rpms/selinux-policy-strict/devel policy-20050425.patch, 1.3, 1.4 selinux-policy-strict.spec, 1.291, 1.292 policy-20050309.patch, 1.5, NONE policy-20050311.patch, 1.4, NONE policy-20050317.patch, 1.3, NONE policy-20050322.patch, 1.9, NONE

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Apr 27 21:31:46 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20709

Modified Files:
	policy-20050425.patch selinux-policy-strict.spec 
Removed Files:
	policy-20050309.patch policy-20050311.patch 
	policy-20050317.patch policy-20050322.patch 
Log Message:
* Wed Apr 27 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-4
- Update to fix smtp random device access
- Add i18n_input changes from Akira TAGOH


policy-20050425.patch:
 domains/misc/kernel.te                   |    4 +-
 domains/program/fsadm.te                 |    2 -
 domains/program/getty.te                 |   14 ++-------
 domains/program/hostname.te              |    1 
 domains/program/ifconfig.te              |    2 +
 domains/program/init.te                  |    4 +-
 domains/program/initrc.te                |    1 
 domains/program/klogd.te                 |    3 +
 domains/program/load_policy.te           |    3 -
 domains/program/mount.te                 |    1 
 domains/program/unused/NetworkManager.te |    4 ++
 domains/program/unused/amanda.te         |    2 +
 domains/program/unused/amavis.te         |    7 ----
 domains/program/unused/apache.te         |   16 +++-------
 domains/program/unused/apmd.te           |    1 
 domains/program/unused/auditd.te         |   15 +++++++--
 domains/program/unused/cardmgr.te        |    4 +-
 domains/program/unused/clamav.te         |    2 -
 domains/program/unused/consoletype.te    |   13 +++-----
 domains/program/unused/cups.te           |    2 +
 domains/program/unused/cyrus.te          |    4 --
 domains/program/unused/hald.te           |    4 ++
 domains/program/unused/hotplug.te        |    8 +----
 domains/program/unused/ntpd.te           |    7 ++--
 domains/program/unused/portmap.te        |    5 +--
 domains/program/unused/samba.te          |    1 
 domains/program/unused/snmpd.te          |    2 -
 domains/program/unused/squid.te          |    4 --
 domains/program/unused/tinydns.te        |    2 -
 domains/program/unused/udev.te           |    8 +++--
 domains/program/unused/webalizer.te      |    2 -
 domains/user.te                          |    7 ++++
 file_contexts/distros.fc                 |    1 
 file_contexts/program/apache.fc          |    3 +
 file_contexts/program/compat.fc          |   17 +++++++----
 file_contexts/program/crack.fc           |    1 
 file_contexts/program/getty.fc           |    2 +
 file_contexts/program/i18n_input.fc      |    3 +
 file_contexts/program/lvm.fc             |    1 
 file_contexts/program/portmap.fc         |    1 
 file_contexts/program/traceroute.fc      |    1 
 file_contexts/program/webalizer.fc       |    2 +
 file_contexts/types.fc                   |    8 ++++-
 macros/base_user_macros.te               |    2 -
 macros/core_macros.te                    |    1 
 macros/global_macros.te                  |   12 +++++++
 macros/program/cdrecord_macros.te        |    2 -
 macros/program/mozilla_macros.te         |    2 -
 man/man8/httpd_selinux.8                 |    6 +++
 targeted/appconfig/default_contexts      |    1 
 targeted/domains/program/compat.te       |    7 ----
 targeted/domains/program/crond.te        |    2 -
 targeted/domains/program/hotplug.te      |   17 -----------
 targeted/domains/program/sendmail.te     |    3 +
 targeted/domains/program/udev.te         |   17 -----------
 targeted/domains/program/xdm.te          |    1 
 targeted/domains/unconfined.te           |    3 +
 targeted/initial_sid_contexts            |   47 -------------------------------
 tunables/distro.tun                      |    2 -
 tunables/tunable.tun                     |    6 +--
 types/network.te                         |    1 
 61 files changed, 153 insertions(+), 174 deletions(-)

