rpms/selinux-policy/devel modules-targeted.conf, 1.4, 1.5 policy-20051208.patch, 1.12, 1.13 selinux-policy.spec, 1.50, 1.51
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Dec 15 03:31:59 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv30603
Modified Files:
modules-targeted.conf policy-20051208.patch
selinux-policy.spec
Log Message:
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-3
- Add java unconfined/execmem policy
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- modules-targeted.conf 13 Dec 2005 04:53:03 -0000 1.4
+++ modules-targeted.conf 15 Dec 2005 03:31:43 -0000 1.5
@@ -923,3 +923,10 @@
#
ipsec = off
+# Layer: apps
+# Module: java
+#
+# java executable
+#
+java = base
+
policy-20051208.patch:
Makefile | 2 +-
config/appconfig-strict-mcs/default_type | 6 +++---
config/appconfig-strict-mls/default_type | 6 +++---
config/appconfig-targeted-mcs/default_type | 2 +-
config/appconfig-targeted-mls/default_type | 2 +-
policy/global_tunables | 3 +++
policy/modules/apps/java.fc | 4 ++++
policy/modules/apps/java.if | 23 +++++++++++++++++++++++
policy/modules/apps/java.te | 24 ++++++++++++++++++++++++
policy/modules/apps/webalizer.te | 1 +
policy/modules/kernel/mls.te | 1 +
policy/modules/services/cvs.fc | 2 ++
policy/modules/services/cvs.te | 6 ++++++
policy/modules/services/sasl.te | 8 +++++---
policy/modules/system/authlogin.if | 12 +++++++++++-
policy/modules/system/libraries.fc | 17 ++++++++++++++++-
policy/modules/system/udev.fc | 1 +
policy/modules/system/udev.te | 3 ++-
policy/modules/system/unconfined.te | 5 ++++-
policy/users | 2 ++
20 files changed, 114 insertions(+), 16 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20051208.patch 14 Dec 2005 22:47:12 -0000 1.12
+++ policy-20051208.patch 15 Dec 2005 03:31:43 -0000 1.13
@@ -55,6 +55,69 @@
## Allow samba to modify public files
## used for public file transfer services.
gen_tunable(allow_smbd_anon_write,false)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.6/policy/modules/apps/java.fc
+--- nsaserefpolicy/policy/modules/apps/java.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.fc 2005-12-14 22:09:02.000000000 -0500
+@@ -0,0 +1,4 @@
++
++/usr/.*/java -- gen_context(system_u:object_r:java_exec_t,s0)
++/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.1.6/policy/modules/apps/java.if
+--- nsaserefpolicy/policy/modules/apps/java.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.if 2005-12-14 21:38:10.000000000 -0500
+@@ -0,0 +1,23 @@
++## <summary>Load keyboard mappings.</summary>
++
++########################################
++## <summary>
++## Execute the java program in the java domain.
++## </summary>
++## <param name="domain">
++## The type of the process performing this action.
++## </param>
++#
++interface(`java_domtrans',`
++ gen_require(`
++ type java_t, java_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domain_auto_trans($1, java_exec_t, java_t)
++
++ allow $1 java_t:fd use;
++ allow java_t $1:fd use;
++ allow java_t $1:fifo_file rw_file_perms;
++ allow java_t $1:process sigchld;
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.1.6/policy/modules/apps/java.te
+--- nsaserefpolicy/policy/modules/apps/java.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.te 2005-12-14 21:36:06.000000000 -0500
+@@ -0,0 +1,24 @@
++policy_module(java,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type java_t;
++domain_type(java_t)
++
++type java_exec_t;
++domain_entry_file(java_t,java_exec_t)
++
++
++########################################
++#
++# Local policy
++#
++
++ifdef(`targeted_policy',`
++ allow java_t self:process execmem;
++ unconfined_domain_template(java_t)
++ unconfined_domtrans(java_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.1.6/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2005-12-09 23:35:04.000000000 -0500
+++ serefpolicy-2.1.6/policy/modules/apps/webalizer.te 2005-12-14 15:54:33.000000000 -0500
@@ -217,8 +280,19 @@
kernel_signal(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.1.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-14 17:43:53.000000000 -0500
-@@ -118,7 +118,6 @@
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-14 21:39:22.000000000 -0500
+@@ -57,6 +57,10 @@
+ bluetooth_domtrans_helper(unconfined_t)
+ ')
+
++ optional_policy(`java',`
++ java_domtrans(unconfined_t)
++ ')
++
+ optional_policy(`dbus',`
+ dbus_stub(unconfined_t)
+
+@@ -118,7 +122,6 @@
optional_policy(`rpm',`
rpm_domtrans(unconfined_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- selinux-policy.spec 14 Dec 2005 22:47:12 -0000 1.50
+++ selinux-policy.spec 15 Dec 2005 03:31:43 -0000 1.51
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.6
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -242,6 +242,9 @@
%changelog
+* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-3
+- Add java unconfined/execmem policy
+
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-2
- Add file context for /var/cvs
- Dontaudit webalizer search of homedir
More information about the fedora-cvs-commits
mailing list