rpms/selinux-policy-strict/devel policy-20050606.patch,NONE,1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 8 12:28:05 UTC 2005
- Previous message (by thread): rpms/bash/devel bash.spec,1.77,1.78 dot-bashrc,1.3,1.4
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050606.patch, NONE, 1.1 .cvsignore, 1.110, 1.111 selinux-policy-targeted.spec, 1.313, 1.314 sources, 1.116, 1.117
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28736
Added Files:
policy-20050606.patch
Log Message:
* Mon Jun 6 2005 Dan Walsh <dwalsh at redhat.com> 1.23.18-1
- Upgrade from NSA
* Merged minor fixes to pppd.fc and courier.te by Russell Coker.
* Removed devfsd policy as suggested by Russell Coker.
* Merged patch from Dan Walsh. Includes beginnings of Ivan
Gyurdiev's Font Config policy. Don't transition to fsadm_t from
unconfined_t (sysadm_t) in targeted policy. Add support for
debugfs in modutil. Allow automount to create and delete
directories in /root and /home dirs. Move can_ypbind to
chkpwd_macro.te. Allow useradd to create additional files and
types via the skell mechanism. Other minor cleanups and fixes.
policy-20050606.patch:
ChangeLog | 11 -
VERSION | 2
attrib.te | 2
domains/misc/kernel.te | 7
domains/program/bonobo.te | 9 +
domains/program/ethereal.te | 48 ++++++
domains/program/fsadm.te | 4
domains/program/gnome_vfs.te | 9 +
domains/program/init.te | 4
domains/program/initrc.te | 2
domains/program/klogd.te | 2
domains/program/login.te | 2
domains/program/modutil.te | 2
domains/program/mount.te | 2
domains/program/restorecon.te | 2
domains/program/ssh.te | 2
domains/program/syslogd.te | 2
domains/program/unused/acct.te | 2
domains/program/unused/bonobo.te | 9 +
domains/program/unused/consoletype.te | 2
domains/program/unused/courier.te | 2
domains/program/unused/cups.te | 6
domains/program/unused/devfsd.te | 93 ++++++++++++
domains/program/unused/ethereal.te | 73 +++++++++
domains/program/unused/evolution.te | 13 +
domains/program/unused/gconf.te | 12 +
domains/program/unused/gift.te | 4
domains/program/unused/gnome.te | 7
domains/program/unused/i18n_input.te | 1
domains/program/unused/iceauth.te | 12 +
domains/program/unused/orbit.te | 7
domains/program/unused/pamconsole.te | 2
domains/program/unused/ping.te | 2
domains/program/unused/rpcd.te | 3
domains/program/unused/thunderbird.te | 9 +
domains/program/unused/udev.te | 2
domains/program/unused/xdm.te | 5
domains/program/unused/xserver.te | 4
file_contexts/distros.fc | 2
file_contexts/program/apache.fc | 2
file_contexts/program/bonobo.fc | 1
file_contexts/program/devfsd.fc | 4
file_contexts/program/ethereal.fc | 3
file_contexts/program/evolution.fc | 8 +
file_contexts/program/fontconfig.fc | 6
file_contexts/program/gconf.fc | 5
file_contexts/program/gnome.fc | 9 +
file_contexts/program/gnome_vfs.fc | 1
file_contexts/program/iceauth.fc | 3
file_contexts/program/mozilla.fc | 3
file_contexts/program/orbit.fc | 3
file_contexts/program/pppd.fc | 2
file_contexts/program/thunderbird.fc | 2
file_contexts/program/xserver.fc | 2
file_contexts/types.fc | 1
macros/base_user_macros.te | 29 +++
macros/global_macros.te | 60 +++++---
macros/program/bonobo_macros.te | 118 ++++++++++++++++
macros/program/ethereal_macros.te | 61 ++++++++
macros/program/evolution_macros.te | 249 ++++++++++++++++++++++++++++++++++
