rpms/selinux-policy/devel policy-20051114.patch, 1.19, 1.20 selinux-policy.spec, 1.28, 1.29

Tue Dec 6 04:12:05 UTC 2005

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25482

Modified Files:
	policy-20051114.patch selinux-policy.spec 
Log Message:
* Fri Dec  2 2005 Dan Walsh <dwalsh at redhat.com> 2.0.9-1.
Update from upstream


policy-20051114.patch:
 Makefile                           |    7 +------
 Rules.modular                      |    7 +++++++
 Rules.monolithic                   |    5 +++++
 policy/modules/admin/rpm.te        |    3 ---
 policy/modules/services/dbus.te    |    2 +-
 policy/modules/system/authlogin.te |    1 +
 policy/modules/system/logging.te   |    2 ++
 policy/modules/system/mount.te     |    4 +---
 8 files changed, 18 insertions(+), 13 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20

--- policy-20051114.patch	6 Dec 2005 03:41:59 -0000	1.19
+++ policy-20051114.patch	6 Dec 2005 04:12:01 -0000	1.20
@@ -1,7 +1,6 @@
-Binary files nsaserefpolicy/base.pp and serefpolicy-2.0.8/base.pp differ
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.8/Makefile
---- nsaserefpolicy/Makefile	2005-12-02 17:53:25.000000000 -0500
-+++ serefpolicy-2.0.8/Makefile	2005-12-02 18:10:46.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.9/Makefile
+--- nsaserefpolicy/Makefile	2005-12-05 22:35:02.000000000 -0500
++++ serefpolicy-2.0.9/Makefile	2005-12-05 23:07:35.000000000 -0500
 @@ -92,7 +92,7 @@
  
  # enable MLS if requested.
@@ -11,9 +10,21 @@
  	override CHECKPOLICY += -M
  	override CHECKMODULE += -M
  endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.0.8/policy/modules/admin/rpm.te
+@@ -274,11 +274,6 @@
+ 	@mkdir -p $(APPDIR)
+ 	$(QUIET) install -m 644 $< $@
+ 
+-$(APPDIR)/customizable_types: policy.conf
+-	@mkdir -p $(APPDIR)
+-	$(QUIET) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
+-	$(QUIET) install -m 644 tmp/customizable_types $@ 
+-
+ $(APPDIR)/default_type: $(APPCONF)/default_type
+ 	@mkdir -p $(APPDIR)
+ 	$(QUIET) install -m 644 $< $@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.0.9/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2005-11-28 10:42:52.000000000 -0500
-+++ serefpolicy-2.0.8/policy/modules/admin/rpm.te	2005-12-02 18:10:46.000000000 -0500
++++ serefpolicy-2.0.9/policy/modules/admin/rpm.te	2005-12-05 22:38:01.000000000 -0500
 @@ -201,9 +201,6 @@
  ')
  
@@ -24,9 +35,9 @@
  # read/write/create any files in the system
  dontaudit rpm_t domain:{ socket unix_dgram_socket udp_socket unix_stream_socket tcp_socket fifo_file rawip_socket packet_socket } getattr;
  allow rpm_t ttyfile:chr_file unlink;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.0.8/policy/modules/services/dbus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.0.9/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2005-11-28 10:42:53.000000000 -0500
-+++ serefpolicy-2.0.8/policy/modules/services/dbus.te	2005-12-02 18:10:46.000000000 -0500
++++ serefpolicy-2.0.9/policy/modules/services/dbus.te	2005-12-05 22:38:01.000000000 -0500
 @@ -30,7 +30,7 @@
  