Index: policy-20050425.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050425.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050425.patch	26 Apr 2005 16:12:27 -0000	1.3
+++ policy-20050425.patch	27 Apr 2005 21:31:43 -0000	1.4
@@ -1,5 +1,5 @@
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.13/domains/misc/kernel.te
---- nsapolicy/domains/misc/kernel.te	2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/misc/kernel.te	2005-04-27 10:28:48.000000000 -0400
 +++ policy-1.23.13/domains/misc/kernel.te	2005-04-26 10:00:08.000000000 -0400
 @@ -63,4 +63,6 @@
  # /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
@@ -10,7 +10,7 @@
 +unconfined_domain(kernel_t)
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.23.13/domains/program/fsadm.te
---- nsapolicy/domains/program/fsadm.te	2005-04-04 10:21:10.000000000 -0400
+--- nsapolicy/domains/program/fsadm.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/fsadm.te	2005-04-25 15:18:00.000000000 -0400
 @@ -100,7 +100,7 @@
  allow fsadm_t kernel_t:system syslog_console;
@@ -22,7 +22,7 @@
  allow fsadm_t privfd:fd use;
  allow fsadm_t devpts_t:dir { getattr search };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.23.13/domains/program/getty.te
---- nsapolicy/domains/program/getty.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/getty.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/getty.te	2005-04-25 15:18:00.000000000 -0400
 @@ -23,18 +23,9 @@
  allow getty_t self:unix_dgram_socket create_socket_perms;
@@ -59,15 +59,28 @@
 +var_run_domain(getty)
 +allow getty_t self:capability { fowner fsetid };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/hostname.te policy-1.23.13/domains/program/hostname.te
---- nsapolicy/domains/program/hostname.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/hostname.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/hostname.te	2005-04-25 15:48:24.000000000 -0400
 @@ -24,3 +24,4 @@
  ifdef(`distro_redhat', `
  allow hostname_t tmpfs_t:chr_file rw_file_perms;
  ')
 +allow hostname_t initrc_devpts_t:chr_file { read write };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.23.13/domains/program/ifconfig.te
+--- nsapolicy/domains/program/ifconfig.te	2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/ifconfig.te	2005-04-27 17:29:26.000000000 -0400
+@@ -21,7 +21,9 @@
+ general_domain_access(ifconfig_t)
+ 
+ domain_auto_trans(initrc_t, ifconfig_exec_t, ifconfig_t)
++ifdef(`targeted_policy', `', `
+ domain_auto_trans(sysadm_t, ifconfig_exec_t, ifconfig_t)
++')
+ 
+ # for /sbin/ip
+ allow ifconfig_t self:netlink_route_socket rw_netlink_socket_perms;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.23.13/domains/program/initrc.te
---- nsapolicy/domains/program/initrc.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/initrc.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/initrc.te	2005-04-25 15:18:00.000000000 -0400
 @@ -253,6 +253,7 @@
  allow unconfined_t initrc_t:dbus { acquire_svc send_msg };
@@ -78,9 +91,17 @@
  run_program(sysadm_t, sysadm_r, init, initrc_exec_t, initrc_t)
  ')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/init.te policy-1.23.13/domains/program/init.te
---- nsapolicy/domains/program/init.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.13/domains/program/init.te	2005-04-25 16:11:57.000000000 -0400
-@@ -131,10 +131,9 @@
+--- nsapolicy/domains/program/init.te	2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/init.te	2005-04-27 16:52:24.000000000 -0400
+@@ -82,6 +82,7 @@
+ # Modify utmp.
+ allow init_t var_run_t:file rw_file_perms;
+ allow init_t initrc_var_run_t:file { setattr rw_file_perms };
++can_unix_connect(init_t, initrc_t)
+ 
+ # For /var/run/shutdown.pid.
+ var_run_domain(init)
+@@ -131,10 +132,9 @@
  
  allow init_t lib_t:file { getattr read };
  
