rpms/selinux-policy-targeted/FC-3 policy-20050104.patch,1.51,1.52
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jul 12 19:12:19 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv10500
Modified Files:
policy-20050104.patch
Log Message:
* Tue Jul 12 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-3.18
- Allow nscd to use tun_tap device
- Add winbind_helper
- Allow apache to work with ldap
- Fix load_policy line in spec file
policy-20050104.patch:
Makefile | 50 +++--
attrib.te | 29 +++
domains/admin.te | 2
domains/program/crond.te | 7
domains/program/ldconfig.te | 24 ++
domains/program/login.te | 2
domains/program/logrotate.te | 24 +-
domains/program/mount.te | 2
domains/program/ssh.te | 7
domains/program/syslogd.te | 40 ++--
domains/program/unused/acct.te | 6
domains/program/unused/apache.te | 310 ++++++++++++++++++++++------------
domains/program/unused/arpwatch.te | 26 ++
domains/program/unused/cups.te | 58 +++++-
domains/program/unused/dhcpc.te | 5
domains/program/unused/dhcpd.te | 24 +-
domains/program/unused/dovecot.te | 3
domains/program/unused/ftpd.te | 2
domains/program/unused/hald.te | 3
domains/program/unused/howl.te | 2
domains/program/unused/innd.te | 7
domains/program/unused/ipsec.te | 9
domains/program/unused/iptables.te | 3
domains/program/unused/mailman.te | 29 ++-
domains/program/unused/mdadm.te | 3
domains/program/unused/mta.te | 25 ++
domains/program/unused/mysqld.te | 29 +--
domains/program/unused/named.te | 39 ++--
domains/program/unused/nscd.te | 64 +++----
domains/program/unused/ntpd.te | 27 ++
domains/program/unused/portmap.te | 21 ++
domains/program/unused/postfix.te | 2
domains/program/unused/postgresql.te | 62 +++++-
domains/program/unused/procmail.te | 1
domains/program/unused/pxe.te | 1
domains/program/unused/rpcd.te | 2
domains/program/unused/rpm.te | 5
domains/program/unused/rsync.te | 2
domains/program/unused/samba.te | 4
domains/program/unused/sendmail.te | 2
domains/program/unused/slrnpull.te | 1
domains/program/unused/snmpd.te | 31 ++-
domains/program/unused/spamd.te | 2
domains/program/unused/squid.te | 30 ++-
domains/program/unused/udev.te | 5
domains/program/unused/updfstab.te | 1
domains/program/unused/winbind.te | 49 +++++
domains/program/unused/xdm.te | 4
domains/program/unused/ypbind.te | 15 -
domains/program/unused/ypserv.te | 7
domains/user.te | 6
file_contexts/distros.fc | 174 ++++++++++++++++---
file_contexts/program/apache.fc | 28 ++-
file_contexts/program/arpwatch.fc | 3
file_contexts/program/cups.fc | 5
file_contexts/program/dhcpd.fc | 25 ++
file_contexts/program/ipsec.fc | 11 -
file_contexts/program/mailman.fc | 15 -
file_contexts/program/mta.fc | 5
file_contexts/program/mysqld.fc | 4
file_contexts/program/named.fc | 18 +
file_contexts/program/nscd.fc | 3
file_contexts/program/ntpd.fc | 10 -
file_contexts/program/portmap.fc | 9
file_contexts/program/postgresql.fc | 23 --
file_contexts/program/sendmail.fc | 1
file_contexts/program/snmpd.fc | 4
file_contexts/program/squid.fc | 2
file_contexts/program/syslogd.fc | 3
file_contexts/program/winbind.fc | 11 +
file_contexts/types.fc | 213 +++++++++--------------
flask/access_vectors | 31 +++
flask/security_classes | 6
genfs_contexts | 2
macros/base_user_macros.te | 9
macros/core_macros.te | 98 +++++++---
macros/global_macros.te | 99 +++-------
macros/network_macros.te | 179 +++++++++++++++++++
macros/program/apache_macros.te | 144 ++++++++-------
macros/program/kerberos_macros.te | 11 +