  # dac_override: /var/run/dbus is owned by messagebus on Debian
@@ -36,9 +47,9 @@
  dontaudit system_dbusd_t self:capability sys_tty_config;
  allow system_dbusd_t self:process { getattr signal_perms };
  allow system_dbusd_t self:fifo_file { read write };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.0.8/policy/modules/system/authlogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.0.9/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2005-11-28 10:42:53.000000000 -0500
-+++ serefpolicy-2.0.8/policy/modules/system/authlogin.te	2005-12-02 18:10:46.000000000 -0500
++++ serefpolicy-2.0.9/policy/modules/system/authlogin.te	2005-12-05 22:38:01.000000000 -0500
 @@ -278,6 +278,7 @@
  fs_dontaudit_getattr_xattr_fs(system_chkpwd_t)
  
@@ -47,9 +58,9 @@
  
  corecmd_search_sbin(system_chkpwd_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.0.8/policy/modules/system/logging.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.0.9/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2005-11-28 10:42:54.000000000 -0500
-+++ serefpolicy-2.0.8/policy/modules/system/logging.te	2005-12-05 13:35:13.000000000 -0500
++++ serefpolicy-2.0.9/policy/modules/system/logging.te	2005-12-05 22:38:01.000000000 -0500
 @@ -69,7 +69,9 @@
  allow auditctl_t auditd_etc_t:file r_file_perms;
  
@@ -60,9 +71,9 @@
  domain_use_wide_inherit_fd(auditctl_t)
  
  init_use_script_pty(auditctl_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.8/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.9/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2005-11-28 10:42:54.000000000 -0500
-+++ serefpolicy-2.0.8/policy/modules/system/mount.te	2005-12-02 18:10:46.000000000 -0500
++++ serefpolicy-2.0.9/policy/modules/system/mount.te	2005-12-05 22:38:01.000000000 -0500
 @@ -95,9 +95,7 @@
  
  optional_policy(`portmap',`
@@ -74,3 +85,42 @@
  	corenet_tcp_sendrecv_all_if(mount_t)
  	corenet_raw_sendrecv_all_if(mount_t)
  	corenet_udp_sendrecv_all_if(mount_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.0.9/Rules.modular
+--- nsaserefpolicy/Rules.modular	2005-11-23 10:06:37.000000000 -0500
++++ serefpolicy-2.0.9/Rules.modular	2005-12-05 23:10:27.000000000 -0500
+@@ -41,6 +41,8 @@
+ 
+ install: $(INSTPKG) $(APPFILES)
+ 
++APPFILES += $(APPDIR)/customizable_types 
++
+ ########################################
+ #
+ # Load all configured modules
+@@ -82,6 +84,11 @@
+ 	@echo "Creating $(NAME) base module package"
+ 	$(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
+ 
++$(APPDIR)/customizable_types: base.pp
++	@mkdir -p $(APPDIR)
++	$(QUIET) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
++	$(QUIET) install -m 644 tmp/customizable_types $@ 
++
+ tmp/base.mod: base.conf
+ 	@echo "Compiling $(NAME) base module"
+ 	$(QUIET) $(CHECKMODULE) $^ -o $@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-2.0.9/Rules.monolithic
+--- nsaserefpolicy/Rules.monolithic	2005-11-28 10:42:52.000000000 -0500
++++ serefpolicy-2.0.9/Rules.monolithic	2005-12-05 23:11:15.000000000 -0500
+@@ -14,6 +14,11 @@
+ 
+ APPFILES += $(APPDIR)/customizable_types $(INSTALLDIR)/booleans
+ 
++$(APPDIR)/customizable_types: policy.conf
++	@mkdir -p $(APPDIR)
++	$(QUIET) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
++	$(QUIET) install -m 644 tmp/customizable_types $@ 
++
+ # for monolithic policy use all base and module to create policy
+ ALL_MODULES := $(strip $(BASE_MODS) $(MOD_MODS))
+ 


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- selinux-policy.spec	6 Dec 2005 03:41:59 -0000	1.28
+++ selinux-policy.spec	6 Dec 2005 04:12:01 -0000	1.29
@@ -49,7 +49,7 @@
 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/policy \
 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/active \
 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/contexts/files \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=y DESTDIR=$RPM_BUILD_ROOT install-appconfig \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT install-appconfig \
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \


