rpms/selinux-policy-strict/devel policy-20050606.patch, 1.6, 1.7 selinux-policy-strict.spec, 1.324, 1.325
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 15 18:38:29 UTC 2005
- Previous message (by thread): rpms/system-config-securitylevel/FC-4 .cvsignore, 1.32, 1.33 sources, 1.39, 1.40 system-config-securitylevel.spec, 1.43, 1.44
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050606.patch, 1.5, 1.6 selinux-policy-targeted.spec, 1.318, 1.319
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15538
Modified Files:
policy-20050606.patch selinux-policy-strict.spec
Log Message:
* Wed Jun 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.18-7
- Fixed for new cups domain hplip
policy-20050606.patch:
Makefile | 5
attrib.te | 2
domains/misc/kernel.te | 7 -
domains/misc/local.te | 5
domains/program/fsadm.te | 5
domains/program/init.te | 4
domains/program/initrc.te | 10 +
domains/program/klogd.te | 2
domains/program/login.te | 2
domains/program/modutil.te | 2
domains/program/mount.te | 2
domains/program/restorecon.te | 5
domains/program/ssh.te | 2
domains/program/syslogd.te | 2
domains/program/unused/acct.te | 2
domains/program/unused/alsa.te | 17 ++
domains/program/unused/apache.te | 2
domains/program/unused/bonobo.te | 9 +
domains/program/unused/consoletype.te | 2
domains/program/unused/cups.te | 30 ++++
domains/program/unused/dhcpc.te | 5
domains/program/unused/ethereal.te | 48 ++++++
domains/program/unused/evolution.te | 13 +
domains/program/unused/gconf.te | 12 +
domains/program/unused/gift.te | 1
domains/program/unused/gnome.te | 7 +
domains/program/unused/gnome_vfs.te | 9 +
domains/program/unused/i18n_input.te | 1
domains/program/unused/iceauth.te | 12 +
domains/program/unused/mysqld.te | 2
domains/program/unused/orbit.te | 7 +
domains/program/unused/pam.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/ping.te | 2
domains/program/unused/rpcd.te | 3
domains/program/unused/thunderbird.te | 9 +
domains/program/unused/udev.te | 2
domains/program/unused/utempter.te | 5
domains/program/unused/xdm.te | 20 ++
domains/program/unused/xserver.te | 3
file_contexts/distros.fc | 3
file_contexts/program/alsa.fc | 3
file_contexts/program/apache.fc | 2
file_contexts/program/bonobo.fc | 1
file_contexts/program/cups.fc | 3
file_contexts/program/ethereal.fc | 3
file_contexts/program/evolution.fc | 8 +
file_contexts/program/fontconfig.fc | 6
file_contexts/program/gconf.fc | 5
file_contexts/program/gnome.fc | 8 +
file_contexts/program/gnome_vfs.fc | 1
file_contexts/program/iceauth.fc | 3
file_contexts/program/mozilla.fc | 3
file_contexts/program/orbit.fc | 3
file_contexts/program/thunderbird.fc | 2
file_contexts/program/xauth.fc | 1
file_contexts/program/xdm.fc | 1
file_contexts/program/xserver.fc | 2
file_contexts/types.fc | 2
macros/admin_macros.te | 8 -
macros/base_user_macros.te | 36 ++++-
macros/global_macros.te | 37 ++---
macros/program/bonobo_macros.te | 119 +++++++++++++++++
macros/program/dbusd_macros.te | 3
macros/program/ethereal_macros.te | 82 +++++++++++
macros/program/evolution_macros.te | 238 ++++++++++++++++++++++++++++++++++
macros/program/fontconfig_macros.te | 38 ++++-
macros/program/games_domain.te | 38 +----
macros/program/gconf_macros.te | 55 +++++++
macros/program/gift_macros.te | 57 ++------
macros/program/gnome_macros.te | 115 ++++++++++++++++
macros/program/gnome_vfs_macros.te | 49 +++++++
macros/program/gpg_agent_macros.te | 1
macros/program/gpg_macros.te | 3
macros/program/ice_macros.te | 38 +++++
macros/program/iceauth_macros.te | 39 +++++
