rpms/selinux-policy/devel modules-mls.conf, 1.3, 1.4 policy-20051208.patch, 1.17, 1.18 selinux-policy.spec, 1.54, 1.55
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 16 18:36:03 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8778
Modified Files:
modules-mls.conf policy-20051208.patch selinux-policy.spec
Log Message:
* Fri Dec 16 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-7
- Update mls file from old version
Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- modules-mls.conf 15 Dec 2005 23:19:08 -0000 1.3
+++ modules-mls.conf 16 Dec 2005 18:36:00 -0000 1.4
@@ -779,7 +779,7 @@
#
# Policy for changing the system host name.
#
-hostname = base
+hostname = off
# Layer: system
# Module: getty
policy-20051208.patch:
Makefile | 2
config/appconfig-strict-mcs/default_type | 6
config/appconfig-strict-mls/default_type | 6
config/appconfig-targeted-mcs/default_type | 2
config/appconfig-targeted-mls/default_type | 2
policy/global_tunables | 3
policy/mcs | 321 ++++---------------------
policy/mls | 372 ++++++-----------------------
policy/modules/admin/kudzu.te | 2
policy/modules/admin/logrotate.te | 4
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 7
policy/modules/admin/tmpreaper.te | 3
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +
policy/modules/apps/java.te | 24 +
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corenetwork.te.in | 2
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/files.fc | 27 +-
policy/modules/kernel/kernel.te | 24 -
policy/modules/kernel/mls.te | 9
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 44 +--
policy/modules/services/automount.te | 9
policy/modules/services/cvs.fc | 2
policy/modules/services/cvs.te | 6
policy/modules/services/remotelogin.te | 1
policy/modules/services/sasl.te | 8
policy/modules/services/ssh.te | 10
policy/modules/system/authlogin.if | 12
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/init.te | 1
policy/modules/system/iptables.te | 2
policy/modules/system/libraries.fc | 17 +
policy/modules/system/locallogin.te | 1
policy/modules/system/logging.fc | 7
policy/modules/system/logging.te | 5
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 3
policy/modules/system/unconfined.te | 5
policy/modules/system/userdomain.fc | 2
policy/users | 8
45 files changed, 377 insertions(+), 633 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- policy-20051208.patch 16 Dec 2005 15:56:59 -0000 1.17
+++ policy-20051208.patch 16 Dec 2005 18:36:00 -0000 1.18
@@ -388,7 +388,7 @@
# Each MCS level specifies a sensitivity and zero or more categories which may
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.1.6/policy/mls
--- nsaserefpolicy/policy/mls 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/mls 2005-12-16 10:28:32.000000000 -0500
++++ serefpolicy-2.1.6/policy/mls 2005-12-16 13:06:24.000000000 -0500
@@ -1,4 +1,3 @@
-
ifdef(`enable_mls',`
@@ -726,25 +726,16 @@
( l2 eq h2 );
-# new file labels must be dominated by the relabeling subject clearance
-+# new file labels must be dominated by the relabeling subject's clearance
++# new file labels must be dominated by the relabeling subjects clearance
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } relabelto
( h1 dom h2 );
-@@ -413,7 +220,7 @@
-
- # create can also require the upgrade/downgrade checks if the creating process
- # has used setfscreate (note that both the high and low level of the object
--# default to the process sensitivity level)
-+# default to the process' sensitivity level)
- mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } create
- ((( l1 eq l2 ) or
- (( t1 == mlsfileupgrade ) and ( l1 domby l2 )) or
@@ -431,7 +238,7 @@
# MLS policy for the filesystem class
#
-# new filesystem labels must be dominated by the relabeling subject clearance
-+# new filesystem labels must be dominated by the relabeling subject's clearance
++# new filesystem labels must be dominated by the relabeling subjects clearance
mlsconstrain filesystem relabelto
( h1 dom h2 );
@@ -753,7 +744,7 @@
#
-# new socket labels must be dominated by the relabeling subject clearance
-+# new socket labels must be dominated by the relabeling subject's clearance
++# new socket labels must be dominated by the relabeling subjects clearance
mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } relabelto
( h1 dom h2 );
@@ -762,7 +753,7 @@
#
-# new process labels must be dominated by the relabeling subject clearance
-+# new process labels must be dominated by the relabeling subject's clearance
++# new process labels must be dominated by the relabeling subjects clearance
# and sensitivity level changes require privilege
mlsconstrain process transition
(( h1 dom h2 ) and
@@ -1065,7 +1056,7 @@
/dev/s(ou)?nd/.* -c gen_context(system_u:object_r:sound_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.1.6/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2005-12-01 17:57:16.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/files.fc 2005-12-16 10:52:50.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/files.fc 2005-12-16 13:31:57.000000000 -0500
@@ -24,7 +24,7 @@
# /boot
#
@@ -1142,7 +1133,7 @@
/var/lost\+found/.* <<none>>
-/var/run(/.*)? gen_context(system_u:object_r:var_run_t,s0)
-+/var/run -d gen_context(system_u:object_r:var_run_t,s0-s15:c0.c255))