macros/program/fontconfig_macros.te | 37 ++++-
macros/program/games_domain.te | 41 ++---
macros/program/gconf_macros.te | 56 +++++++
macros/program/gift_macros.te | 62 ++------
macros/program/gnome_macros.te | 113 +++++++++++++++
macros/program/gnome_vfs_macros.te | 49 ++++++
macros/program/ice_macros.te | 44 ++++++
macros/program/iceauth_macros.te | 34 ++++
macros/program/mail_client_macros.te | 60 ++++++++
macros/program/mozilla_macros.te | 61 +++-----
macros/program/orbit_macros.te | 48 ++++++
macros/program/spamassassin_macros.te | 7
macros/program/thunderbird_macros.te | 59 ++++++++
macros/program/x_client_macros.te | 9 -
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 17 +-
mls | 41 ++---
net_contexts | 30 ++--
selinux-policy-strict.spec | 2
selinux-policy-targeted.spec | 2
targeted/domains/program/crond.te | 2
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 2
types/file.te | 2
types/network.te | 8 -
types/security.te | 2
87 files changed, 1509 insertions(+), 243 deletions(-)
--- NEW FILE policy-20050606.patch ---
diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.23.17/attrib.te
--- nsapolicy/attrib.te 2005-05-25 11:28:09.000000000 -0400
+++ policy-1.23.17/attrib.te 2005-06-07 14:49:57.000000000 -0400
@@ -30,7 +30,7 @@
attribute mlsnetwritetoclr;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
-attribute mlsnetbindall;
+attribute mlsnetrecvall;
attribute mlsipcread;
attribute mlsipcreadtoclr;
diff --exclude-from=exclude -N -u -r nsapolicy/ChangeLog policy-1.23.17/ChangeLog
--- nsapolicy/ChangeLog 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/ChangeLog 2005-05-25 11:28:29.000000000 -0400
@@ -1,14 +1,3 @@
-1.23.18 2005-05-31
- * Merged minor fixes to pppd.fc and courier.te by Russell Coker.
- * Removed devfsd policy as suggested by Russell Coker.
- * Merged patch from Dan Walsh. Includes beginnings of Ivan
- Gyurdiev's Font Config policy. Don't transition to fsadm_t from
- unconfined_t (sysadm_t) in targeted policy. Add support for
- debugfs in modutil. Allow automount to create and delete
- directories in /root and /home dirs. Move can_ypbind to
- chkpwd_macro.te. Allow useradd to create additional files and
- types via the skell mechanism. Other minor cleanups and fixes.
-
1.23.17 2005-05-23
* Merged minor fixes by Petre Rodan to the daemontools, dante,
gpg, kerberos, and ucspi-tcp policies.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.17/domains/misc/kernel.te
--- nsapolicy/domains/misc/kernel.te 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/domains/misc/kernel.te 2005-06-07 15:03:08.000000000 -0400
@@ -11,7 +11,7 @@
# kernel_t is the domain of kernel threads.
# It is also the target type when checking permissions in the system class.
#
-type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread, mlsprocwrite, privsysmod ifdef(`nfs_export_all_rw',`,etc_writer') ;
+type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread, mlsprocwrite, privsysmod ifdef(`nfs_export_all_rw',`,etc_writer'), privrangetrans ;
role system_r types kernel_t;
general_domain_access(kernel_t)
general_proc_read_access(kernel_t)
@@ -28,6 +28,11 @@
# Run init in the init_t domain.
domain_auto_trans(kernel_t, init_exec_t, init_t)
+ifdef(`mls_policy', `
+# run init with maximum MLS range
+range_transition kernel_t init_exec_t s0 - s9:c0.c127;
+')
+
# Share state with the init process.
allow kernel_t init_t:process share;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/bonobo.te policy-1.23.17/domains/program/bonobo.te
--- nsapolicy/domains/program/bonobo.te 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.17/domains/program/bonobo.te 2005-06-06 11:20:52.000000000 -0400
@@ -0,0 +1,9 @@
+# DESC - Bonobo Activation Server
+#
+# Author: Ivan Gyurdiev <ivg2 at cornell.edu>
+#
+
+# Type for executable
+type bonobo_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/bonobo_macros.te
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ethereal.te policy-1.23.17/domains/program/ethereal.te
--- nsapolicy/domains/program/ethereal.te 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.17/domains/program/ethereal.te 2005-06-06 11:20:52.000000000 -0400
@@ -0,0 +1,48 @@
+# DESC - Ethereal
+#
+# Author: Ivan Gyurdiev <ivg2 at cornell.edu>
+#
+
+# Type for executables
+type tethereal_exec_t, file_type, exec_type, sysadmfile;
+type ethereal_exec_t, file_type, exec_type, sysadmfile;
+
+########################################################
+# Tethereal
+#
+
+# Type for program
+type tethereal_t, domain, nscd_client_domain;
+
+# Transition from sysadm type
+domain_auto_trans(sysadm_t, tethereal_exec_t, tethereal_t)
+role sysadm_r types tethereal_t;
+
+uses_shlib(tethereal_t)
+read_locale(tethereal_t)
+
+# Terminal output
+access_terminal(tethereal_t, sysadm)
+
+# /proc
+read_sysctl(tethereal_t)
+allow tethereal_t { self proc_t }:dir { read search getattr };
+allow tethereal_t { self proc_t }:{ file lnk_file } { read getattr };
+
+# Access root
+allow tethereal_t root_t:dir search;
+
+# Read ethereal files in /usr
+allow tethereal_t usr_t:file { read getattr };
+
+# /etc/nsswitch.conf
+allow tethereal_t etc_t:file { read getattr };
+
+# Ethereal sysadm rules
+ethereal_networking(tethereal)
+
+# FIXME: policy is incomplete
+
+#####################################
+# Ethereal (GNOME) policy can be found
+# in ethereal_macros.te
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.23.17/domains/program/fsadm.te
--- nsapolicy/domains/program/fsadm.te 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/domains/program/fsadm.te 2005-06-07 14:51:48.000000000 -0400
@@ -12,14 +12,14 @@
# administration.
# fsadm_exec_t is the type of the corresponding programs.
#
-type fsadm_t, domain, privlog, fs_domain;
+type fsadm_t, domain, privlog, fs_domain, mlsfileread;
role system_r types fsadm_t;
role sysadm_r types fsadm_t;
general_domain_access(fsadm_t)
# for swapon
-allow fsadm_t sysfs_t:dir { search getattr };
+r_dir_file(fsadm_t, sysfs_t)
# Read system information files in /proc.
r_dir_file(fsadm_t, proc_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/gnome_vfs.te policy-1.23.17/domains/program/gnome_vfs.te
--- nsapolicy/domains/program/gnome_vfs.te 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.17/domains/program/gnome_vfs.te 2005-06-06 11:20:52.000000000 -0400
@@ -0,0 +1,9 @@
+# DESC - GNOME VFS Daemon
+#
+# Author: Ivan Gyurdiev <ivg2 at cornell.edu>
+#
+
+# Type for executable
+type gnome_vfs_exec_t, file_type, exec_type, sysadmfile;
+
+# Everything else is in macros/gnome_vfs_macros.te
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.23.17/domains/program/initrc.te
--- nsapolicy/domains/program/initrc.te 2005-05-25 11:28:09.000000000 -0400
+++ policy-1.23.17/domains/program/initrc.te 2005-06-07 14:51:48.000000000 -0400
@@ -12,7 +12,7 @@
# initrc_exec_t is the type of the init program.
#
# do not use privmail for sendmail as it creates a type transition conflict
-type initrc_t, fs_domain, ifdef(`unlimitedRC', `admin, etc_writer, privmem, auth_write, ') domain, privlog, privowner, privmodule, ifdef(`sendmail.te', `', `privmail,') ifdef(`distro_debian', `etc_writer, ') sysctl_kernel_writer, nscd_client_domain;
+type initrc_t, fs_domain, ifdef(`unlimitedRC', `admin, etc_writer, privmem, auth_write, ') domain, privlog, privowner, privmodule, ifdef(`sendmail.te', `', `privmail,') ifdef(`distro_debian', `etc_writer, ') sysctl_kernel_writer, nscd_client_domain, mlsfileread, mlsfilewrite, mlsprocread, mlsprocwrite;
role system_r types initrc_t;
uses_shlib(initrc_t);
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/init.te policy-1.23.17/domains/program/init.te
--- nsapolicy/domains/program/init.te 2005-05-25 11:28:09.000000000 -0400
+++ policy-1.23.17/domains/program/init.te 2005-06-07 14:51:48.000000000 -0400
@@ -14,11 +14,11 @@
# by init during initialization. This pipe is used
# to communicate with init.
#
-type init_t, domain, privlog, sysctl_kernel_writer, nscd_client_domain;
+type init_t, domain, privlog, sysctl_kernel_writer, nscd_client_domain, mlsrangetrans, mlsfileread, mlsfilewrite;
role system_r types init_t;
uses_shlib(init_t);
type init_exec_t, file_type, sysadmfile, exec_type;
-type initctl_t, file_type, sysadmfile, dev_fs;
+type initctl_t, file_type, sysadmfile, dev_fs, mlstrustedobject;
# for init to determine whether SE Linux is active so it can know whether to
# activate it
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/klogd.te policy-1.23.17/domains/program/klogd.te
--- nsapolicy/domains/program/klogd.te 2005-05-25 11:28:09.000000000 -0400
+++ policy-1.23.17/domains/program/klogd.te 2005-06-07 14:51:48.000000000 -0400
@@ -8,7 +8,7 @@
#
# Rules for the klogd_t domain.
#
-daemon_domain(klogd, `, privmem, privkmsg')
+daemon_domain(klogd, `, privmem, privkmsg, mlsfileread')
tmp_domain(klogd)
allow klogd_t proc_t:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.23.17/domains/program/login.te
--- nsapolicy/domains/program/login.te 2005-05-25 11:28:09.000000000 -0400
+++ policy-1.23.17/domains/program/login.te 2005-06-07 14:51:48.000000000 -0400
@@ -13,7 +13,7 @@
# $1 is the name of the domain (local or remote)
[...2395 lines suppressed...]
portcon tcp 53 system_u:object_r:dns_port_t
-ifdef(`use_dhcpd', `portcon udp 67 system_u:object_r:dhcpd_port_t')
-ifdef(`dhcpc.te', `portcon udp 68 system_u:object_r:dhcpc_port_t')
+ifdef(`dhcpc.te', `
+portcon udp 67 system_u:object_r:dhcpd_port_t
+portcon udp 68 system_u:object_r:dhcpc_port_t
+')
ifdef(`tftpd.te', `portcon udp 69 system_u:object_r:tftp_port_t')
ifdef(`fingerd.te', `portcon tcp 79 system_u:object_r:fingerd_port_t')
portcon tcp 80 system_u:object_r:http_port_t
portcon tcp 443 system_u:object_r:http_port_t
-ifdef(`use_pop', `
portcon tcp 106 system_u:object_r:pop_port_t
portcon tcp 109 system_u:object_r:pop_port_t
portcon tcp 110 system_u:object_r:pop_port_t
-')
+portcon tcp 143 system_u:object_r:pop_port_t
+portcon tcp 220 system_u:object_r:pop_port_t
+portcon tcp 993 system_u:object_r:pop_port_t
+portcon tcp 995 system_u:object_r:pop_port_t
+portcon tcp 1109 system_u:object_r:pop_port_t
+
portcon udp 111 system_u:object_r:portmap_port_t
portcon tcp 111 system_u:object_r:portmap_port_t
@@ -77,10 +83,6 @@
portcon udp 139 system_u:object_r:nmbd_port_t
portcon tcp 445 system_u:object_r:smbd_port_t
-ifdef(`use_pop', `
-portcon tcp 143 system_u:object_r:pop_port_t
-portcon tcp 220 system_u:object_r:pop_port_t
-')
ifdef(`snmpd.te', `
portcon udp 161 system_u:object_r:snmp_port_t
portcon udp 162 system_u:object_r:snmp_port_t
@@ -131,10 +133,13 @@
')
ifdef(`swat.te', `portcon tcp 901 system_u:object_r:swat_port_t')
ifdef(`named.te', `portcon tcp 953 system_u:object_r:rndc_port_t')
-ifdef(`use_pop', `
-portcon tcp 993 system_u:object_r:pop_port_t
-portcon tcp 995 system_u:object_r:pop_port_t
