rpms/selinux-policy/devel policy-20051208.patch,1.10,1.11
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 14 22:25:35 UTC 2005
- Previous message (by thread): rpms/kernel-xen/devel kernel-xen.spec,1.13.2.6,1.13.2.7
- Next message (by thread): rpms/postgresql/devel pg_config.h, NONE, 1.1 .cvsignore, 1.26, 1.27 postgresql.spec, 1.58, 1.59 sources, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20595
Modified Files:
policy-20051208.patch
Log Message:
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-2
- Add file context for /var/cvs
- Dontaudit webalizer search of homedir
policy-20051208.patch:
Makefile | 2 +-
config/appconfig-strict-mcs/default_type | 6 +++---
config/appconfig-strict-mls/default_type | 6 +++---
config/appconfig-targeted-mcs/default_type | 2 +-
config/appconfig-targeted-mls/default_type | 2 +-
policy/global_tunables | 3 +++
policy/modules/apps/webalizer.te | 1 +
policy/modules/kernel/mls.te | 1 +
policy/modules/services/cvs.fc | 2 ++
policy/modules/services/cvs.te | 6 ++++++
policy/modules/services/sasl.te | 8 +++++---
policy/modules/system/authlogin.if | 12 +++++++++++-
policy/modules/system/libraries.fc | 2 +-
policy/modules/system/udev.fc | 1 +
policy/modules/system/udev.te | 3 ++-
policy/users | 2 ++
16 files changed, 44 insertions(+), 15 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20051208.patch 14 Dec 2005 22:06:38 -0000 1.10
+++ policy-20051208.patch 14 Dec 2005 22:25:29 -0000 1.11
@@ -87,18 +87,68 @@
+/opt/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.1.6/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/cvs.te 2005-12-14 17:04:59.000000000 -0500
-@@ -86,6 +86,10 @@
++++ serefpolicy-2.1.6/policy/modules/services/cvs.te 2005-12-14 17:24:39.000000000 -0500
+@@ -86,6 +86,12 @@
mta_send_mail(cvs_t)
++# cjp: typeattribute doesnt work in conditionals yet
++auth_can_read_shadow_passwords(cvs_t)
+tunable_policy(`allow_cvs_read_shadow',`
-+ auth_read_shadow(cvs_t)
++ auth_tunable_read_shadow(cvs_t)
+')
+
optional_policy(`kerberos',`
kerberos_use(cvs_t)
kerberos_read_keytab(cvs_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.1.6/policy/modules/services/sasl.te
+--- nsaserefpolicy/policy/modules/services/sasl.te 2005-12-09 23:35:06.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/sasl.te 2005-12-14 17:23:48.000000000 -0500
+@@ -88,9 +88,11 @@
+ ')
+
+ # cjp: typeattribute doesnt work in conditionals yet
+-#tunable_policy(`allow_saslauthd_read_shadow',`
+-# auth_read_shadow(saslauthd_t)
+-#')
++auth_can_read_shadow_passwords(saslauthd_t)
++
++tunable_policy(`allow_saslauthd_read_shadow',`
++ auth_tunable_read_shadow(saslauthd_t)
++')
+
+ optional_policy(`mysql',`
+ mysql_search_db_dir(saslauthd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.6/policy/modules/system/authlogin.if
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2005-12-08 15:57:16.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/authlogin.if 2005-12-14 17:23:21.000000000 -0500
+@@ -320,15 +320,25 @@
+ ## </param>
+ #
+ interface(`auth_read_shadow',`
++ auth_can_read_shadow_passwords($1)
++ auth_tunable_read_shadow($1)
++')
++interface(`auth_can_read_shadow_passwords',`
+ gen_require(`
+ attribute can_read_shadow_passwords;
++ ')
++
++ typeattribute $1 can_read_shadow_passwords;
++')
++
++interface(`auth_tunable_read_shadow',`
++ gen_require(`
+ type shadow_t;
+ class file r_file_perms;
+ ')
+
+ files_list_etc($1)
+ allow $1 shadow_t:file r_file_perms;
+- typeattribute $1 can_read_shadow_passwords;
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2005-12-14 10:38:50.000000000 -0500
+++ serefpolicy-2.1.6/policy/modules/system/libraries.fc 2005-12-14 15:54:33.000000000 -0500
- Previous message (by thread): rpms/kernel-xen/devel kernel-xen.spec,1.13.2.6,1.13.2.7
- Next message (by thread): rpms/postgresql/devel pg_config.h, NONE, 1.1 .cvsignore, 1.26, 1.27 postgresql.spec, 1.58, 1.59 sources, 1.27, 1.28
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list