@@ -93,7 +114,7 @@
  
  r_dir_file(init_t, selinux_config_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/klogd.te policy-1.23.13/domains/program/klogd.te
---- nsapolicy/domains/program/klogd.te	2005-02-24 14:51:08.000000000 -0500
+--- nsapolicy/domains/program/klogd.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/klogd.te	2005-04-25 15:18:00.000000000 -0400
 @@ -43,3 +43,6 @@
  # Read /boot/System.map*
@@ -103,7 +124,7 @@
 +allow klogd_t unconfined_t:system syslog_mod;
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.13/domains/program/load_policy.te
---- nsapolicy/domains/program/load_policy.te	2005-04-20 15:40:34.000000000 -0400
+--- nsapolicy/domains/program/load_policy.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/load_policy.te	2005-04-25 15:18:00.000000000 -0400
 @@ -39,6 +39,7 @@
  # only allow read of policy config files
@@ -119,8 +140,19 @@
  read_locale(load_policy_t)
 -r_dir_file(load_policy_t, selinux_config_t)
 -allow load_policy_t proc_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.23.13/domains/program/mount.te
+--- nsapolicy/domains/program/mount.te	2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/mount.te	2005-04-27 10:42:39.000000000 -0400
+@@ -40,6 +40,7 @@
+ allow mount_t default_t:dir mounton;
+ allow mount_t file_t:dir mounton;
+ allow mount_t usr_t:dir mounton;
++allow mount_t src_t:dir mounton;
+ allow mount_t var_t:dir mounton;
+ allow mount_t proc_t:dir mounton;
+ allow mount_t root_t:dir mounton;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amanda.te policy-1.23.13/domains/program/unused/amanda.te
---- nsapolicy/domains/program/unused/amanda.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/amanda.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/amanda.te	2005-04-26 12:02:46.000000000 -0400
 @@ -303,6 +303,7 @@
  
@@ -139,7 +171,7 @@
  dontaudit amanda_t security_t:dir { getattr read };
  dontaudit amanda_t sysfs_t:dir { getattr read };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amavis.te policy-1.23.13/domains/program/unused/amavis.te
---- nsapolicy/domains/program/unused/amavis.te	2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/domains/program/unused/amavis.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/amavis.te	2005-04-25 15:18:00.000000000 -0400
 @@ -13,7 +13,7 @@
  type amavisd_lib_t, file_type, sysadmfile;
@@ -160,7 +192,7 @@
 -allow tmpreaper_t amavisd_quarantine_t:file getattr;
 -')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.13/domains/program/unused/apache.te
---- nsapolicy/domains/program/unused/apache.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/apache.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/apache.te	2005-04-25 15:18:00.000000000 -0400
 @@ -290,7 +290,7 @@
  allow httpd_helper_t httpd_log_t:file { append };
@@ -215,7 +247,7 @@
 -
 -allow httpd_t var_t:file read;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.23.13/domains/program/unused/apmd.te
---- nsapolicy/domains/program/unused/apmd.te	2005-04-04 10:21:10.000000000 -0400
+--- nsapolicy/domains/program/unused/apmd.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/apmd.te	2005-04-25 16:03:20.000000000 -0400
 @@ -108,6 +108,7 @@
  #
@@ -226,7 +258,7 @@
  
  # Same for apm/acpid scripts
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.13/domains/program/unused/auditd.te
---- nsapolicy/domains/program/unused/auditd.te	2005-04-25 14:48:58.000000000 -0400
+--- nsapolicy/domains/program/unused/auditd.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/auditd.te	2005-04-25 15:18:00.000000000 -0400
 @@ -2,6 +2,8 @@
  #
@@ -267,7 +299,7 @@
 +allow auditd_t self:process setsched;
 +dontaudit auditctl_t init_t:fd use; 
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cardmgr.te policy-1.23.13/domains/program/unused/cardmgr.te
---- nsapolicy/domains/program/unused/cardmgr.te	2005-02-24 14:51:07.000000000 -0500
+--- nsapolicy/domains/program/unused/cardmgr.te	2005-04-27 10:28:49.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/cardmgr.te	2005-04-26 09:57:58.000000000 -0400
 @@ -61,7 +61,9 @@
  allow cardmgr_t proc_t:file { getattr read ioctl };
@@ -281,7 +313,7 @@
  allow cardmgr_t ttyfile:chr_file getattr;
  dontaudit cardmgr_t ptyfile:chr_file getattr;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/clamav.te policy-1.23.13/domains/program/unused/clamav.te
---- nsapolicy/domains/program/unused/clamav.te	2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/domains/program/unused/clamav.te	2005-04-27 10:28:50.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/clamav.te	2005-04-25 15:18:00.000000000 -0400
 @@ -22,7 +22,7 @@
  # Freshclam
@@ -293,7 +325,7 @@
  