macros/program/lpr_macros.te | 3
macros/program/mail_client_macros.te | 60 ++++++++
macros/program/mozilla_macros.te | 63 +++------
macros/program/orbit_macros.te | 44 ++++++
macros/program/spamassassin_macros.te | 7 -
macros/program/ssh_agent_macros.te | 3
macros/program/thunderbird_macros.te | 59 ++++++++
macros/program/userhelper_macros.te | 3
macros/program/x_client_macros.te | 12 -
macros/program/xauth_macros.te | 2
macros/program/xdm_macros.te | 11 +
macros/program/xserver_macros.te | 17 +-
macros/user_macros.te | 4
mls | 41 ++---
net_contexts | 29 ++--
targeted/domains/program/crond.te | 2
targeted/domains/unconfined.te | 3
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/device.te | 7 +
types/devpts.te | 2
types/file.te | 4
types/network.te | 8 -
types/security.te | 2
100 files changed, 1424 insertions(+), 269 deletions(-)
Index: policy-20050606.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050606.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- policy-20050606.patch 13 Jun 2005 19:14:12 -0000 1.6
+++ policy-20050606.patch 15 Jun 2005 18:38:26 -0000 1.7
@@ -282,7 +282,7 @@
role system_r types consoletype_t;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.18/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-06-01 06:11:22.000000000 -0400
-+++ policy-1.23.18/domains/program/unused/cups.te 2005-06-08 09:04:15.000000000 -0400
++++ policy-1.23.18/domains/program/unused/cups.te 2005-06-15 11:14:26.000000000 -0400
@@ -150,6 +150,12 @@
allow ptal_t self:capability { chown sys_rawio };
allow ptal_t self:{ unix_dgram_socket unix_stream_socket } create_socket_perms;
@@ -296,6 +296,37 @@
allow ptal_t self:fifo_file rw_file_perms;
allow ptal_t device_t:dir read;
allow ptal_t printer_device_t:chr_file rw_file_perms;
+@@ -166,6 +172,30 @@
+ allow initrc_t ptal_var_run_t:fifo_file unlink;
+
+
++# HPLIP
++type hplip_port_t, port_type, reserved_port_type;
++daemon_domain(hplip)
++etcdir_domain(hplip)
++allow hplip_t etc_t:file r_file_perms;
++allow hplip_t printer_device_t:chr_file rw_file_perms;
++allow cupsd_t hplip_var_run_t:file { read getattr };
++allow hplip_t cupsd_etc_t:dir search;
++can_network(hplip_t)
++allow hplip_t { hplip_port_t ipp_port_t }:tcp_socket name_connect;
++allow hplip_t hplip_port_t:tcp_socket name_bind;
++
++# Uses networking to talk to the daemons
++allow hplip_t self:unix_dgram_socket create_socket_perms;
++allow hplip_t self:unix_stream_socket create_socket_perms;
++
++# for python
++can_exec(hplip_t, bin_t)
++allow hplip_t { sbin_t bin_t }:dir search;
++allow hplip_t self:file { getattr read };
++allow hplip_t proc_t:file r_file_perms;
++allow hplip_t urandom_device_t:chr_file { getattr read };
++allow hplip_t usr_t:{ file lnk_file } r_file_perms;
++
+ dontaudit cupsd_t selinux_config_t:dir search;
+ dontaudit cupsd_t selinux_config_t:file { getattr read };
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.23.18/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2005-04-27 10:28:50.000000000 -0400
+++ policy-1.23.18/domains/program/unused/dhcpc.te 2005-06-13 11:52:32.000000000 -0400
@@ -461,6 +492,18 @@
+
+# Everything else is in the iceauth_domain macro in
+# macros/program/iceauth_macros.te.
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.23.18/domains/program/unused/mysqld.te
+--- nsapolicy/domains/program/unused/mysqld.te 2005-05-25 11:28:10.000000000 -0400
++++ policy-1.23.18/domains/program/unused/mysqld.te 2005-06-15 10:44:50.000000000 -0400
+@@ -10,7 +10,7 @@
+ #
+ # mysqld_exec_t is the type of the mysqld executable.