++/var/run -d gen_context(system_u:object_r:var_run_t,s0-s15:c0.c255)
+/var/run/.* gen_context(system_u:object_r:var_run_t,s0)
/var/run/.*\.*pid <<none>>
@@ -1157,7 +1148,7 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.1.6/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/kernel/kernel.te 2005-12-16 09:32:12.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/kernel/kernel.te 2005-12-16 12:48:11.000000000 -0500
@@ -38,7 +38,7 @@
domain_base_type(kernel_t)
mls_rangetrans_source(kernel_t)
@@ -1183,45 +1174,7 @@
type proc_mdstat_t, proc_type;
genfscon proc /mdstat gen_context(system_u:object_r:proc_mdstat_t,s0)
-@@ -96,11 +96,11 @@
- # /proc/sys/fs directory and files
- type sysctl_fs_t, sysctl_type;
- files_mountpoint(sysctl_fs_t)
--genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s0)
-+genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s15:c0.c255)
-
- # /proc/sys/kernel directory and files
- type sysctl_kernel_t, sysctl_type;
--genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s0)
-+genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s15:c0.c255)
-
- # /proc/sys/kernel/modprobe file
- type sysctl_modprobe_t, sysctl_type;
-@@ -112,19 +112,19 @@
-
- # /proc/sys/net directory and files
- type sysctl_net_t, sysctl_type;
--genfscon proc /sys/net gen_context(system_u:object_r:sysctl_net_t,s0)
-+genfscon proc /sys/net gen_context(system_u:object_r:sysctl_net_t,s15:c0.c255)
-
- # /proc/sys/net/unix directory and files
- type sysctl_net_unix_t, sysctl_type;
--genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0)
-+genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s15:c0.c255)
-
- # /proc/sys/vm directory and files
- type sysctl_vm_t, sysctl_type;
--genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0)
-+genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s15:c0.c255)
-
- # /proc/sys/dev directory and files
- type sysctl_dev_t, sysctl_type;
--genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
-+genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s15:c0.c255)
-
- #
- # unlabeled_t is the type of unlabeled objects.
-@@ -132,26 +132,26 @@
+@@ -132,18 +132,18 @@
# have labels that are no longer valid are treated as having this type.
#
type unlabeled_t;
@@ -1246,17 +1199,13 @@
+sid policy gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid sysctl_modprobe gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s0)
-+sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
-+sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
- sid sysctl_net gen_context(system_u:object_r:unlabeled_t,s0)
+ sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s0)
+ sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s0)
+@@ -151,7 +151,7 @@
sid sysctl_net_unix gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s0)
--sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s0)
+ sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s0)
+ sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s0)
-sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s0)
-+sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
-+sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
+sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
########################################
@@ -1559,6 +1508,17 @@
dev_read_sysfs(getty_t)
fs_search_auto_mountpoints(getty_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.1.6/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te 2005-12-12 15:35:53.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/init.te 2005-12-16 11:29:46.000000000 -0500
+@@ -369,6 +369,7 @@
+ mls_file_write_down(initrc_t)
+ mls_process_read_up(initrc_t)
+ mls_process_write_down(initrc_t)
++mls_rangetrans_source(initrc_t)
+
+ modutils_read_module_conf(initrc_t)
+ modutils_domtrans_insmod(initrc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.1.6/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2005-12-09 23:35:07.000000000 -0500
+++ serefpolicy-2.1.6/policy/modules/system/iptables.te 2005-12-16 09:28:14.000000000 -0500
@@ -1669,13 +1629,10 @@
optional_policy(`udev',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc 2005-12-16 09:28:14.000000000 -0500
-@@ -7,11 +7,11 @@
-
- /etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
++++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.fc 2005-12-16 13:03:05.000000000 -0500
+@@ -9,9 +9,9 @@
--/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
-+/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s15:c0.c255)
+ /etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
-/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s0)
-
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- selinux-policy.spec 16 Dec 2005 15:30:02 -0000 1.54
+++ selinux-policy.spec 16 Dec 2005 18:36:00 -0000 1.55
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.6
-Release: 6
+Release: 7
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -243,7 +243,7 @@
%changelog
-* Fri Dec 16 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-6
+* Fri Dec 16 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-7
- Update mls file from old version
* Thu Dec 15 2005 Dan Walsh <dwalsh at redhat.com> 2.1.5-5
More information about the fedora-cvs-commits
mailing list