rpms/selinux-policy/devel policy-20051114.patch, 1.24, 1.25 selinux-policy.spec, 1.33, 1.34 setrans-mls.conf, 1.1, 1.2

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Dec 8 20:33:32 UTC 2005 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv3416

Modified Files:
	policy-20051114.patch selinux-policy.spec setrans-mls.conf 
Log Message:
* Thu Dec  8 2005 Dan Walsh <dwalsh at redhat.com> 2.1.0-3
- Change setrans-mls to use new libsetrans
- Add default_context rule for xdm


policy-20051114.patch:
 Makefile                                       |    7 -----
 Rules.modular                                  |    7 +++++
 Rules.monolithic                               |    7 ++++-
 config/appconfig-targeted-mcs/default_contexts |    1 
 policy/modules/admin/su.if                     |    3 ++
 policy/modules/kernel/filesystem.te            |    1 
 policy/modules/services/canna.te               |    1 
 policy/modules/services/cups.te                |    1 
 policy/modules/services/dbus.te                |    2 -
 policy/modules/services/ftp.te                 |    3 ++
 policy/modules/services/hal.te                 |   13 ++++++++--
 policy/modules/services/mta.te                 |    9 -------
 policy/modules/services/nis.if                 |    2 +
 policy/modules/services/sasl.te                |    4 ++-
 policy/modules/services/spamassassin.te        |    1 
 policy/modules/services/xdm.te                 |    8 ++----
 policy/modules/system/hostname.te              |    1 
 policy/modules/system/init.if                  |   31 -------------------------
 policy/modules/system/libraries.fc             |    8 ++++--
 policy/modules/system/libraries.te             |    8 +-----
 policy/modules/system/locallogin.te            |    7 -----
 policy/modules/system/mount.te                 |    5 ----
 22 files changed, 53 insertions(+), 77 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- policy-20051114.patch	8 Dec 2005 17:04:27 -0000	1.24
+++ policy-20051114.patch	8 Dec 2005 20:33:17 -0000	1.25
@@ -1,7 +1,14 @@
-Binary files nsaserefpolicy/base.pp and serefpolicy-2.1.0/base.pp differ
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_contexts serefpolicy-2.1.0/config/appconfig-targeted-mcs/default_contexts
+--- nsaserefpolicy/config/appconfig-targeted-mcs/default_contexts	2005-11-14 18:24:05.000000000 -0500
++++ serefpolicy-2.1.0/config/appconfig-targeted-mcs/default_contexts	2005-12-08 15:30:35.000000000 -0500
+@@ -1,3 +1,4 @@
++system_r:xdm_t:s0		system_r:unconfined_t:s0
+ system_r:unconfined_t:s0	system_r:unconfined_t:s0
+ system_r:initrc_t:s0		system_r:unconfined_t:s0
+ system_r:local_login_t:s0	system_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.0/Makefile
 --- nsaserefpolicy/Makefile	2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.0/Makefile	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/Makefile	2005-12-08 15:28:11.000000000 -0500
 @@ -92,7 +92,7 @@
  
  # enable MLS if requested.
@@ -25,7 +32,7 @@
  	$(QUIET) install -m 644 $< $@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.1.0/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2005-11-29 18:36:30.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/admin/su.if	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/admin/su.if	2005-12-08 15:28:11.000000000 -0500
 @@ -50,6 +50,9 @@
  	selinux_compute_relabel_context($1_su_t)
  	selinux_compute_user_contexts($1_su_t)
@@ -38,7 +45,7 @@
  	auth_use_nsswitch($1_su_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.1.0/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2005-11-25 08:11:10.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/kernel/filesystem.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/kernel/filesystem.te	2005-12-08 15:28:11.000000000 -0500
 @@ -25,6 +25,7 @@
  fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
  fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t,s0);
@@ -49,7 +56,7 @@
  # types, and label the filesystem itself with the specified context.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-2.1.0/policy/modules/services/canna.te
 --- nsaserefpolicy/policy/modules/services/canna.te	2005-12-06 19:49:49.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/canna.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/canna.te	2005-12-08 15:28:11.000000000 -0500
 @@ -47,7 +47,6 @@
  
  kernel_read_kernel_sysctl(canna_t)
@@ -60,7 +67,7 @@
  corenet_raw_sendrecv_all_if(canna_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.1.0/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/cups.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/cups.te	2005-12-08 15:28:11.000000000 -0500
 @@ -471,6 +471,7 @@
  # Cups configuration daemon local policy
  #
@@ -71,7 +78,7 @@
  allow cupsd_config_t self:process signal_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.1.0/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/dbus.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/dbus.te	2005-12-08 15:28:11.000000000 -0500
 @@ -32,7 +32,7 @@
  # cjp: dac_override should probably go in a distro_debian
  allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
@@ -83,7 +90,7 @@
  allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.1.0/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/ftp.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/ftp.te	2005-12-08 15:28:11.000000000 -0500
 @@ -105,6 +105,9 @@
  
  domain_use_wide_inherit_fd(ftpd_t)
@@ -96,7 +103,7 @@
  files_read_etc_runtime_files(ftpd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.0/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/hal.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/hal.te	2005-12-08 15:28:11.000000000 -0500
 @@ -23,11 +23,13 @@
  
  allow hald_t self:capability { net_admin sys_admin dac_override dac_read_search mknod sys_rawio };
@@ -137,7 +144,7 @@
  	dbus_send_system_bus_msg(hald_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.1.0/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/mta.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/mta.te	2005-12-08 15:28:11.000000000 -0500
 @@ -57,15 +57,6 @@
  
