rpms/selinux-policy-strict/devel policy-20050706.patch, 1.1, 1.2 selinux-policy-strict.spec, 1.343, 1.344

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jul 6 22:08:04 UTC 2005 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10682

Modified Files:
	policy-20050706.patch selinux-policy-strict.spec 
Log Message:
* Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-2
- Add boolean to allow sysadm_t to ptrace


policy-20050706.patch:
 domains/admin.te                     |    5 +++++
 domains/program/getty.te             |    7 +++++++
 domains/program/netutils.te          |    2 ++
 domains/program/passwd.te            |    5 +++++
 domains/program/unused/apache.te     |    1 +
 domains/program/unused/apmd.te       |    4 ++--
 domains/program/unused/bluetooth.te  |    3 ++-
 domains/program/unused/ciped.te      |    3 +--
 domains/program/unused/cups.te       |    7 +++++--
 domains/program/unused/cyrus.te      |    5 +----
 domains/program/unused/dhcpc.te      |    1 +
 domains/program/unused/dovecot.te    |    1 +
 domains/program/unused/hald.te       |    3 ++-
 domains/program/unused/hotplug.te    |    4 +++-
 domains/program/unused/nscd.te       |    1 +
 domains/program/unused/prelink.te    |    3 ---
 domains/program/unused/radvd.te      |    3 ++-
 domains/program/unused/rpcd.te       |    6 +++++-
 domains/program/unused/squid.te      |    3 +++
 domains/program/unused/winbind.te    |   10 ++++++++++
 file_contexts/program/cups.fc        |    2 ++
 file_contexts/program/winbind.fc     |    1 +
 file_contexts/types.fc               |   14 +++++++-------
 macros/admin_macros.te               |    3 ---
 macros/base_user_macros.te           |    4 +---
 macros/global_macros.te              |    1 +
 macros/program/apache_macros.te      |    1 +
 macros/program/chkpwd_macros.te      |    2 ++
 macros/program/dbusd_macros.te       |    2 +-
 macros/program/evolution_macros.te   |    6 ------
 macros/program/games_domain.te       |    3 ---
 macros/program/java_macros.te        |    2 --
 macros/program/mail_client_macros.te |   10 ++++++++--
 macros/program/mozilla_macros.te     |    2 --
 macros/program/mplayer_macros.te     |    2 +-
 macros/program/xserver_macros.te     |    4 ----
 net_contexts                         |    2 ++
 targeted/domains/unconfined.te       |    5 +++++
 tunables/distro.tun                  |    2 +-
 tunables/tunable.tun                 |    4 ++--
 types/network.te                     |    1 -
 41 files changed, 94 insertions(+), 56 deletions(-)

Index: policy-20050706.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050706.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050706.patch	6 Jul 2005 21:38:28 -0000	1.1
+++ policy-20050706.patch	6 Jul 2005 22:07:57 -0000	1.2
@@ -1,3 +1,15 @@
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.25.1/domains/admin.te
+--- nsapolicy/domains/admin.te	2005-04-27 10:28:48.000000000 -0400
++++ policy-1.25.1/domains/admin.te	2005-07-06 18:05:44.000000000 -0400
+@@ -36,3 +36,8 @@
+ typeattribute secadm_tty_device_t admin_tty_type;
+ typeattribute secadm_devpts_t admin_tty_type;
+ 
++boolean allow_ptrace false;
++
++if (allow_ptrace) {
++can_ptrace(sysadm_t, domain)
++}
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.25.1/domains/program/getty.te
 --- nsapolicy/domains/program/getty.te	2005-05-02 14:06:54.000000000 -0400
 +++ policy-1.25.1/domains/program/getty.te	2005-07-06 17:29:15.000000000 -0400
@@ -97,7 +109,7 @@
  can_ypbind(ciped_t)
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.25.1/domains/program/unused/cups.te
 --- nsapolicy/domains/program/unused/cups.te	2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/cups.te	2005-07-06 17:37:14.000000000 -0400
++++ policy-1.25.1/domains/program/unused/cups.te	2005-07-06 17:48:40.000000000 -0400
 @@ -77,7 +77,7 @@
  allow cupsd_t self:fifo_file rw_file_perms;
  
@@ -118,6 +130,14 @@
  #
  # Satisfy readahead
  #
+@@ -175,6 +177,7 @@
+ daemon_domain(hplip)
+ etcdir_domain(hplip)
+ allow hplip_t etc_t:file r_file_perms;
++allow hplip_t etc_runtime_t:file { read getattr };
+ allow hplip_t printer_device_t:chr_file rw_file_perms;
+ allow cupsd_t hplip_var_run_t:file { read getattr };
+ allow hplip_t cupsd_etc_t:dir search;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.1/domains/program/unused/cyrus.te
 --- nsapolicy/domains/program/unused/cyrus.te	2005-07-06 17:15:06.000000000 -0400
 +++ policy-1.25.1/domains/program/unused/cyrus.te	2005-07-06 17:29:15.000000000 -0400


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.343
retrieving revision 1.344
diff -u -r1.343 -r1.344
--- selinux-policy-strict.spec	6 Jul 2005 21:38:28 -0000	1.343
+++ selinux-policy-strict.spec	6 Jul 2005 22:07:57 -0000	1.344
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.25.1
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,6 +229,9 @@
 exit 0
 
 %changelog
+* Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-2
+- Add boolean to allow sysadm_t to ptrace
+
 * Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-1
 - Update to NSA
 - Fix strict policy audit_write so you can login

More information about the fedora-cvs-commits mailing list