+ #
+-daemon_domain(mysqld)
++daemon_domain(mysqld, `, nscd_client_domain')
+
+ type mysqld_port_t, port_type;
+ allow mysqld_t mysqld_port_t:tcp_socket name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/orbit.te policy-1.23.18/domains/program/unused/orbit.te
--- nsapolicy/domains/program/unused/orbit.te 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.18/domains/program/unused/orbit.te 2005-06-08 09:04:15.000000000 -0400
@@ -670,6 +713,18 @@
+++ policy-1.23.18/file_contexts/program/bonobo.fc 2005-06-08 09:04:15.000000000 -0400
@@ -0,0 +1 @@
+/usr/libexec/bonobo-activation-server -- system_u:object_r:bonobo_exec_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cups.fc policy-1.23.18/file_contexts/program/cups.fc
+--- nsapolicy/file_contexts/program/cups.fc 2005-06-01 06:11:22.000000000 -0400
++++ policy-1.23.18/file_contexts/program/cups.fc 2005-06-14 12:32:19.000000000 -0400
+@@ -35,5 +35,8 @@
+ /usr/sbin/ptal-photod -- system_u:object_r:ptal_exec_t
+ /var/run/ptal-printd(/.*)? system_u:object_r:ptal_var_run_t
+ /var/run/ptal-mlcd(/.*)? system_u:object_r:ptal_var_run_t
++/etc/hp(/.*)? system_u:object_r:hplip_etc_t
++/usr/sbin/hpiod -- system_u:object_r:hplip_exec_t
++/usr/share/hplip/hpssd.py -- system_u:object_r:hplip_exec_t
+ /usr/share/foomatic/db/oldprinterids -- system_u:object_r:cupsd_rw_etc_t
+ /var/cache/foomatic(/.*)? -- system_u:object_r:cupsd_rw_etc_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ethereal.fc policy-1.23.18/file_contexts/program/ethereal.fc
--- nsapolicy/file_contexts/program/ethereal.fc 1969-12-31 19:00:00.000000000 -0500
+++ policy-1.23.18/file_contexts/program/ethereal.fc 2005-06-08 09:04:15.000000000 -0400
@@ -789,7 +844,7 @@
/tmp/\.ICE-unix/.* -s <<none>>
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.18/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2005-06-01 06:11:22.000000000 -0400
-+++ policy-1.23.18/file_contexts/types.fc 2005-06-08 09:04:15.000000000 -0400
++++ policy-1.23.18/file_contexts/types.fc 2005-06-14 12:46:58.000000000 -0400
@@ -249,6 +249,7 @@
/dev/dri/.+ -c system_u:object_r:dri_device_t
/dev/radeon -c system_u:object_r:dri_device_t
@@ -2721,7 +2776,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.23.18/net_contexts
--- nsapolicy/net_contexts 2005-05-25 11:28:09.000000000 -0400
-+++ policy-1.23.18/net_contexts 2005-06-08 22:57:41.000000000 -0400
++++ policy-1.23.18/net_contexts 2005-06-15 11:13:48.000000000 -0400
@@ -50,19 +50,25 @@
portcon udp 53 system_u:object_r:dns_port_t
portcon tcp 53 system_u:object_r:dns_port_t
@@ -2776,11 +2831,15 @@
')
ifdef(`nessusd.te', `portcon tcp 1241 system_u:object_r:nessus_port_t')
ifdef(`monopd.te', `portcon tcp 1234 system_u:object_r:monopd_port_t')
-@@ -191,6 +191,7 @@
+@@ -191,6 +191,11 @@
')
ifdef(`postgresql.te', `portcon tcp 5432 system_u:object_r:postgresql_port_t')
ifdef(`nrpe.te', `portcon tcp 5666 system_u:object_r:inetd_child_port_t')
-+ifdef(`cups.te', `portcon tcp 5703 system_u:object_r:ptal_port_t')
++ifdef(`cups.te', `
++portcon tcp 5703 system_u:object_r:ptal_port_t
++portcon tcp 50000 system_u:object_r:hplip_port_t
++portcon tcp 50002 system_u:object_r:hplip_port_t
++')
ifdef(`xdm.te', `
portcon tcp 5900 system_u:object_r:vnc_port_t
')
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.324
retrieving revision 1.325
diff -u -r1.324 -r1.325
--- selinux-policy-strict.spec 14 Jun 2005 13:49:58 -0000 1.324
+++ selinux-policy-strict.spec 15 Jun 2005 18:38:26 -0000 1.325
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.23.18
-Release: 6
+Release: 7
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -227,6 +227,9 @@
exit 0
%changelog
+* Wed Jun 15 2005 Dan Walsh <dwalsh at redhat.com> 1.23.18-7
+- Fixed for new cups domain hplip
+
* Mon Jun 13 2005 Dan Walsh <dwalsh at redhat.com> 1.23.18-6
- Further cleanup of user separation patches from Ivan
- Previous message (by thread): rpms/system-config-securitylevel/FC-4 .cvsignore, 1.32, 1.33 sources, 1.39, 1.40 system-config-securitylevel.spec, 1.43, 1.44
- Next message (by thread): rpms/selinux-policy-targeted/devel policy-20050606.patch, 1.5, 1.6 selinux-policy-targeted.spec, 1.318, 1.319
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list