  userdom_use_sysadm_terms(system_mail_t)
@@ -156,7 +163,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.1.0/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/nis.if	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/nis.if	2005-12-08 15:28:11.000000000 -0500
 @@ -150,8 +150,10 @@
  interface(`nis_signal_ypbind',`
  	gen_require(`
@@ -170,7 +177,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.1.0/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2005-12-06 19:49:51.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/sasl.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/sasl.te	2005-12-08 15:28:11.000000000 -0500
 @@ -18,6 +18,7 @@
  # Local policy
  #
@@ -193,7 +200,7 @@
  init_use_script_pty(saslauthd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.1.0/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2005-12-06 19:49:51.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/spamassassin.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/spamassassin.te	2005-12-08 15:28:11.000000000 -0500
 @@ -73,6 +73,7 @@
  corenet_tcp_bind_all_nodes(spamd_t)
  corenet_udp_bind_all_nodes(spamd_t)
@@ -204,7 +211,7 @@
  dev_read_urand(spamd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xdm.te serefpolicy-2.1.0/policy/modules/services/xdm.te
 --- nsaserefpolicy/policy/modules/services/xdm.te	2005-11-25 08:11:12.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/services/xdm.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/services/xdm.te	2005-12-08 15:28:11.000000000 -0500
 @@ -6,11 +6,7 @@
  # Declarations
  #
@@ -229,7 +236,7 @@
  	files_create_lock(xdm_t,xdm_lock_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.1.0/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2005-11-25 08:11:12.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/hostname.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/hostname.te	2005-12-08 15:28:11.000000000 -0500
 @@ -22,7 +22,6 @@
  allow hostname_t self:unix_stream_socket create_stream_socket_perms;
  dontaudit hostname_t self:capability sys_tty_config;
@@ -240,7 +247,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.1.0/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2005-12-05 22:35:03.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/init.if	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/init.if	2005-12-08 15:28:11.000000000 -0500
 @@ -31,18 +31,6 @@
  	allow init_t $1:fd use;
  	allow $1 init_t:fifo_file rw_file_perms;
@@ -295,7 +302,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.0/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2005-12-02 17:53:27.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/libraries.fc	2005-12-08 09:48:35.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/libraries.fc	2005-12-08 15:28:11.000000000 -0500
 @@ -62,7 +62,8 @@
  /usr/lib(64)?/im/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
  /usr/lib(64)?/iiim/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
@@ -320,7 +327,7 @@
  /usr/lib/.*/program/libvclplug_gen645li\.so --	gen_context(system_u:object_r:texrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.1.0/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2005-11-25 08:11:12.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/libraries.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/libraries.te	2005-12-08 15:28:11.000000000 -0500
 @@ -42,12 +42,8 @@
  # texrel_shlib_t is the type of shared objects in the system lib
  # directories, which require text relocation.
@@ -338,7 +345,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.1.0/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2005-11-25 08:11:12.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/locallogin.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/locallogin.te	2005-12-08 15:28:11.000000000 -0500
 @@ -168,13 +168,6 @@
  # Search for mail spool file.
  mta_getattr_spool(local_login_t)
@@ -355,7 +362,7 @@
  	unconfined_shell_domtrans(local_login_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.0/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2005-12-06 19:49:51.000000000 -0500
-+++ serefpolicy-2.1.0/policy/modules/system/mount.te	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/policy/modules/system/mount.te	2005-12-08 15:28:11.000000000 -0500
 @@ -26,7 +26,6 @@
  files_create_tmp_files(mount_t,mount_tmp_t,{ file dir })
  
@@ -377,7 +384,7 @@
  	corenet_udp_sendrecv_all_if(mount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.1.0/Rules.modular
 --- nsaserefpolicy/Rules.modular	2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.1.0/Rules.modular	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/Rules.modular	2005-12-08 15:28:11.000000000 -0500
 @@ -41,6 +41,8 @@
  
  install: $(INSTPKG) $(APPFILES)
@@ -401,7 +408,7 @@
  	$(QUIET) $(CHECKMODULE) $^ -o $@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-2.1.0/Rules.monolithic
 --- nsaserefpolicy/Rules.monolithic	2005-12-06 19:49:49.000000000 -0500
-+++ serefpolicy-2.1.0/Rules.monolithic	2005-12-07 15:58:13.000000000 -0500
++++ serefpolicy-2.1.0/Rules.monolithic	2005-12-08 15:28:11.000000000 -0500
 @@ -14,6 +14,11 @@
  
  APPFILES += $(APPDIR)/customizable_types $(INSTALLDIR)/booleans


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- selinux-policy.spec	8 Dec 2005 17:04:27 -0000	1.33
+++ selinux-policy.spec	8 Dec 2005 20:33:17 -0000	1.34
@@ -9,7 +9,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.1.0
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -236,6 +236,10 @@
 
 
 %changelog
+* Thu Dec  8 2005 Dan Walsh <dwalsh at redhat.com> 2.1.0-3
+- Change setrans-mls to use new libsetrans
+- Add default_context rule for xdm
+
 * Thu Dec  8 2005 Dan Walsh <dwalsh at redhat.com> 2.1.0-2.
 - Change Requires to PreReg for requiring of policycoreutils on install
 


Index: setrans-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/setrans-mls.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- setrans-mls.conf	21 Nov 2005 21:43:55 -0000	1.1
+++ setrans-mls.conf	8 Dec 2005 20:33:17 -0000	1.2
@@ -25,9 +25,8 @@
 
 # Secret level with compartments
 s2=Secret
-s2:c0=Secret:A
-s2:c1=Secret:B
-s2:c0,c1=Secret:AB
+s2:c0=A
+s2:c1=B
 
 # ranges for Unclassified
 s0-s1=SystemLow-Unclassified

More information about the fedora-cvs-commits mailing list