;
@@ -351,7 +383,7 @@
can_tcp_connect(cupsd_config_t, cupsd_t)
allow cupsd_config_t self:fifo_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.23.13/domains/program/unused/cyrus.te
---- nsapolicy/domains/program/unused/cyrus.te 2005-03-24 08:58:26.000000000 -0500
+--- nsapolicy/domains/program/unused/cyrus.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.13/domains/program/unused/cyrus.te 2005-04-26 11:29:42.000000000 -0400
@@ -15,8 +15,6 @@
allow cyrus_t self:capability { dac_override net_bind_service setgid setuid sys_resource };
@@ -378,7 +410,7 @@
')
allow cyrus_t mail_port_t:tcp_socket name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.13/domains/program/unused/hald.te
---- nsapolicy/domains/program/unused/hald.te 2005-04-07 22:22:55.000000000 -0400
+--- nsapolicy/domains/program/unused/hald.te 2005-04-27 10:28:51.000000000 -0400
+++ policy-1.23.13/domains/program/unused/hald.te 2005-04-25 15:18:00.000000000 -0400
@@ -93,3 +93,7 @@
ifdef(`lvm.te', `
@@ -389,7 +421,7 @@
+allow hald_t unconfined_t:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.13/domains/program/unused/hotplug.te
---- nsapolicy/domains/program/unused/hotplug.te 2005-03-11 15:31:06.000000000 -0500
+--- nsapolicy/domains/program/unused/hotplug.te 2005-04-27 10:28:51.000000000 -0400
+++ policy-1.23.13/domains/program/unused/hotplug.te 2005-04-25 15:18:00.000000000 -0400
@@ -83,7 +83,9 @@
allow hotplug_t self:file getattr;
@@ -412,9 +444,32 @@
-')
-
allow kernel_t hotplug_etc_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.13/domains/program/unused/NetworkManager.te
+--- nsapolicy/domains/program/unused/NetworkManager.te 2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/unused/NetworkManager.te 2005-04-27 16:52:07.000000000 -0400
+@@ -35,11 +35,14 @@
+ #
+ # Communicate with Caching Name Server
+ #
++ifdef(`named.te', `
+ allow NetworkManager_t named_zone_t:dir search;
+ rw_dir_create_file(NetworkManager_t, named_cache_t)
+ domain_auto_trans(NetworkManager_t, named_exec_t, named_t)
+ allow named_t NetworkManager_t:udp_socket { read write };
++allow named_t NetworkManager_t:netlink_route_socket { read write };
+ allow NetworkManager_t named_t:process signal;
++')
+
+ allow NetworkManager_t selinux_config_t:dir search;
+ allow NetworkManager_t selinux_config_t:file { getattr read };
+@@ -87,3 +90,4 @@
+ domain_auto_trans(NetworkManager_t, insmod_exec_t, insmod_t)
+ allow NetworkManager_t self:netlink_route_socket r_netlink_socket_perms;
+
++domain_auto_trans(NetworkManager_t, initrc_exec_t, initrc_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.23.13/domains/program/unused/ntpd.te
---- nsapolicy/domains/program/unused/ntpd.te 2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/ntpd.te 2005-04-25 15:18:00.000000000 -0400
+--- nsapolicy/domains/program/unused/ntpd.te 2005-04-27 10:28:52.000000000 -0400
++++ policy-1.23.13/domains/program/unused/ntpd.te 2005-04-27 08:00:35.000000000 -0400
@@ -14,7 +14,6 @@
type ntpdate_exec_t, file_type, sysadmfile, exec_type;
@@ -423,6 +478,15 @@
logdir_domain(ntpd)
+@@ -26,7 +25,7 @@
+ allow ntpd_t ntp_drift_t:file create_file_perms;
+
+ # for SSP
+-allow ntpd_t urandom_device_t:chr_file read;
++allow ntpd_t urandom_device_t:chr_file { getattr read };
+
+ allow ntpd_t self:capability { kill setgid setuid sys_time net_bind_service ipc_lock sys_chroot };
+ dontaudit ntpd_t self:capability { net_admin };
@@ -45,6 +44,7 @@
allow ntpd_t ntp_port_t:tcp_socket name_connect;
can_ypbind(ntpd_t)
@@ -431,13 +495,15 @@
allow ntpd_t self:unix_dgram_socket create_socket_perms;
allow ntpd_t self:unix_stream_socket create_socket_perms;
allow ntpd_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -85,4 +85,3 @@
+@@ -85,4 +85,5 @@
allow ntpd_t winbind_var_run_t:dir r_dir_perms;
allow ntpd_t winbind_var_run_t:sock_file rw_file_perms;
')
-allow sysadm_t ntp_port_t:udp_socket name_bind;
++# For clock devices like wwvb1
++allow ntpd_t device_t:lnk_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.23.13/domains/program/unused/portmap.te
---- nsapolicy/domains/program/unused/portmap.te 2005-03-24 08:58:27.000000000 -0500
+--- nsapolicy/domains/program/unused/portmap.te 2005-04-27 10:28:52.000000000 -0400
+++ policy-1.23.13/domains/program/unused/portmap.te 2005-04-25 15:18:00.000000000 -0400
@@ -58,13 +58,14 @@
domain_auto_trans(initrc_t, portmap_helper_exec_t, portmap_helper_t)
@@ -457,7 +523,7 @@
allow portmap_helper_t reserved_port_t:{ tcp_socket udp_socket } name_bind;
dontaudit portmap_helper_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.23.13/domains/program/unused/samba.te
---- nsapolicy/domains/program/unused/samba.te 2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/program/unused/samba.te 2005-04-27 10:28:52.000000000 -0400
+++ policy-1.23.13/domains/program/unused/samba.te 2005-04-25 15:18:58.000000000 -0400
@@ -133,6 +133,7 @@
# Access samba config
@@ -467,8 +533,20 @@
# Write samba log
allow smbmount_t samba_log_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.23.13/domains/program/unused/snmpd.te
+--- nsapolicy/domains/program/unused/snmpd.te 2005-04-27 10:28:53.000000000 -0400
++++ policy-1.23.13/domains/program/unused/snmpd.te 2005-04-26 15:34:21.000000000 -0400
+@@ -37,7 +37,7 @@
+ allow snmpd_t self:unix_stream_socket create_socket_perms;
+ allow snmpd_t etc_t:lnk_file read;
+ allow snmpd_t { etc_t etc_runtime_t }:file r_file_perms;
+-allow snmpd_t urandom_device_t:chr_file read;
++allow snmpd_t { random_device_t urandom_device_t }:chr_file { getattr read };
+ allow snmpd_t self:capability { dac_override kill net_bind_service net_admin sys_nice sys_tty_config };
+
+ allow snmpd_t proc_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.23.13/domains/program/unused/squid.te
---- nsapolicy/domains/program/unused/squid.te 2005-04-04 10:21:11.000000000 -0400
+--- nsapolicy/domains/program/unused/squid.te 2005-04-27 10:28:53.000000000 -0400
+++ policy-1.23.13/domains/program/unused/squid.te 2005-04-25 15:18:00.000000000 -0400
@@ -55,9 +55,7 @@
can_network(squid_t)
@@ -482,7 +560,7 @@
can_tcp_connect(web_client_domain, squid_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/tinydns.te policy-1.23.13/domains/program/unused/tinydns.te
---- nsapolicy/domains/program/unused/tinydns.te 2005-02-24 14:51:08.000000000 -0500
+--- nsapolicy/domains/program/unused/tinydns.te 2005-04-27 10:28:53.000000000 -0400
+++ policy-1.23.13/domains/program/unused/tinydns.te 2005-04-25 15:18:00.000000000 -0400
@@ -36,7 +36,7 @@
can_udp_send(domain, tinydns_t)
@@ -494,7 +572,7 @@
#read configuration files
r_dir_file(tinydns_t, tinydns_conf_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.23.13/domains/program/unused/udev.te
---- nsapolicy/domains/program/unused/udev.te 2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/domains/program/unused/udev.te 2005-04-27 10:28:53.000000000 -0400
+++ policy-1.23.13/domains/program/unused/udev.te 2005-04-25 21:41:17.000000000 -0400
@@ -33,7 +33,7 @@
allow udev_t self:unix_stream_socket {connectto create_stream_socket_perms};
@@ -530,7 +608,7 @@
+unconfined_domain(udev_t)
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.23.13/domains/program/unused/webalizer.te
---- nsapolicy/domains/program/unused/webalizer.te 2005-02-24 14:51:07.000000000 -0500
+--- nsapolicy/domains/program/unused/webalizer.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/domains/program/unused/webalizer.te 2005-04-25 15:18:00.000000000 -0400
@@ -4,7 +4,7 @@
#
@@ -542,7 +620,7 @@
system_crond_entry(webalizer_exec_t,webalizer_t)
role system_r types webalizer_t;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.13/domains/user.te
---- nsapolicy/domains/user.te 2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/user.te 2005-04-27 10:28:48.000000000 -0400
+++ policy-1.23.13/domains/user.te 2005-04-25 15:18:00.000000000 -0400
@@ -132,3 +132,10 @@
# "ps aux" and "ls -l /dev/pts" make too much noise without this
@@ -578,14 +656,14 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/compat.fc policy-1.23.13/file_contexts/program/compat.fc
--- nsapolicy/file_contexts/program/compat.fc 2005-04-20 08:58:41.000000000 -0400
-+++ policy-1.23.13/file_contexts/program/compat.fc 2005-04-25 15:18:00.000000000 -0400
++++ policy-1.23.13/file_contexts/program/compat.fc 2005-04-27 17:13:39.000000000 -0400
@@ -1,19 +1,23 @@
+ifdef(`setfiles.te', `', `
# setfiles
/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
+')
-+ifdef(`mout.te', `', `
++ifdef(`mount.te', `', `
# mount
/bin/mount.* -- system_u:object_r:mount_exec_t
/bin/umount.* -- system_u:object_r:mount_exec_t
@@ -636,6 +714,18 @@
/etc/mgetty(/.*)? system_u:object_r:getty_etc_t
+/var/run/mgetty\.pid.* -- system_u:object_r:getty_var_run_t
+/var/log/mgetty\.log.* -- system_u:object_r:getty_log_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/i18n_input.fc policy-1.23.13/file_contexts/program/i18n_input.fc
+--- nsapolicy/file_contexts/program/i18n_input.fc 2005-04-25 14:48:59.000000000 -0400
++++ policy-1.23.13/file_contexts/program/i18n_input.fc 2005-04-27 10:30:39.000000000 -0400
+@@ -4,5 +4,8 @@
+ /usr/bin/iiimd -- system_u:object_r:i18n_input_exec_t
+ /usr/bin/httx -- system_u:object_r:i18n_input_exec_t
+ /usr/bin/htt_xbe -- system_u:object_r:i18n_input_exec_t
++/usr/bin/iiimx -- system_u:object_r:i18n_input_exec_t
++/usr/lib/iiim/iiim-xbe -- system_u:object_r:i18n_input_exec_t
+ /usr/lib(64)?/im/.*\.so.* -- system_u:object_r:shlib_t
++/usr/lib(64)?/iiim/.*\.so.* -- system_u:object_r:shlib_t
+ /var/run/iiim(/.*)? system_u:object_r:i18n_input_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/lvm.fc policy-1.23.13/file_contexts/program/lvm.fc
--- nsapolicy/file_contexts/program/lvm.fc 2005-04-20 15:40:35.000000000 -0400
+++ policy-1.23.13/file_contexts/program/lvm.fc 2005-04-25 15:41:19.000000000 -0400
@@ -706,7 +796,7 @@
#
/initrd -d system_u:object_r:root_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.13/macros/base_user_macros.te
---- nsapolicy/macros/base_user_macros.te 2005-04-14 15:01:54.000000000 -0400
+--- nsapolicy/macros/base_user_macros.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/macros/base_user_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -317,7 +317,7 @@
allow $1_t devtty_t:chr_file rw_file_perms;
@@ -718,7 +808,7 @@
# Added to allow reading of cdrom
#
diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.23.13/macros/core_macros.te
---- nsapolicy/macros/core_macros.te 2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/macros/core_macros.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/macros/core_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -361,6 +361,7 @@
# Get the selinuxfs mount point via /proc/self/mounts.
@@ -729,7 +819,7 @@
allow $1 self:file { getattr read };
# Access selinuxfs.
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.13/macros/global_macros.te
---- nsapolicy/macros/global_macros.te 2005-04-14 15:01:54.000000000 -0400
+--- nsapolicy/macros/global_macros.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/macros/global_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -406,8 +406,19 @@
@@ -760,7 +850,7 @@
# Create/access any System V IPC objects.
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/cdrecord_macros.te policy-1.23.13/macros/program/cdrecord_macros.te
---- nsapolicy/macros/program/cdrecord_macros.te 2005-02-24 14:51:09.000000000 -0500
+--- nsapolicy/macros/program/cdrecord_macros.te 2005-04-27 10:28:54.000000000 -0400
+++ policy-1.23.13/macros/program/cdrecord_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -40,7 +40,7 @@
allow $1_cdrecord_t etc_t:file { getattr read };
@@ -772,7 +862,7 @@
# allow cdrecord to write the CD
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.13/macros/program/mozilla_macros.te
---- nsapolicy/macros/program/mozilla_macros.te 2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/macros/program/mozilla_macros.te 2005-04-27 10:28:55.000000000 -0400
+++ policy-1.23.13/macros/program/mozilla_macros.te 2005-04-25 15:18:00.000000000 -0400
@@ -32,7 +32,7 @@
file_browse_domain($1_mozilla_t)
@@ -810,7 +900,7 @@
system_r:rshd_t system_r:unconfined_t
system_r:crond_t system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/compat.te policy-1.23.13/targeted/domains/program/compat.te
---- nsapolicy/targeted/domains/program/compat.te 2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/targeted/domains/program/compat.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/compat.te 2005-04-26 11:45:35.000000000 -0400
@@ -1,8 +1,3 @@
-typealias sbin_t alias setfiles_exec_t;
@@ -823,7 +913,7 @@
-typealias sbin_t alias kudzu_exec_t;
+typealias bin_t alias loadkeys_exec_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.23.13/targeted/domains/program/crond.te
---- nsapolicy/targeted/domains/program/crond.te 2005-03-11 15:31:07.000000000 -0500
+--- nsapolicy/targeted/domains/program/crond.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/crond.te 2005-04-26 08:38:04.000000000 -0400
@@ -18,7 +18,6 @@
type system_cron_spool_t, file_type, sysadmfile;
@@ -839,7 +929,7 @@
allow crond_t unconfined_t:process transition;
+var_run_domain(crond)
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.23.13/targeted/domains/program/hotplug.te
---- nsapolicy/targeted/domains/program/hotplug.te 2005-03-11 15:31:07.000000000 -0500
+--- nsapolicy/targeted/domains/program/hotplug.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/hotplug.te 1969-12-31 19:00:00.000000000 -0500
@@ -1,17 +0,0 @@
-#DESC Hotplug - Hardware event manager
@@ -860,7 +950,7 @@
-typealias var_run_t alias hotplug_var_run_t;
-typealias etc_t alias hotplug_etc_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/sendmail.te policy-1.23.13/targeted/domains/program/sendmail.te
---- nsapolicy/targeted/domains/program/sendmail.te 2005-02-24 14:51:10.000000000 -0500
+--- nsapolicy/targeted/domains/program/sendmail.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/sendmail.te 2005-04-25 16:05:32.000000000 -0400
@@ -12,6 +12,7 @@
#
@@ -872,7 +962,7 @@
+var_run_domain(sendmail)
+
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/udev.te policy-1.23.13/targeted/domains/program/udev.te
---- nsapolicy/targeted/domains/program/udev.te 2005-02-24 14:51:10.000000000 -0500
+--- nsapolicy/targeted/domains/program/udev.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/udev.te 1969-12-31 19:00:00.000000000 -0500
@@ -1,17 +0,0 @@
-#DESC udev - Linux configurable dynamic device naming support
@@ -893,7 +983,7 @@
-type udev_tdb_t, file_type, sysadmfile, dev_fs;
-typealias udev_tdb_t alias udev_tbl_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/xdm.te policy-1.23.13/targeted/domains/program/xdm.te
---- nsapolicy/targeted/domains/program/xdm.te 2005-03-15 08:02:24.000000000 -0500
+--- nsapolicy/targeted/domains/program/xdm.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/program/xdm.te 2005-04-25 15:18:00.000000000 -0400
@@ -20,3 +20,4 @@
type xdm_var_lib_t, file_type, sysadmfile;
@@ -901,7 +991,7 @@
domain_auto_trans(initrc_t, xdm_exec_t, xdm_t)
+domain_auto_trans(init_t, xdm_exec_t, xdm_t)
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.23.13/targeted/domains/unconfined.te
---- nsapolicy/targeted/domains/unconfined.te 2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/targeted/domains/unconfined.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/targeted/domains/unconfined.te 2005-04-25 15:18:00.000000000 -0400
@@ -15,7 +15,7 @@
# Define some type aliases to help with compatibility with
@@ -1010,7 +1100,7 @@
# Allow xinetd to run unconfined, including any services it starts
# that do not have a domain transition explicitly defined.
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.13/types/network.te
---- nsapolicy/types/network.te 2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/types/network.te 2005-04-27 10:28:56.000000000 -0400
+++ policy-1.23.13/types/network.te 2005-04-25 15:18:00.000000000 -0400
@@ -31,6 +31,7 @@
type http_cache_port_t, port_type, reserved_port_type;
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.291
retrieving revision 1.292
diff -u -r1.291 -r1.292
--- selinux-policy-strict.spec 26 Apr 2005 16:12:27 -0000 1.291
+++ selinux-policy-strict.spec 27 Apr 2005 21:31:43 -0000 1.292
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.13
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,6 +220,10 @@
exit 0
%changelog
+* Wed Apr 27 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-4
+- Update to fix smtp random device access
+- Add i18n_input changes from Akira TAGOH
+
* Tue Apr 26 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-3
- Fix turboprint/cups integration
--- policy-20050309.patch DELETED ---
--- policy-20050311.patch DELETED ---
--- policy-20050317.patch DELETED ---
--- policy-20050322.patch DELETED ---
- Previous message (by thread): rpms/rhpl/devel .cvsignore, 1.33, 1.34 rhpl.spec, 1.36, 1.37 sources, 1.35, 1.36
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050425.patch, 1.3, 1.4 selinux-policy-targeted.spec, 1.287, 1.288
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list