rpms/selinux-policy/devel policy-20051208.patch, 1.14, 1.15 selinux-policy.spec, 1.52, 1.53
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 16 14:39:22 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9742
Modified Files:
policy-20051208.patch selinux-policy.spec
Log Message:
* Thu Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-5
- Add sids back in
- Rebuild with update checkpolicy
policy-20051208.patch:
Makefile | 2 -
config/appconfig-strict-mcs/default_type | 6 +--
config/appconfig-strict-mls/default_type | 6 +--
config/appconfig-targeted-mcs/default_type | 2 -
config/appconfig-targeted-mls/default_type | 2 -
policy/global_tunables | 3 +
policy/modules/admin/kudzu.te | 2 +
policy/modules/admin/logrotate.te | 4 ++
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 7 ++++
policy/modules/admin/tmpreaper.te | 3 +
policy/modules/apps/java.fc | 4 ++
policy/modules/apps/java.if | 23 +++++++++++++++
policy/modules/apps/java.te | 24 +++++++++++++++
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corenetwork.te.in | 2 +
policy/modules/kernel/devices.fc | 9 +++--
policy/modules/kernel/files.fc | 24 +++++++--------
policy/modules/kernel/kernel.te | 44 ++++++++++++++---------------
policy/modules/kernel/mls.te | 2 +
policy/modules/kernel/selinux.te | 2 -
policy/modules/kernel/storage.fc | 44 ++++++++++++++---------------
policy/modules/services/automount.te | 9 ++++-
policy/modules/services/cvs.fc | 2 +
policy/modules/services/cvs.te | 6 +++
policy/modules/services/remotelogin.te | 1
policy/modules/services/sasl.te | 8 +++--
policy/modules/services/ssh.te | 10 +++---
policy/modules/system/authlogin.if | 12 +++++++
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3 +
policy/modules/system/iptables.te | 2 +
policy/modules/system/libraries.fc | 17 ++++++++++-
policy/modules/system/locallogin.te | 1
policy/modules/system/logging.fc | 4 +-
policy/modules/system/logging.te | 5 +++
policy/modules/system/selinuxutil.fc | 8 ++---
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 3 +
policy/modules/system/unconfined.te | 5 ++-
policy/users | 8 +++--
41 files changed, 231 insertions(+), 92 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- policy-20051208.patch 15 Dec 2005 23:19:08 -0000 1.14
+++ policy-20051208.patch 16 Dec 2005 14:39:19 -0000 1.15
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/default_type serefpolicy-2.1.6/config/appconfig-strict-mcs/default_type
--- nsaserefpolicy/config/appconfig-strict-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/config/appconfig-strict-mcs/default_type 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/config/appconfig-strict-mcs/default_type 2005-12-16 09:28:14.000000000 -0500
@@ -1,3 +1,3 @@
-sysadm_r:sysadm_t:s0
-staff_r:staff_t:s0
@@ -10,7 +10,7 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.1.6/config/appconfig-strict-mls/default_type
--- nsaserefpolicy/config/appconfig-strict-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/config/appconfig-strict-mls/default_type 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/config/appconfig-strict-mls/default_type 2005-12-16 09:28:14.000000000 -0500
@@ -1,3 +1,3 @@
-sysadm_r:sysadm_t:s0
-staff_r:staff_t:s0
@@ -20,19 +20,19 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-2.1.6/config/appconfig-targeted-mcs/default_type
--- nsaserefpolicy/config/appconfig-targeted-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/config/appconfig-targeted-mcs/default_type 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/config/appconfig-targeted-mcs/default_type 2005-12-16 09:28:14.000000000 -0500
@@ -1 +1 @@
-system_r:unconfined_t:s0
+system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/default_type serefpolicy-2.1.6/config/appconfig-targeted-mls/default_type
--- nsaserefpolicy/config/appconfig-targeted-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/config/appconfig-targeted-mls/default_type 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/config/appconfig-targeted-mls/default_type 2005-12-16 09:28:14.000000000 -0500
@@ -1 +1 @@
-system_r:unconfined_t:s0
+system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.6/Makefile
--- nsaserefpolicy/Makefile 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/Makefile 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/Makefile 2005-12-16 09:28:14.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -42,40 +42,9 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/initial_sids serefpolicy-2.1.6/policy/flask/initial_sids
---- nsaserefpolicy/policy/flask/initial_sids 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/flask/initial_sids 2005-12-15 11:59:25.000000000 -0500
-@@ -9,27 +9,10 @@
- sid unlabeled
- sid fs
- sid file
--sid file_labels
--sid init
--sid any_socket
- sid port
- sid netif
--sid netmsg
- sid node
--sid igmp_packet
--sid icmp_socket
--sid tcp_socket
--sid sysctl_modprobe
- sid sysctl
--sid sysctl_fs
--sid sysctl_kernel
--sid sysctl_net
--sid sysctl_net_unix
--sid sysctl_vm
--sid sysctl_dev
--sid kmod
--sid policy
--sid scmp_packet
- sid devnull
-
- # FLASK