  # not sure why it needs this
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/consoletype.te policy-1.23.13/domains/program/unused/consoletype.te
---- nsapolicy/domains/program/unused/consoletype.te	2005-03-21 22:32:18.000000000 -0500
+--- nsapolicy/domains/program/unused/consoletype.te	2005-04-27 10:28:50.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/consoletype.te	2005-04-25 15:18:00.000000000 -0400
 @@ -19,29 +19,28 @@
  uses_shlib(consoletype_t)
@@ -332,7 +364,7 @@
  allow consoletype_t sysadm_t:fifo_file rw_file_perms;
  
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.13/domains/program/unused/cups.te
---- nsapolicy/domains/program/unused/cups.te	2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/domains/program/unused/cups.te	2005-04-27 10:28:50.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/cups.te	2005-04-25 15:18:00.000000000 -0400
 @@ -17,6 +17,7 @@
  type cupsd_rw_etc_t, file_type, sysadmfile, usercanread;
@@ -351,7 +383,7 @@
  can_tcp_connect(cupsd_config_t, cupsd_t)
  allow cupsd_config_t self:fifo_file rw_file_perms;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.23.13/domains/program/unused/cyrus.te
---- nsapolicy/domains/program/unused/cyrus.te	2005-03-24 08:58:26.000000000 -0500
+--- nsapolicy/domains/program/unused/cyrus.te	2005-04-27 10:28:50.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/cyrus.te	2005-04-26 11:29:42.000000000 -0400
 @@ -15,8 +15,6 @@
  allow cyrus_t self:capability { dac_override net_bind_service setgid setuid sys_resource };
@@ -378,7 +410,7 @@
  ')
  allow cyrus_t mail_port_t:tcp_socket name_bind;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.13/domains/program/unused/hald.te
---- nsapolicy/domains/program/unused/hald.te	2005-04-07 22:22:55.000000000 -0400
+--- nsapolicy/domains/program/unused/hald.te	2005-04-27 10:28:51.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/hald.te	2005-04-25 15:18:00.000000000 -0400
 @@ -93,3 +93,7 @@
  ifdef(`lvm.te', `
@@ -389,7 +421,7 @@
 +allow hald_t unconfined_t:dbus send_msg;
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.13/domains/program/unused/hotplug.te
---- nsapolicy/domains/program/unused/hotplug.te	2005-03-11 15:31:06.000000000 -0500
+--- nsapolicy/domains/program/unused/hotplug.te	2005-04-27 10:28:51.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/hotplug.te	2005-04-25 15:18:00.000000000 -0400
 @@ -83,7 +83,9 @@
  allow hotplug_t self:file getattr;
@@ -412,9 +444,32 @@
 -')
 -
  allow kernel_t hotplug_etc_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.13/domains/program/unused/NetworkManager.te
+--- nsapolicy/domains/program/unused/NetworkManager.te	2005-04-27 10:28:49.000000000 -0400
++++ policy-1.23.13/domains/program/unused/NetworkManager.te	2005-04-27 16:52:07.000000000 -0400
+@@ -35,11 +35,14 @@
+ #
+ # Communicate with Caching Name Server
+ #
++ifdef(`named.te', `
+ allow NetworkManager_t named_zone_t:dir search;
+ rw_dir_create_file(NetworkManager_t, named_cache_t)
+ domain_auto_trans(NetworkManager_t, named_exec_t, named_t)
+ allow named_t NetworkManager_t:udp_socket { read write };
++allow named_t NetworkManager_t:netlink_route_socket { read write };
+ allow NetworkManager_t named_t:process signal;
++')
+ 
+ allow NetworkManager_t selinux_config_t:dir search;
+ allow NetworkManager_t selinux_config_t:file { getattr read };
+@@ -87,3 +90,4 @@
+ domain_auto_trans(NetworkManager_t, insmod_exec_t, insmod_t)
+ allow NetworkManager_t self:netlink_route_socket r_netlink_socket_perms;
+ 
++domain_auto_trans(NetworkManager_t, initrc_exec_t, initrc_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.23.13/domains/program/unused/ntpd.te
---- nsapolicy/domains/program/unused/ntpd.te	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.13/domains/program/unused/ntpd.te	2005-04-25 15:18:00.000000000 -0400
+--- nsapolicy/domains/program/unused/ntpd.te	2005-04-27 10:28:52.000000000 -0400
++++ policy-1.23.13/domains/program/unused/ntpd.te	2005-04-27 08:00:35.000000000 -0400
 @@ -14,7 +14,6 @@
  
