rpms/selinux-policy/devel policy-20051208.patch, 1.3, 1.4 selinux-policy.spec, 1.38, 1.39
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Dec 11 17:29:18 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25158
Modified Files:
policy-20051208.patch selinux-policy.spec
Log Message:
* Sun Dec 10 2005 Dan Walsh <dwalsh at redhat.com> 2.1.2-2
- Allow unconfined_t to execmod texrel_shlib_t
policy-20051208.patch:
Makefile | 2 +-
base.pp |binary
policy/global_tunables | 6 ++++++
policy/modules/services/apache.te | 23 +++++++++++++++--------
policy/modules/services/gpm.te | 3 +--
policy/modules/services/nis.if | 2 ++
policy/modules/system/mount.te | 5 ++---
policy/modules/system/unconfined.if | 3 ++-
8 files changed, 29 insertions(+), 15 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20051208.patch 10 Dec 2005 05:19:29 -0000 1.3
+++ policy-20051208.patch 11 Dec 2005 17:29:15 -0000 1.4
@@ -1,6 +1,7 @@
+Binary files nsaserefpolicy/base.pp and serefpolicy-2.1.2/base.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.2/Makefile
--- nsaserefpolicy/Makefile 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.2/Makefile 2005-12-10 00:10:25.000000000 -0500
++++ serefpolicy-2.1.2/Makefile 2005-12-10 00:15:32.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -12,7 +13,7 @@
endif
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.1.2/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2005-12-02 17:53:25.000000000 -0500
-+++ serefpolicy-2.1.2/policy/global_tunables 2005-12-10 00:14:31.000000000 -0500
++++ serefpolicy-2.1.2/policy/global_tunables 2005-12-10 00:15:32.000000000 -0500
@@ -68,6 +68,12 @@
## Allow http daemon to tcp connect
gen_tunable(httpd_can_network_connect,false)
@@ -28,7 +29,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.1.2/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.2/policy/modules/services/apache.te 2005-12-10 00:10:25.000000000 -0500
++++ serefpolicy-2.1.2/policy/modules/services/apache.te 2005-12-10 00:15:32.000000000 -0500
@@ -226,14 +226,6 @@
corenet_udp_bind_all_nodes(httpd_t)
corenet_tcp_bind_http_port(httpd_t)
@@ -66,9 +67,22 @@
tunable_policy(`httpd_can_network_connect',`
allow httpd_t self:tcp_socket create_socket_perms;
allow httpd_t self:udp_socket create_socket_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-2.1.2/policy/modules/services/gpm.te
+--- nsaserefpolicy/policy/modules/services/gpm.te 2005-12-09 23:35:05.000000000 -0500
++++ serefpolicy-2.1.2/policy/modules/services/gpm.te 2005-12-11 12:21:37.000000000 -0500
+@@ -91,8 +91,7 @@
+ udev_read_db(gpm_t)
+ ')
+
+-ifdef(`TODO',`
+ # Access the mouse.
+ # cjp: why write?
++#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175450
+ allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
+-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.1.2/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2005-12-06 19:49:50.000000000 -0500
-+++ serefpolicy-2.1.2/policy/modules/services/nis.if 2005-12-10 00:10:25.000000000 -0500
++++ serefpolicy-2.1.2/policy/modules/services/nis.if 2005-12-10 00:15:32.000000000 -0500
@@ -150,8 +150,10 @@
interface(`nis_signal_ypbind',`
gen_require(`
@@ -82,7 +96,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.2/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.2/policy/modules/system/mount.te 2005-12-10 00:10:25.000000000 -0500
++++ serefpolicy-2.1.2/policy/modules/system/mount.te 2005-12-10 00:15:32.000000000 -0500
@@ -47,6 +47,7 @@
fs_use_tmpfs_chr_dev(mount_t)
@@ -102,3 +116,23 @@
corenet_tcp_sendrecv_all_if(mount_t)
corenet_raw_sendrecv_all_if(mount_t)
corenet_udp_sendrecv_all_if(mount_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.1.2/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2005-12-02 17:53:54.000000000 -0500
++++ serefpolicy-2.1.2/policy/modules/system/unconfined.if 2005-12-11 12:14:08.000000000 -0500
+@@ -29,6 +29,8 @@
+ allow $1 self:dbus *;
+ allow $1 self:passwd *;
+
++ libs_use_shared_libs($1)
++
+ kernel_unconfined($1)
+ corenet_unconfined($1)
+ dev_unconfined($1)
+@@ -79,7 +81,6 @@
+ if (allow_execmod) {
+ ifdef(`targeted_policy', `', `
+ # Allow text relocations on system shared libraries, e.g. libGL.
+- allow $1 texrel_shlib_t:file execmod;
+ allow $1 home_type:file execmod;
+ ')
+ }
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- selinux-policy.spec 10 Dec 2005 05:19:29 -0000 1.38
+++ selinux-policy.spec 11 Dec 2005 17:29:15 -0000 1.39
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.2
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -240,6 +240,9 @@
%changelog
+* Sun Dec 10 2005 Dan Walsh <dwalsh at redhat.com> 2.1.2-2
+- Allow unconfined_t to execmod texrel_shlib_t
+
* Sat Dec 9 2005 Dan Walsh <dwalsh at redhat.com> 2.1.2-1
- Update to upstream
- Turn off allow_execmem and allow_execmod booleans
More information about the fedora-cvs-commits
mailing list