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.1.6/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2005-12-12 23:05:35.000000000 -0500
-+++ serefpolicy-2.1.6/policy/global_tunables 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/global_tunables 2005-12-16 09:28:14.000000000 -0500
@@ -42,6 +42,9 @@
## Allow sasl to read shadow
gen_tunable(allow_saslauthd_read_shadow,false)
@@ -88,7 +57,7 @@
gen_tunable(allow_smbd_anon_write,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.1.6/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/admin/kudzu.te 2005-12-15 15:43:51.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/admin/kudzu.te 2005-12-16 09:28:14.000000000 -0500
@@ -47,6 +47,8 @@
kernel_rw_hotplug_sysctl(kudzu_t)
kernel_rw_kernel_sysctl(kudzu_t)
@@ -100,7 +69,7 @@
dev_list_sysfs(kudzu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.1.6/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/admin/logrotate.te 2005-12-15 15:01:11.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/admin/logrotate.te 2005-12-16 09:28:14.000000000 -0500
@@ -67,6 +67,10 @@
kernel_read_system_state(logrotate_t)
kernel_read_kernel_sysctl(logrotate_t)
@@ -114,7 +83,7 @@
fs_search_auto_mountpoints(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.1.6/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/admin/rpm.fc 2005-12-15 18:10:14.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/admin/rpm.fc 2005-12-16 09:28:14.000000000 -0500
@@ -1,5 +1,6 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -124,7 +93,7 @@
/usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.1.6/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2005-12-14 10:38:49.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/admin/rpm.te 2005-12-15 15:00:51.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/admin/rpm.te 2005-12-16 09:28:14.000000000 -0500
@@ -114,6 +114,10 @@
fs_getattr_all_fs(rpm_t)
fs_search_auto_mountpoints(rpm_t)
@@ -148,7 +117,7 @@
selinux_compute_access_vector(rpm_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-2.1.6/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/admin/tmpreaper.te 2005-12-15 14:59:37.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/admin/tmpreaper.te 2005-12-16 09:28:14.000000000 -0500
@@ -39,6 +39,9 @@
miscfiles_read_localization(tmpreaper_t)
miscfiles_delete_man_pages(tmpreaper_t)
@@ -161,7 +130,7 @@
ifdef(`TODO',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.6/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/java.fc 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.fc 2005-12-16 09:28:14.000000000 -0500
@@ -0,0 +1,4 @@
+
+/usr/.*/java -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -169,7 +138,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.1.6/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/java.if 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.if 2005-12-16 09:28:14.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>Load keyboard mappings.</summary>
+
@@ -196,7 +165,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.1.6/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/java.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/java.te 2005-12-16 09:28:14.000000000 -0500
@@ -0,0 +1,24 @@
+policy_module(java,1.0.0)
+
@@ -224,7 +193,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.1.6/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/webalizer.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/apps/webalizer.te 2005-12-16 09:28:14.000000000 -0500
@@ -87,6 +87,7 @@
sysnet_read_config(webalizer_t)
@@ -235,7 +204,7 @@
apache_manage_sys_content(webalizer_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.1.6/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2005-12-02 17:53:26.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/corenetwork.te.in 2005-12-15 12:49:36.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/corenetwork.te.in 2005-12-16 09:28:14.000000000 -0500
@@ -166,5 +166,7 @@
type netif_t, netif_type;
sid netif gen_context(system_u:object_r:netif_t,s0)
@@ -246,7 +215,7 @@
#network_interface(eth0, eth0,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.1.6/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/devices.fc 2005-12-15 13:30:24.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/devices.fc 2005-12-16 09:28:14.000000000 -0500
@@ -17,10 +17,10 @@
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
@@ -284,7 +253,7 @@
/dev/s(ou)?nd/.* -c gen_context(system_u:object_r:sound_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.1.6/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2005-12-01 17:57:16.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/files.fc 2005-12-15 18:13:19.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/files.fc 2005-12-16 09:28:14.000000000 -0500
@@ -24,7 +24,7 @@
# /boot
#
@@ -374,7 +343,7 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.1.6/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/kernel.te 2005-12-15 12:53:58.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/kernel.te 2005-12-16 09:32:12.000000000 -0500
@@ -38,7 +38,7 @@
domain_base_type(kernel_t)
mls_rangetrans_source(kernel_t)
