rpms/selinux-policy/devel policy-20051208.patch, 1.23, 1.24 selinux-policy.spec, 1.60, 1.61
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Dec 20 22:47:41 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23188
Modified Files:
policy-20051208.patch selinux-policy.spec
Log Message:
* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-13
- Add dri libs to textrel_shlib_t
- Add system_r role for java
- Add unconfined_exec_t for vncserver
- Allow slapd to use kerberos
policy-20051208.patch:
Makefile | 2
Rules.modular | 10
config/appconfig-strict-mcs/default_type | 6
config/appconfig-strict-mls/default_type | 6
config/appconfig-targeted-mcs/default_type | 2
config/appconfig-targeted-mls/default_type | 2
man/man8/ftpd_selinux.8 | 56 ++++
man/man8/httpd_selinux.8 | 123 +++++++++
man/man8/kerberos_selinux.8 | 31 ++
man/man8/named_selinux.8 | 29 ++
man/man8/nfs_selinux.8 | 30 ++
man/man8/nis_selinux.8 | 1
man/man8/rsync_selinux.8 | 41 +++
man/man8/samba_selinux.8 | 60 ++++
man/man8/ypbind_selinux.8 | 19 +
policy/global_tunables | 3
policy/mcs | 321 ++++---------------------
policy/mls | 372 ++++++-----------------------
policy/modules/admin/kudzu.te | 2
policy/modules/admin/logrotate.te | 4
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 7
policy/modules/admin/tmpreaper.te | 3
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +
policy/modules/apps/java.te | 25 +
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corenetwork.te.in | 12
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/files.fc | 27 +-
policy/modules/kernel/kernel.te | 28 +-
policy/modules/kernel/mls.te | 9
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 44 +--
policy/modules/services/automount.te | 9
policy/modules/services/cvs.fc | 2
policy/modules/services/cvs.te | 6
policy/modules/services/hal.te | 3
policy/modules/services/ldap.te | 4
policy/modules/services/remotelogin.te | 1
policy/modules/services/sasl.te | 8
policy/modules/services/sendmail.te | 5
policy/modules/services/ssh.te | 10
policy/modules/system/authlogin.if | 12
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/init.te | 2
policy/modules/system/iptables.te | 2
policy/modules/system/libraries.fc | 18 +
policy/modules/system/locallogin.te | 1
policy/modules/system/logging.fc | 7
policy/modules/system/logging.te | 5
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 3
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.te | 5
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.te | 2
policy/users | 8
60 files changed, 804 insertions(+), 639 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- policy-20051208.patch 20 Dec 2005 19:03:31 -0000 1.23
+++ policy-20051208.patch 20 Dec 2005 22:47:39 -0000 1.24
@@ -1394,8 +1394,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.1.6/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/java.te 2005-12-16 23:22:51.000000000 -0500
-@@ -0,0 +1,24 @@
++++ serefpolicy-2.1.6/policy/modules/apps/java.te 2005-12-20 14:26:13.000000000 -0500
+@@ -0,0 +1,25 @@
+policy_module(java,1.0.0)
+
+########################################
@@ -1419,6 +1419,7 @@
+ allow java_t self:process execmem;
+ unconfined_domain_template(java_t)
+ unconfined_domtrans(java_t)
++ role system_r types java_t;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.1.6/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2005-12-09 23:35:04.000000000 -0500
@@ -1881,6 +1882,20 @@
domain_use_wide_inherit_fd(hald_t)
domain_exec_all_entry_files(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.1.6/policy/modules/services/ldap.te
+--- nsaserefpolicy/policy/modules/services/ldap.te 2005-12-09 23:35:05.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/ldap.te 2005-12-20 15:43:29.000000000 -0500
+@@ -142,6 +142,10 @@
+ nis_use_ypbind(slapd_t)
+ ')
+
++optional_policy(`kerberos',`
++ kerberos_use(slapd_t)
++')
++
+ optional_policy(`selinuxutil',`
+ seutil_sigchld_newrole(slapd_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.1.6/policy/modules/services/remotelogin.te
--- nsaserefpolicy/policy/modules/services/remotelogin.te 2005-12-09 23:35:06.000000000 -0500
+++ serefpolicy-2.1.6/policy/modules/services/remotelogin.te 2005-12-16 23:22:51.000000000 -0500
@@ -2194,9 +2209,18 @@
kernel_rw_unix_dgram_socket(udev_t)
kernel_sendto_unix_dgram_socket(udev_t)
kernel_signal(udev_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.1.6/policy/modules/system/unconfined.fc
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2005-11-14 18:24:06.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.fc 2005-12-20 15:42:20.000000000 -0500
+@@ -1,3 +1,5 @@
+ # Add programs here which should not be confined by SELinux
+ # e.g.:
+ # /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
++# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
++/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.1.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-16 23:22:51.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.te 2005-12-20 17:45:57.000000000 -0500
@@ -57,6 +57,10 @@
bluetooth_domtrans_helper(unconfined_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- selinux-policy.spec 20 Dec 2005 19:03:31 -0000 1.60
+++ selinux-policy.spec 20 Dec 2005 22:47:39 -0000 1.61
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.6
-Release: 12
+Release: 13
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -258,8 +258,11 @@
%endif
%changelog
-* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-12
+* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-13
- Add dri libs to textrel_shlib_t
+- Add system_r role for java
+- Add unconfined_exec_t for vncserver
+- Allow slapd to use kerberos
* Mon Dec 19 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-11
- Add man pages
More information about the fedora-cvs-commits
mailing list