  type ntpdate_exec_t, file_type, sysadmfile, exec_type;
@@ -423,6 +478,15 @@
  
  logdir_domain(ntpd)
  
+@@ -26,7 +25,7 @@
+ allow ntpd_t ntp_drift_t:file create_file_perms;
+ 
+ # for SSP
+-allow ntpd_t urandom_device_t:chr_file read;
++allow ntpd_t urandom_device_t:chr_file { getattr read };
+ 
+ allow ntpd_t self:capability { kill setgid setuid sys_time net_bind_service ipc_lock sys_chroot };
+ dontaudit ntpd_t self:capability { net_admin };
 @@ -45,6 +44,7 @@
  allow ntpd_t ntp_port_t:tcp_socket name_connect;
  can_ypbind(ntpd_t)
@@ -431,13 +495,15 @@
  allow ntpd_t self:unix_dgram_socket create_socket_perms;
  allow ntpd_t self:unix_stream_socket create_socket_perms;
  allow ntpd_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -85,4 +85,3 @@
+@@ -85,4 +85,5 @@
  allow ntpd_t winbind_var_run_t:dir r_dir_perms;
  allow ntpd_t winbind_var_run_t:sock_file rw_file_perms;
  ')
 -allow sysadm_t ntp_port_t:udp_socket name_bind;
++# For clock devices like wwvb1
++allow ntpd_t device_t:lnk_file read;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.23.13/domains/program/unused/portmap.te
---- nsapolicy/domains/program/unused/portmap.te	2005-03-24 08:58:27.000000000 -0500
+--- nsapolicy/domains/program/unused/portmap.te	2005-04-27 10:28:52.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/portmap.te	2005-04-25 15:18:00.000000000 -0400
 @@ -58,13 +58,14 @@
  domain_auto_trans(initrc_t, portmap_helper_exec_t, portmap_helper_t)
@@ -457,7 +523,7 @@
  allow portmap_helper_t reserved_port_t:{ tcp_socket udp_socket } name_bind;
  dontaudit portmap_helper_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.23.13/domains/program/unused/samba.te
---- nsapolicy/domains/program/unused/samba.te	2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/program/unused/samba.te	2005-04-27 10:28:52.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/samba.te	2005-04-25 15:18:58.000000000 -0400
 @@ -133,6 +133,7 @@
  # Access samba config
@@ -467,8 +533,20 @@
  
  # Write samba log
  allow smbmount_t samba_log_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.23.13/domains/program/unused/snmpd.te
+--- nsapolicy/domains/program/unused/snmpd.te	2005-04-27 10:28:53.000000000 -0400
++++ policy-1.23.13/domains/program/unused/snmpd.te	2005-04-26 15:34:21.000000000 -0400
+@@ -37,7 +37,7 @@
+ allow snmpd_t self:unix_stream_socket create_socket_perms;
+ allow snmpd_t etc_t:lnk_file read;
+ allow snmpd_t { etc_t etc_runtime_t }:file r_file_perms;
+-allow snmpd_t urandom_device_t:chr_file read;
++allow snmpd_t { random_device_t urandom_device_t }:chr_file { getattr read };
+ allow snmpd_t self:capability { dac_override kill net_bind_service net_admin sys_nice sys_tty_config };
+ 
+ allow snmpd_t proc_t:dir search;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.23.13/domains/program/unused/squid.te
---- nsapolicy/domains/program/unused/squid.te	2005-04-04 10:21:11.000000000 -0400
+--- nsapolicy/domains/program/unused/squid.te	2005-04-27 10:28:53.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/squid.te	2005-04-25 15:18:00.000000000 -0400
 @@ -55,9 +55,7 @@
  can_network(squid_t)
@@ -482,7 +560,7 @@
  can_tcp_connect(web_client_domain, squid_t)
  