-portcon tcp 1109 system_u:object_r:pop_port_t
+ifdef(`gift.te', `
+portcon tcp 1213 system_u:object_r:giftd_port_t
+portcon tcp 1214 system_u:object_r:giftd_fasttrack_port_t
+portcon udp 1214 system_u:object_r:giftd_fasttrack_port_t
+portcon tcp 2141 system_u:object_r:giftd_openft_port_t
+portcon tcp 2513 system_u:object_r:giftd_openft_port_t
+portcon tcp 3606 system_u:object_r:giftd_gnutella_port_t
')
ifdef(`nessusd.te', `portcon tcp 1241 system_u:object_r:nessus_port_t')
ifdef(`monopd.te', `portcon tcp 1234 system_u:object_r:monopd_port_t')
@@ -191,6 +196,7 @@
')
ifdef(`postgresql.te', `portcon tcp 5432 system_u:object_r:postgresql_port_t')
ifdef(`nrpe.te', `portcon tcp 5666 system_u:object_r:inetd_child_port_t')
+ifdef(`cups.te', `portcon tcp 5703 system_u:object_r:ptal_port_t')
ifdef(`xdm.te', `
portcon tcp 5900 system_u:object_r:vnc_port_t
')
diff --exclude-from=exclude -N -u -r nsapolicy/selinux-policy-strict.spec policy-1.23.17/selinux-policy-strict.spec
--- nsapolicy/selinux-policy-strict.spec 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/selinux-policy-strict.spec 2005-05-25 11:28:29.000000000 -0400
@@ -6,7 +6,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
-Version: 1.23.18
+Version: 1.23.17
Release: 1
License: GPL
Group: System Environment/Base
diff --exclude-from=exclude -N -u -r nsapolicy/selinux-policy-targeted.spec policy-1.23.17/selinux-policy-targeted.spec
--- nsapolicy/selinux-policy-targeted.spec 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/selinux-policy-targeted.spec 2005-05-25 11:28:29.000000000 -0400
@@ -6,7 +6,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
-Version: 1.23.18
+Version: 1.23.17
Release: 1
License: GPL
Group: System Environment/Base
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.23.17/targeted/domains/program/crond.te
--- nsapolicy/targeted/domains/program/crond.te 2005-06-01 06:11:23.000000000 -0400
+++ policy-1.23.17/targeted/domains/program/crond.te 2005-05-28 01:19:02.000000000 -0400
@@ -17,13 +17,11 @@
type system_crond_tmp_t, file_type, tmpfile, sysadmfile;
type system_cron_spool_t, file_type, sysadmfile;
type sysadm_cron_spool_t, file_type, sysadmfile;
-type crond_log_t, file_type, sysadmfile;
role system_r types crond_t;
domain_auto_trans(initrc_t, crond_exec_t, crond_t)
domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
unconfined_domain(crond_t)
# Access log files
-file_type_auto_trans(crond_t, var_log_t, crond_log_t, file)
file_type_auto_trans(crond_t, user_home_dir_t, user_home_t)
file_type_auto_trans(crond_t, tmp_t, system_crond_tmp_t)
allow crond_t initrc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.17/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2005-02-24 14:51:09.000000000 -0500
+++ policy-1.23.17/tunables/distro.tun 2005-05-28 01:14:00.000000000 -0400
@@ -5,7 +5,7 @@
# appropriate ifdefs.
-dnl define(`distro_redhat')
+define(`distro_redhat')
dnl define(`distro_suse')
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.23.17/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2005-05-25 11:28:11.000000000 -0400
+++ policy-1.23.17/tunables/tunable.tun 2005-05-28 01:14:00.000000000 -0400
@@ -2,7 +2,7 @@
dnl define(`user_can_mount')