@@ -438,37 +407,49 @@
#
# unlabeled_t is the type of unlabeled objects.
-@@ -132,26 +132,7 @@
+@@ -132,26 +132,26 @@
# have labels that are no longer valid are treated as having this type.
#
type unlabeled_t;
-sid unlabeled gen_context(system_u:object_r:unlabeled_t,s0)
--
--# These initial sids are no longer used, and can be removed:
++sid unlabeled gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+
+ # These initial sids are no longer used, and can be removed:
-sid any_socket gen_context(system_u:object_r:unlabeled_t,s0)
--sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
++sid any_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+ sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
-sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s0)
-sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s0)
--sid init gen_context(system_u:object_r:unlabeled_t,s0)
++sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+ sid init gen_context(system_u:object_r:unlabeled_t,s0)
-sid kmod gen_context(system_u:object_r:unlabeled_t,s0)
-sid netmsg gen_context(system_u:object_r:unlabeled_t,s0)
-sid policy gen_context(system_u:object_r:unlabeled_t,s0)
-sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_modprobe gen_context(system_u:object_r:unlabeled_t,s0)
++sid kmod gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid netmsg gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid policy gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+ sid sysctl_modprobe gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_net gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_net_unix gen_context(system_u:object_r:unlabeled_t,s0)
++sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+ sid sysctl_net gen_context(system_u:object_r:unlabeled_t,s0)
+ sid sysctl_net_unix gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s0)
-sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s0)
-sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s0)
-+sid unlabeled gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
++sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.6/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2005-12-13 15:51:49.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/mls.te 2005-12-15 12:08:25.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/mls.te 2005-12-16 09:28:14.000000000 -0500
@@ -79,9 +79,11 @@
# these might be targeted_policy only
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
@@ -483,7 +464,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.1.6/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/selinux.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/selinux.te 2005-12-16 09:28:14.000000000 -0500
@@ -18,7 +18,7 @@
type security_t;
fs_type(security_t)
@@ -495,7 +476,7 @@
neverallow ~can_load_policy security_t:security load_policy;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.1.6/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/storage.fc 2005-12-15 13:27:21.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/storage.fc 2005-12-16 09:28:14.000000000 -0500
@@ -5,35 +5,35 @@
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -578,7 +559,7 @@
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.1.6/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2005-12-13 15:51:49.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/automount.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/automount.te 2005-12-16 09:28:14.000000000 -0500
@@ -28,7 +28,7 @@
# Local policy
#
@@ -618,7 +599,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-2.1.6/policy/modules/services/cvs.fc
--- nsaserefpolicy/policy/modules/services/cvs.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/cvs.fc 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/cvs.fc 2005-12-16 09:28:14.000000000 -0500
@@ -1,2 +1,4 @@
/usr/bin/cvs -- gen_context(system_u:object_r:cvs_exec_t,s0)
@@ -626,7 +607,7 @@
+/opt/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.1.6/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/cvs.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/cvs.te 2005-12-16 09:28:14.000000000 -0500
@@ -86,6 +86,12 @@
mta_send_mail(cvs_t)
@@ -642,7 +623,7 @@
kerberos_read_keytab(cvs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.1.6/policy/modules/services/remotelogin.te
--- nsaserefpolicy/policy/modules/services/remotelogin.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/remotelogin.te 2005-12-15 15:02:19.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/remotelogin.te 2005-12-16 09:28:14.000000000 -0500
@@ -106,6 +106,7 @@
logging_send_syslog_msg(remote_login_t)
@@ -653,7 +634,7 @@
mls_file_downgrade(remote_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.1.6/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/sasl.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/sasl.te 2005-12-16 09:28:14.000000000 -0500
@@ -88,9 +88,11 @@
')
@@ -671,7 +652,7 @@
mysql_search_db_dir(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.1.6/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/services/ssh.te 2005-12-15 14:57:46.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/ssh.te 2005-12-16 09:28:14.000000000 -0500
@@ -91,10 +91,6 @@