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/tinydns.te policy-1.23.13/domains/program/unused/tinydns.te
---- nsapolicy/domains/program/unused/tinydns.te	2005-02-24 14:51:08.000000000 -0500
+--- nsapolicy/domains/program/unused/tinydns.te	2005-04-27 10:28:53.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/tinydns.te	2005-04-25 15:18:00.000000000 -0400
 @@ -36,7 +36,7 @@
  can_udp_send(domain, tinydns_t)
@@ -494,7 +572,7 @@
  #read configuration files
  r_dir_file(tinydns_t, tinydns_conf_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.23.13/domains/program/unused/udev.te
---- nsapolicy/domains/program/unused/udev.te	2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/domains/program/unused/udev.te	2005-04-27 10:28:53.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/udev.te	2005-04-25 21:41:17.000000000 -0400
 @@ -33,7 +33,7 @@
  allow udev_t self:unix_stream_socket {connectto create_stream_socket_perms};
@@ -530,7 +608,7 @@
 +unconfined_domain(udev_t) 
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.23.13/domains/program/unused/webalizer.te
---- nsapolicy/domains/program/unused/webalizer.te	2005-02-24 14:51:07.000000000 -0500
+--- nsapolicy/domains/program/unused/webalizer.te	2005-04-27 10:28:54.000000000 -0400
 +++ policy-1.23.13/domains/program/unused/webalizer.te	2005-04-25 15:18:00.000000000 -0400
 @@ -4,7 +4,7 @@
  #
@@ -542,7 +620,7 @@
  system_crond_entry(webalizer_exec_t,webalizer_t)
  role system_r types webalizer_t;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.13/domains/user.te
---- nsapolicy/domains/user.te	2005-04-14 15:01:53.000000000 -0400
+--- nsapolicy/domains/user.te	2005-04-27 10:28:48.000000000 -0400
 +++ policy-1.23.13/domains/user.te	2005-04-25 15:18:00.000000000 -0400
 @@ -132,3 +132,10 @@
  # "ps aux" and "ls -l /dev/pts" make too much noise without this
@@ -578,14 +656,14 @@
 +')
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/compat.fc policy-1.23.13/file_contexts/program/compat.fc
 --- nsapolicy/file_contexts/program/compat.fc	2005-04-20 08:58:41.000000000 -0400
-+++ policy-1.23.13/file_contexts/program/compat.fc	2005-04-25 15:18:00.000000000 -0400
++++ policy-1.23.13/file_contexts/program/compat.fc	2005-04-27 17:13:39.000000000 -0400
 @@ -1,19 +1,23 @@
 +ifdef(`setfiles.te', `', `
  # setfiles
  /usr/sbin/setfiles.*	--	system_u:object_r:setfiles_exec_t
 +')
  