macros/program/mount_macros.te | 2
macros/program/mozilla_macros.te | 2
macros/program/mta_macros.te | 5
macros/program/newrole_macros.te | 2
macros/program/spamassassin_macros.te | 5
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 2
macros/program/su_macros.te | 2
macros/program/userhelper_macros.te | 3
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 4
macros/program/ypbind_macros.te | 24 --
man/man8/httpd_selinux.8 | 114 ++++++++++++
man/man8/named_selinux.8 | 29 +++
net_contexts | 103 ++++++++---
targeted/assert.te | 6
targeted/domains/program/hotplug.te | 4
targeted/domains/program/initrc.te | 2
targeted/domains/program/sendmail.te | 17 +
targeted/domains/unconfined.te | 55 +++++-
targeted/types/apache.te | 5
tunables/distro.tun | 2
tunables/tunable.tun | 21 --
types/device.te | 9
types/file.te | 91 ++++++---
types/network.te | 58 ++++--
types/procfs.te | 4
107 files changed, 2008 insertions(+), 827 deletions(-)
Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- policy-20050104.patch 12 Jul 2005 12:04:07 -0000 1.51
+++ policy-20050104.patch 12 Jul 2005 19:12:16 -0000 1.52
@@ -377,7 +377,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.17.30/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/apache.te 2005-07-12 07:55:02.000000000 -0400
++++ policy-1.17.30/domains/program/unused/apache.te 2005-07-12 15:09:21.000000000 -0400
@@ -19,7 +19,17 @@
# the user CGI scripts, then relabel rule for user_r should be removed.
#
@@ -2138,8 +2138,8 @@
+allow updfstab_t fs_t:filesystem { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.17.30/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/domains/program/unused/winbind.te 2005-07-12 07:56:27.000000000 -0400
-@@ -0,0 +1,48 @@
++++ policy-1.17.30/domains/program/unused/winbind.te 2005-07-12 15:10:19.000000000 -0400
+@@ -0,0 +1,49 @@
+#DESC winbind - Name Service Switch daemon for resolving names from NT servers
+#
+# Author: Dan Walsh (dwalsh at redhat.com)
@@ -2179,7 +2179,8 @@
+allow initrc_t winbind_var_run_t:file r_file_perms;
+
+application_domain(winbind_helper, `, nscd_client_domain')
-+access_terminal(winbind_helper_t, sysadm)
++allow winbind_helper_t devpts_t:dir { search };
++allow winbind_helper_t { admin_tty_type devtty_t devpts_t }:chr_file { read write };
+read_locale(winbind_helper_t)
+r_dir_file(winbind_helper_t, samba_etc_t)
+r_dir_file(winbind_t, samba_etc_t)
@@ -3771,8 +3772,8 @@
allow $1 domain:msg { send receive };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/network_macros.te policy-1.17.30/macros/network_macros.te
--- nsapolicy/macros/network_macros.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/macros/network_macros.te 2005-06-10 06:52:30.000000000 -0400
-@@ -0,0 +1,172 @@
++++ policy-1.17.30/macros/network_macros.te 2005-07-12 15:11:53.000000000 -0400
+@@ -0,0 +1,179 @@
+#################################
+#
+# can_network(domain)
@@ -3945,6 +3946,13 @@
+')
+')
+
++define(`can_winbind',`
++ifdef(`winbind.te', `
++allow $1 winbind_var_run_t:dir { getattr search };
++allow $1 winbind_t:unix_stream_socket connectto;
++allow $1 winbind_var_run_t:sock_file { getattr read write };
++')
++')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.17.30/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2004-10-09 21:07:28.000000000 -0400
+++ policy-1.17.30/macros/program/apache_macros.te 2005-06-10 06:52:30.000000000 -0400
More information about the fedora-cvs-commits
mailing list