rpms/selinux-policy-strict/devel policy-20050706.patch, 1.1, 1.2 selinux-policy-strict.spec, 1.343, 1.344
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jul 6 22:08:04 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10682
Modified Files:
policy-20050706.patch selinux-policy-strict.spec
Log Message:
* Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-2
- Add boolean to allow sysadm_t to ptrace
policy-20050706.patch:
domains/admin.te | 5 +++++
domains/program/getty.te | 7 +++++++
domains/program/netutils.te | 2 ++
domains/program/passwd.te | 5 +++++
domains/program/unused/apache.te | 1 +
domains/program/unused/apmd.te | 4 ++--
domains/program/unused/bluetooth.te | 3 ++-
domains/program/unused/ciped.te | 3 +--
domains/program/unused/cups.te | 7 +++++--
domains/program/unused/cyrus.te | 5 +----
domains/program/unused/dhcpc.te | 1 +
domains/program/unused/dovecot.te | 1 +
domains/program/unused/hald.te | 3 ++-
domains/program/unused/hotplug.te | 4 +++-
domains/program/unused/nscd.te | 1 +
domains/program/unused/prelink.te | 3 ---
domains/program/unused/radvd.te | 3 ++-
domains/program/unused/rpcd.te | 6 +++++-
domains/program/unused/squid.te | 3 +++
domains/program/unused/winbind.te | 10 ++++++++++
file_contexts/program/cups.fc | 2 ++
file_contexts/program/winbind.fc | 1 +
file_contexts/types.fc | 14 +++++++-------
macros/admin_macros.te | 3 ---
macros/base_user_macros.te | 4 +---
macros/global_macros.te | 1 +
macros/program/apache_macros.te | 1 +
macros/program/chkpwd_macros.te | 2 ++
macros/program/dbusd_macros.te | 2 +-
macros/program/evolution_macros.te | 6 ------
macros/program/games_domain.te | 3 ---
macros/program/java_macros.te | 2 --
macros/program/mail_client_macros.te | 10 ++++++++--
macros/program/mozilla_macros.te | 2 --
macros/program/mplayer_macros.te | 2 +-
macros/program/xserver_macros.te | 4 ----
net_contexts | 2 ++
targeted/domains/unconfined.te | 5 +++++
tunables/distro.tun | 2 +-
tunables/tunable.tun | 4 ++--
types/network.te | 1 -
41 files changed, 94 insertions(+), 56 deletions(-)
Index: policy-20050706.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050706.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050706.patch 6 Jul 2005 21:38:28 -0000 1.1
+++ policy-20050706.patch 6 Jul 2005 22:07:57 -0000 1.2
@@ -1,3 +1,15 @@
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.25.1/domains/admin.te
+--- nsapolicy/domains/admin.te 2005-04-27 10:28:48.000000000 -0400
++++ policy-1.25.1/domains/admin.te 2005-07-06 18:05:44.000000000 -0400
+@@ -36,3 +36,8 @@
+ typeattribute secadm_tty_device_t admin_tty_type;
+ typeattribute secadm_devpts_t admin_tty_type;
+
++boolean allow_ptrace false;
++
++if (allow_ptrace) {
++can_ptrace(sysadm_t, domain)
++}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.25.1/domains/program/getty.te
--- nsapolicy/domains/program/getty.te 2005-05-02 14:06:54.000000000 -0400
+++ policy-1.25.1/domains/program/getty.te 2005-07-06 17:29:15.000000000 -0400
@@ -97,7 +109,7 @@
can_ypbind(ciped_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.25.1/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-07-06 17:15:06.000000000 -0400
-+++ policy-1.25.1/domains/program/unused/cups.te 2005-07-06 17:37:14.000000000 -0400
++++ policy-1.25.1/domains/program/unused/cups.te 2005-07-06 17:48:40.000000000 -0400
@@ -77,7 +77,7 @@
allow cupsd_t self:fifo_file rw_file_perms;
@@ -118,6 +130,14 @@
#
# Satisfy readahead
#
+@@ -175,6 +177,7 @@
+ daemon_domain(hplip)
+ etcdir_domain(hplip)
+ allow hplip_t etc_t:file r_file_perms;
++allow hplip_t etc_runtime_t:file { read getattr };
+ allow hplip_t printer_device_t:chr_file rw_file_perms;
+ allow cupsd_t hplip_var_run_t:file { read getattr };
+ allow hplip_t cupsd_etc_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.25.1/domains/program/unused/cyrus.te
--- nsapolicy/domains/program/unused/cyrus.te 2005-07-06 17:15:06.000000000 -0400
+++ policy-1.25.1/domains/program/unused/cyrus.te 2005-07-06 17:29:15.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.343
retrieving revision 1.344
diff -u -r1.343 -r1.344
--- selinux-policy-strict.spec 6 Jul 2005 21:38:28 -0000 1.343
+++ selinux-policy-strict.spec 6 Jul 2005 22:07:57 -0000 1.344
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.25.1
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,6 +229,9 @@
exit 0
%changelog
+* Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-2
+- Add boolean to allow sysadm_t to ptrace
+
* Wed Jul 6 2005 Dan Walsh <dwalsh at redhat.com> 1.25.1-1
- Update to NSA
- Fix strict policy audit_write so you can login
More information about the fedora-cvs-commits
mailing list