-+ifdef(`mout.te', `', `
++ifdef(`mount.te', `', `
  # mount
  /bin/mount.*			--	system_u:object_r:mount_exec_t
  /bin/umount.*			--	system_u:object_r:mount_exec_t
@@ -636,6 +714,18 @@
  /etc/mgetty(/.*)?		system_u:object_r:getty_etc_t
 +/var/run/mgetty\.pid.*	--	system_u:object_r:getty_var_run_t
 +/var/log/mgetty\.log.*	--	system_u:object_r:getty_log_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/i18n_input.fc policy-1.23.13/file_contexts/program/i18n_input.fc
+--- nsapolicy/file_contexts/program/i18n_input.fc	2005-04-25 14:48:59.000000000 -0400
++++ policy-1.23.13/file_contexts/program/i18n_input.fc	2005-04-27 10:30:39.000000000 -0400
+@@ -4,5 +4,8 @@
+ /usr/bin/iiimd		        --     system_u:object_r:i18n_input_exec_t
+ /usr/bin/httx                   --     system_u:object_r:i18n_input_exec_t
+ /usr/bin/htt_xbe                --     system_u:object_r:i18n_input_exec_t
++/usr/bin/iiimx                  --     system_u:object_r:i18n_input_exec_t
++/usr/lib/iiim/iiim-xbe          --     system_u:object_r:i18n_input_exec_t
+ /usr/lib(64)?/im/.*\.so.*       --     system_u:object_r:shlib_t
++/usr/lib(64)?/iiim/.*\.so.*     --     system_u:object_r:shlib_t
+ /var/run/iiim(/.*)?		       system_u:object_r:i18n_input_var_run_t
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/lvm.fc policy-1.23.13/file_contexts/program/lvm.fc
 --- nsapolicy/file_contexts/program/lvm.fc	2005-04-20 15:40:35.000000000 -0400
 +++ policy-1.23.13/file_contexts/program/lvm.fc	2005-04-25 15:41:19.000000000 -0400
@@ -706,7 +796,7 @@
  #
  /initrd			-d	system_u:object_r:root_t
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.13/macros/base_user_macros.te
---- nsapolicy/macros/base_user_macros.te	2005-04-14 15:01:54.000000000 -0400
+--- nsapolicy/macros/base_user_macros.te	2005-04-27 10:28:54.000000000 -0400
 +++ policy-1.23.13/macros/base_user_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -317,7 +317,7 @@
  allow $1_t devtty_t:chr_file rw_file_perms;
@@ -718,7 +808,7 @@
  # Added to allow reading of cdrom
  #
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.23.13/macros/core_macros.te
---- nsapolicy/macros/core_macros.te	2005-04-06 06:57:44.000000000 -0400
+--- nsapolicy/macros/core_macros.te	2005-04-27 10:28:54.000000000 -0400
 +++ policy-1.23.13/macros/core_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -361,6 +361,7 @@
  # Get the selinuxfs mount point via /proc/self/mounts.
@@ -729,7 +819,7 @@
  allow $1 self:file { getattr read };
  # Access selinuxfs.
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.13/macros/global_macros.te
---- nsapolicy/macros/global_macros.te	2005-04-14 15:01:54.000000000 -0400
+--- nsapolicy/macros/global_macros.te	2005-04-27 10:28:54.000000000 -0400
 +++ policy-1.23.13/macros/global_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -406,8 +406,19 @@
  
@@ -760,7 +850,7 @@
  
  # Create/access any System V IPC objects.
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/cdrecord_macros.te policy-1.23.13/macros/program/cdrecord_macros.te
---- nsapolicy/macros/program/cdrecord_macros.te	2005-02-24 14:51:09.000000000 -0500
+--- nsapolicy/macros/program/cdrecord_macros.te	2005-04-27 10:28:54.000000000 -0400
 +++ policy-1.23.13/macros/program/cdrecord_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -40,7 +40,7 @@
  allow $1_cdrecord_t etc_t:file { getattr read };
@@ -772,7 +862,7 @@
  