seutil_read_config(sshd_t)
@@ -698,7 +679,7 @@
# Relabel and access ptys created by sshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.6/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2005-12-08 15:57:16.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/authlogin.if 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/authlogin.if 2005-12-16 09:28:14.000000000 -0500
@@ -320,15 +320,25 @@
## </param>
#
@@ -728,7 +709,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.1.6/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/authlogin.te 2005-12-15 15:11:31.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/authlogin.te 2005-12-16 09:28:14.000000000 -0500
@@ -211,6 +211,7 @@
logging_send_syslog_msg(pam_console_t)
@@ -739,7 +720,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.1.6/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/getty.te 2005-12-15 14:50:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/getty.te 2005-12-16 09:28:14.000000000 -0500
@@ -63,6 +63,9 @@
kernel_list_proc(getty_t)
kernel_read_proc_symlinks(getty_t)
@@ -752,7 +733,7 @@
fs_search_auto_mountpoints(getty_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.1.6/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2005-12-09 23:35:07.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/iptables.te 2005-12-15 15:43:34.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/iptables.te 2005-12-16 09:28:14.000000000 -0500
@@ -43,6 +43,8 @@
kernel_read_modprobe_sysctl(iptables_t)
kernel_use_fd(iptables_t)
@@ -764,7 +745,7 @@
fs_getattr_xattr_fs(iptables_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/libraries.fc 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/libraries.fc 2005-12-16 09:28:14.000000000 -0500
@@ -11,6 +11,20 @@
/emul/ia32-linux/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
/emul/ia32-linux/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -802,7 +783,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.1.6/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/locallogin.te 2005-12-15 15:02:59.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/locallogin.te 2005-12-16 09:28:14.000000000 -0500
@@ -152,6 +152,7 @@
miscfiles_read_localization(local_login_t)
@@ -813,7 +794,7 @@
mls_file_downgrade(local_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.1.6/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/logging.fc 2005-12-15 13:53:23.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/logging.fc 2005-12-16 09:28:14.000000000 -0500
@@ -20,9 +20,9 @@
')
@@ -828,7 +809,7 @@
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.1.6/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/logging.te 2005-12-15 15:42:12.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/logging.te 2005-12-16 09:28:14.000000000 -0500
@@ -71,6 +71,8 @@
kernel_read_kernel_sysctl(auditctl_t)
kernel_read_proc_symlinks(auditctl_t)
@@ -857,7 +838,7 @@
optional_policy(`udev',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc 2005-12-15 13:34:20.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc 2005-12-16 09:28:14.000000000 -0500
@@ -7,11 +7,11 @@
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -876,7 +857,7 @@
# /root
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.1.6/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/udev.fc 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/udev.fc 2005-12-16 09:28:14.000000000 -0500
@@ -17,3 +17,4 @@
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
@@ -884,7 +865,7 @@
+/lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.1.6/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/udev.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/udev.te 2005-12-16 09:28:14.000000000 -0500
@@ -39,7 +39,7 @@
# Local policy
#
@@ -904,7 +885,7 @@
kernel_signal(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.1.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-15 11:49:35.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-16 09:28:14.000000000 -0500
@@ -57,6 +57,10 @@
bluetooth_domtrans_helper(unconfined_t)
')
@@ -926,7 +907,7 @@
optional_policy(`samba',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.6/policy/users
--- nsaserefpolicy/policy/users 2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.6/policy/users 2005-12-15 13:15:09.000000000 -0500
++++ serefpolicy-2.1.6/policy/users 2005-12-16 09:28:14.000000000 -0500
@@ -26,7 +26,9 @@
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- selinux-policy.spec 15 Dec 2005 23:19:08 -0000 1.52
+++ selinux-policy.spec 16 Dec 2005 14:39:19 -0000 1.53
@@ -3,11 +3,11 @@
%define monolithic n
%define POLICYVER 20
%define POLICYCOREUTILSVER 1.29.1-1
-%define CHECKPOLICYVER 1.28-1
+%define CHECKPOLICYVER 1.28-2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.6
-Release: 4
+Release: 5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -243,6 +243,10 @@
%changelog
+* Thu Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-5
+- Add sids back in
+- Rebuild with update checkpolicy
+
* Thu Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-4
- Fixes to allow automount to use portmap
- Fixes to start kernel in s0-s15:c0.c255
More information about the fedora-cvs-commits
mailing list