rpms/selinux-policy/devel policy-20051208.patch, 1.23, 1.24 selinux-policy.spec, 1.60, 1.61

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Dec 20 22:47:41 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23188

Modified Files:
	policy-20051208.patch selinux-policy.spec 
Log Message:
* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-13
- Add dri libs to textrel_shlib_t
- Add system_r role for java
- Add unconfined_exec_t for vncserver
- Allow slapd to use kerberos


policy-20051208.patch:
 Makefile                                   |    2 
 Rules.modular                              |   10 
 config/appconfig-strict-mcs/default_type   |    6 
 config/appconfig-strict-mls/default_type   |    6 
 config/appconfig-targeted-mcs/default_type |    2 
 config/appconfig-targeted-mls/default_type |    2 
 man/man8/ftpd_selinux.8                    |   56 ++++
 man/man8/httpd_selinux.8                   |  123 +++++++++
 man/man8/kerberos_selinux.8                |   31 ++
 man/man8/named_selinux.8                   |   29 ++
 man/man8/nfs_selinux.8                     |   30 ++
 man/man8/nis_selinux.8                     |    1 
 man/man8/rsync_selinux.8                   |   41 +++
 man/man8/samba_selinux.8                   |   60 ++++
 man/man8/ypbind_selinux.8                  |   19 +
 policy/global_tunables                     |    3 
 policy/mcs                                 |  321 ++++---------------------
 policy/mls                                 |  372 ++++++-----------------------
 policy/modules/admin/kudzu.te              |    2 
 policy/modules/admin/logrotate.te          |    4 
 policy/modules/admin/rpm.fc                |    1 
 policy/modules/admin/rpm.te                |    7 
 policy/modules/admin/tmpreaper.te          |    3 
 policy/modules/apps/java.fc                |    4 
 policy/modules/apps/java.if                |   23 +
 policy/modules/apps/java.te                |   25 +
 policy/modules/apps/webalizer.te           |    1 
 policy/modules/kernel/corenetwork.te.in    |   12 
 policy/modules/kernel/devices.fc           |    9 
 policy/modules/kernel/files.fc             |   27 +-
 policy/modules/kernel/kernel.te            |   28 +-
 policy/modules/kernel/mls.te               |    9 
 policy/modules/kernel/selinux.te           |    2 
 policy/modules/kernel/storage.fc           |   44 +--
 policy/modules/services/automount.te       |    9 
 policy/modules/services/cvs.fc             |    2 
 policy/modules/services/cvs.te             |    6 
 policy/modules/services/hal.te             |    3 
 policy/modules/services/ldap.te            |    4 
 policy/modules/services/remotelogin.te     |    1 
 policy/modules/services/sasl.te            |    8 
 policy/modules/services/sendmail.te        |    5 
 policy/modules/services/ssh.te             |   10 
 policy/modules/system/authlogin.if         |   12 
 policy/modules/system/authlogin.te         |    1 
 policy/modules/system/getty.te             |    3 
 policy/modules/system/init.te              |    2 
 policy/modules/system/iptables.te          |    2 
 policy/modules/system/libraries.fc         |   18 +
 policy/modules/system/locallogin.te        |    1 
 policy/modules/system/logging.fc           |    7 
 policy/modules/system/logging.te           |    5 
 policy/modules/system/selinuxutil.fc       |    6 
 policy/modules/system/udev.fc              |    1 
 policy/modules/system/udev.te              |    3 
 policy/modules/system/unconfined.fc        |    2 
 policy/modules/system/unconfined.te        |    5 
 policy/modules/system/userdomain.fc        |    2 
 policy/modules/system/userdomain.te        |    2 
 policy/users                               |    8 
 60 files changed, 804 insertions(+), 639 deletions(-)

Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- policy-20051208.patch	20 Dec 2005 19:03:31 -0000	1.23
+++ policy-20051208.patch	20 Dec 2005 22:47:39 -0000	1.24
@@ -1394,8 +1394,8 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.1.6/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/apps/java.te	2005-12-16 23:22:51.000000000 -0500
-@@ -0,0 +1,24 @@
++++ serefpolicy-2.1.6/policy/modules/apps/java.te	2005-12-20 14:26:13.000000000 -0500
+@@ -0,0 +1,25 @@
 +policy_module(java,1.0.0)
 +
 +########################################
@@ -1419,6 +1419,7 @@
 +	allow java_t self:process execmem;
 +	unconfined_domain_template(java_t)
 +	unconfined_domtrans(java_t)
++	role system_r types java_t;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.1.6/policy/modules/apps/webalizer.te
 --- nsaserefpolicy/policy/modules/apps/webalizer.te	2005-12-09 23:35:04.000000000 -0500
@@ -1881,6 +1882,20 @@
  
  domain_use_wide_inherit_fd(hald_t)
  domain_exec_all_entry_files(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.1.6/policy/modules/services/ldap.te
+--- nsaserefpolicy/policy/modules/services/ldap.te	2005-12-09 23:35:05.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/services/ldap.te	2005-12-20 15:43:29.000000000 -0500
+@@ -142,6 +142,10 @@
+ 	nis_use_ypbind(slapd_t)
+ ')
+ 
++optional_policy(`kerberos',`
++		kerberos_use(slapd_t)
++')
++
+ optional_policy(`selinuxutil',`
+ 	seutil_sigchld_newrole(slapd_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.1.6/policy/modules/services/remotelogin.te
 --- nsaserefpolicy/policy/modules/services/remotelogin.te	2005-12-09 23:35:06.000000000 -0500
 +++ serefpolicy-2.1.6/policy/modules/services/remotelogin.te	2005-12-16 23:22:51.000000000 -0500
@@ -2194,9 +2209,18 @@
  kernel_rw_unix_dgram_socket(udev_t)
  kernel_sendto_unix_dgram_socket(udev_t)
  kernel_signal(udev_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.1.6/policy/modules/system/unconfined.fc
+--- nsaserefpolicy/policy/modules/system/unconfined.fc	2005-11-14 18:24:06.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.fc	2005-12-20 15:42:20.000000000 -0500
+@@ -1,3 +1,5 @@
+ # Add programs here which should not be confined by SELinux
+ # e.g.:
+ # /usr/local/bin/appsrv	--	gen_context(system_u:object_r:unconfined_exec_t,s0)
++# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
++/usr/bin/vncserver	--	gen_context(system_u:object_r:unconfined_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.1.6/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/unconfined.te	2005-12-16 23:22:51.000000000 -0500
++++ serefpolicy-2.1.6/policy/modules/system/unconfined.te	2005-12-20 17:45:57.000000000 -0500
 @@ -57,6 +57,10 @@
  		bluetooth_domtrans_helper(unconfined_t)
  	')


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- selinux-policy.spec	20 Dec 2005 19:03:31 -0000	1.60
+++ selinux-policy.spec	20 Dec 2005 22:47:39 -0000	1.61
@@ -7,7 +7,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.1.6
-Release: 12
+Release: 13
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -258,8 +258,11 @@
 %endif
 
 %changelog
-* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-12
+* Tue Dec 20 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-13
 - Add dri libs to textrel_shlib_t
+- Add system_r role for java
+- Add unconfined_exec_t for vncserver
+- Allow slapd to use kerberos
 
 * Mon Dec 19 2005 Dan Walsh <dwalsh at redhat.com> 2.1.6-11
 - Add man pages




More information about the fedora-cvs-commits mailing list