  # allow cdrecord to write the CD
 diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.13/macros/program/mozilla_macros.te
---- nsapolicy/macros/program/mozilla_macros.te	2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/macros/program/mozilla_macros.te	2005-04-27 10:28:55.000000000 -0400
 +++ policy-1.23.13/macros/program/mozilla_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -32,7 +32,7 @@
  file_browse_domain($1_mozilla_t)
@@ -810,7 +900,7 @@
  system_r:rshd_t		system_r:unconfined_t
  system_r:crond_t	system_r:unconfined_t
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/compat.te policy-1.23.13/targeted/domains/program/compat.te
---- nsapolicy/targeted/domains/program/compat.te	2005-04-25 14:48:59.000000000 -0400
+--- nsapolicy/targeted/domains/program/compat.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/compat.te	2005-04-26 11:45:35.000000000 -0400
 @@ -1,8 +1,3 @@
 -typealias sbin_t alias setfiles_exec_t;
@@ -823,7 +913,7 @@
 -typealias sbin_t alias kudzu_exec_t;
 +typealias bin_t alias loadkeys_exec_t;
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.23.13/targeted/domains/program/crond.te
---- nsapolicy/targeted/domains/program/crond.te	2005-03-11 15:31:07.000000000 -0500
+--- nsapolicy/targeted/domains/program/crond.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/crond.te	2005-04-26 08:38:04.000000000 -0400
 @@ -18,7 +18,6 @@
  type system_cron_spool_t, file_type, sysadmfile;
@@ -839,7 +929,7 @@
  allow crond_t unconfined_t:process transition;
 +var_run_domain(crond)
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.23.13/targeted/domains/program/hotplug.te
---- nsapolicy/targeted/domains/program/hotplug.te	2005-03-11 15:31:07.000000000 -0500
+--- nsapolicy/targeted/domains/program/hotplug.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/hotplug.te	1969-12-31 19:00:00.000000000 -0500
 @@ -1,17 +0,0 @@
 -#DESC Hotplug - Hardware event manager
@@ -860,7 +950,7 @@
 -typealias var_run_t alias hotplug_var_run_t;
 -typealias etc_t alias hotplug_etc_t;
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/sendmail.te policy-1.23.13/targeted/domains/program/sendmail.te
---- nsapolicy/targeted/domains/program/sendmail.te	2005-02-24 14:51:10.000000000 -0500
+--- nsapolicy/targeted/domains/program/sendmail.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/sendmail.te	2005-04-25 16:05:32.000000000 -0400
 @@ -12,6 +12,7 @@
  #
@@ -872,7 +962,7 @@
 +var_run_domain(sendmail)
 +
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/udev.te policy-1.23.13/targeted/domains/program/udev.te
---- nsapolicy/targeted/domains/program/udev.te	2005-02-24 14:51:10.000000000 -0500
+--- nsapolicy/targeted/domains/program/udev.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/udev.te	1969-12-31 19:00:00.000000000 -0500
 @@ -1,17 +0,0 @@
 -#DESC udev - Linux configurable dynamic device naming support
@@ -893,7 +983,7 @@
 -type udev_tdb_t, file_type, sysadmfile, dev_fs;
 -typealias udev_tdb_t alias udev_tbl_t;
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/xdm.te policy-1.23.13/targeted/domains/program/xdm.te
---- nsapolicy/targeted/domains/program/xdm.te	2005-03-15 08:02:24.000000000 -0500
+--- nsapolicy/targeted/domains/program/xdm.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/program/xdm.te	2005-04-25 15:18:00.000000000 -0400
 @@ -20,3 +20,4 @@
  type xdm_var_lib_t, file_type, sysadmfile;
@@ -901,7 +991,7 @@
  domain_auto_trans(initrc_t, xdm_exec_t, xdm_t)
 +domain_auto_trans(init_t, xdm_exec_t, xdm_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.23.13/targeted/domains/unconfined.te
---- nsapolicy/targeted/domains/unconfined.te	2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/targeted/domains/unconfined.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/targeted/domains/unconfined.te	2005-04-25 15:18:00.000000000 -0400
 @@ -15,7 +15,7 @@
  # Define some type aliases to help with compatibility with
@@ -1010,7 +1100,7 @@
  # Allow xinetd to run unconfined, including any services it starts
  # that do not have a domain transition explicitly defined.
 diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.13/types/network.te
---- nsapolicy/types/network.te	2005-04-20 15:40:35.000000000 -0400
+--- nsapolicy/types/network.te	2005-04-27 10:28:56.000000000 -0400
 +++ policy-1.23.13/types/network.te	2005-04-25 15:18:00.000000000 -0400
 @@ -31,6 +31,7 @@
  type http_cache_port_t, port_type, reserved_port_type;


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.291
retrieving revision 1.292
diff -u -r1.291 -r1.292
--- selinux-policy-strict.spec	26 Apr 2005 16:12:27 -0000	1.291
+++ selinux-policy-strict.spec	27 Apr 2005 21:31:43 -0000	1.292
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.23.13
-Release: 3
+Release: 4
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,6 +220,10 @@
 exit 0
 
 %changelog
+* Wed Apr 27 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-4
+- Update to fix smtp random device access
+- Add i18n_input changes from Akira TAGOH
+
 * Tue Apr 26 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-3
 - Fix turboprint/cups integration
 


--- policy-20050309.patch DELETED ---


--- policy-20050311.patch DELETED ---


--- policy-20050317.patch DELETED ---


--- policy-20050322.patch DELETED ---




More information about the fedora-cvs-commits mailing list