# Allow rpm to run unconfined.
-dnl define(`unlimitedRPM')
+define(`unlimitedRPM')
# Allow privileged utilities like hotplug and insmod to run unconfined.
dnl define(`unlimitedUtils')
@@ -20,7 +20,7 @@
# Do not audit things that we know to be broken but which
# are not security risks
-dnl define(`hide_broken_symptoms')
+define(`hide_broken_symptoms')
# Allow user_r to reach sysadm_r via su, sudo, or userhelper.
# Otherwise, only staff_r can do so.
diff --exclude-from=exclude -N -u -r nsapolicy/types/devpts.te policy-1.23.17/types/devpts.te
--- nsapolicy/types/devpts.te 2005-05-25 11:28:11.000000000 -0400
+++ policy-1.23.17/types/devpts.te 2005-06-07 14:51:32.000000000 -0400
@@ -10,7 +10,7 @@
#
# ptmx_t is the type for /dev/ptmx.
#
-type ptmx_t, sysadmfile, device_type, dev_fs;
+type ptmx_t, sysadmfile, device_type, dev_fs, mlstrustedobject;
#
# devpts_t is the type of the devpts file system and
diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.23.17/types/file.te
--- nsapolicy/types/file.te 2005-05-25 11:28:11.000000000 -0400
+++ policy-1.23.17/types/file.te 2005-06-06 11:21:44.000000000 -0400
@@ -26,7 +26,7 @@
type usbfs_t, mount_point, fs_type;
type nfsd_fs_t, fs_type;
type rpc_pipefs_t, fs_type;
-type binfmt_misc_fs_t, mount_point, fs_type;
+type binfmt_misc_fs_t, fs_type;
#
# file_t is the default type of a file that has not yet been
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.17/types/network.te
--- nsapolicy/types/network.te 2005-05-25 11:28:11.000000000 -0400
+++ policy-1.23.17/types/network.te 2005-06-06 11:22:45.000000000 -0400
@@ -33,15 +33,7 @@
type ipp_port_t, port_type, reserved_port_type;
allow web_client_domain { http_cache_port_t http_port_t }:tcp_socket name_connect;
-ifdef(`cyrus.te', `define(`use_pop')')
-ifdef(`courier.te', `define(`use_pop')')
-ifdef(`perdition.te', `define(`use_pop')')
-ifdef(`dovecot.te', `define(`use_pop')')
-ifdef(`uwimapd.te', `define(`use_pop')')
-ifdef(`fetchmail.te', `define(`use_pop')')
-ifdef(`use_pop', `
type pop_port_t, port_type, reserved_port_type;
-')
type ftp_port_t, port_type, reserved_port_type;
type ftp_data_port_t, port_type, reserved_port_type;
diff --exclude-from=exclude -N -u -r nsapolicy/types/security.te policy-1.23.17/types/security.te
--- nsapolicy/types/security.te 2005-05-25 11:28:11.000000000 -0400
+++ policy-1.23.17/types/security.te 2005-06-07 14:51:32.000000000 -0400
@@ -12,7 +12,7 @@
# the permissions in the security class. It is also
# applied to selinuxfs inodes.
#
-type security_t, mount_point, fs_type;
+type security_t, fs_type, mlstrustedobject;
#
# policy_config_t is the type of /etc/security/selinux/*
diff --exclude-from=exclude -N -u -r nsapolicy/VERSION policy-1.23.17/VERSION
--- nsapolicy/VERSION 2005-06-01 06:11:22.000000000 -0400
+++ policy-1.23.17/VERSION 2005-05-25 11:28:27.000000000 -0400
@@ -1 +1 @@
-1.23.18
+1.23.17
- Previous message (by thread): rpms/bash/devel bash.spec,1.77,1.78 dot-bashrc,1.3,1.4
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050606.patch, NONE, 1.1 .cvsignore, 1.110, 1.111 selinux-policy-targeted.spec, 1.313, 1.314 sources, 1.116, 1.117
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list