rpms/selinux-policy-targeted/devel policy-20050322.patch,1.7,1.8
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Mar 29 16:41:42 UTC 2005
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv3198
Modified Files:
policy-20050322.patch
Log Message:
* Thu Mar 23 2005 Dan Walsh <dwalsh at redhat.com> 1.23.5-2
- Handle booleans.local
policy-20050322.patch:
Makefile | 57 ++++++++++++++++++-----------------
domains/program/ssh.te | 1
domains/program/syslogd.te | 16 ++++-----
domains/program/unused/apache.te | 2 +
domains/program/unused/canna.te | 2 +
domains/program/unused/cups.te | 4 +-
domains/program/unused/hald.te | 1
domains/program/unused/mailman.te | 2 -
domains/program/unused/mta.te | 2 -
domains/program/unused/named.te | 3 +
domains/program/unused/nscd.te | 1
domains/program/unused/pamconsole.te | 9 ++++-
domains/program/unused/samba.te | 2 -
domains/program/unused/squid.te | 9 +++--
domains/program/unused/udev.te | 3 +
domains/program/unused/winbind.te | 7 ++--
domains/program/unused/xdm.te | 1
file_contexts/distros.fc | 13 +++++--
file_contexts/program/apache.fc | 1
file_contexts/program/named.fc | 2 +
file_contexts/program/nscd.fc | 1
file_contexts/program/ssh.fc | 1
macros/program/apache_macros.te | 3 +
macros/program/games_domain.te | 20 +++++++++++-
macros/program/gift_macros.te | 15 +++++++--
macros/program/mozilla_macros.te | 27 ++++++++++++++--
macros/program/ssh_macros.te | 19 ++++++++++-
macros/program/tvtime_macros.te | 14 +++++++-
macros/program/x_client_macros.te | 39 -----------------------
net_contexts | 15 ++++-----
targeted/domains/program/ssh.te | 1
tunables/distro.tun | 2 -
tunables/tunable.tun | 12 +++----
types/file.te | 3 +
types/network.te | 20 +++---------
35 files changed, 191 insertions(+), 139 deletions(-)
Index: policy-20050322.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050322.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- policy-20050322.patch 29 Mar 2005 15:45:23 -0000 1.7
+++ policy-20050322.patch 29 Mar 2005 16:41:40 -0000 1.8
@@ -81,12 +81,12 @@
allow ptal_t self:unix_stream_socket { listen accept };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.5/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.5/domains/program/unused/hald.te 2005-03-29 10:38:09.000000000 -0500
++++ policy-1.23.5/domains/program/unused/hald.te 2005-03-29 10:44:55.000000000 -0500
@@ -31,6 +31,7 @@
allow hald_t usr_t:file { getattr read };
allow hald_t bin_t:file getattr;
-+allow hald_t self:netlink_socket create_netlink_socket_perms;
++allow hald_t self:netlink_socket create_socket_perms;
allow hald_t self:netlink_route_socket r_netlink_socket_perms;
allow hald_t self:capability { net_admin sys_admin dac_override dac_read_search mknod };
can_network_server(hald_t)
@@ -661,23 +661,31 @@
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.23.5/Makefile
--- nsapolicy/Makefile 2005-03-15 08:02:23.000000000 -0500
-+++ policy-1.23.5/Makefile 2005-03-28 14:24:52.000000000 -0500
++++ policy-1.23.5/Makefile 2005-03-29 11:37:15.000000000 -0500
@@ -77,12 +77,12 @@
all: policy
-tmp/valid_fc: $(APPFILES) $(ROOTFILES) $(LOADPATH) $(FCPATH)
-+tmp/valid_fc: $(ROOTFILES) $(FCPATH) $(APPDIR)/customizable_types
- @echo "Validating file_contexts ..."
- $(SETFILES) -q -c $(LOADPATH) $(FCPATH)
+- @echo "Validating file_contexts ..."
+- $(SETFILES) -q -c $(LOADPATH) $(FCPATH)
++tmp/valid_fc: $(LOADPATH) $(FC)
++ @echo "Validating file contexts files ..."
++ $(SETFILES) -q -c $(LOADPATH) $(FC)
@touch tmp/valid_fc
-install: tmp/valid_fc $(USERPATH)/local.users
-+install: tmp/valid_fc $(APPFILES) $(USERPATH)/local.users
++install: $(FCPATH) $(APPFILES) $(ROOTFILES) $(USERPATH)/local.users
$(USERPATH)/system.users: $(ALL_TUNABLES) $(USER_FILES) policy.conf
@mkdir -p $(USERPATH)
-@@ -96,7 +96,7 @@
+@@ -91,56 +91,57 @@
+ @echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
+ @echo "# Please edit local.users to make local changes." >> tmp/system.users
+ @echo "#" >> tmp/system.users
+- m4 $(ALL_TUNABLES) tmp/program_used_flags.te $(USER_FILES) | grep -v "^#" >> tmp/system.users
++ @m4 $(ALL_TUNABLES) tmp/program_used_flags.te $(USER_FILES) | grep -v "^#" >> tmp/system.users
+ install -m 644 tmp/system.users $@
$(USERPATH)/local.users: local.users
@mkdir -p $(USERPATH)
@@ -685,16 +693,123 @@
+ install -b -m 644 $< $@
$(CONTEXTPATH)/files/media: appconfig/media
- mkdir -p $(CONTEXTPATH)/files/
-@@ -139,7 +139,7 @@
- mkdir -p $(APPDIR)/users
+- mkdir -p $(CONTEXTPATH)/files/
++ @mkdir -p $(CONTEXTPATH)/files/
+ install -m 644 $< $@
+
+ $(APPDIR)/default_contexts: appconfig/default_contexts
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/removable_context: appconfig/removable_context
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/customizable_types: policy.conf
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ @grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > tmp/customizable_types
+ install -m 644 tmp/customizable_types $@
+
+ $(APPDIR)/default_type: appconfig/default_type
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/userhelper_context: appconfig/userhelper_context
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/initrc_context: appconfig/initrc_context
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/failsafe_context: appconfig/failsafe_context
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/dbus_contexts: appconfig/dbus_contexts
+- mkdir -p $(APPDIR)
++ @mkdir -p $(APPDIR)
+ install -m 644 $< $@
+
+ $(APPDIR)/users/root: appconfig/root_default_contexts
+- mkdir -p $(APPDIR)/users
++ @mkdir -p $(APPDIR)/users
install -m 644 $< $@
-$(LOADPATH): policy.conf $(CHECKPOLICY)
-+$(LOADPATH): tmp/valid_fc $(CHECKPOLICY)
- mkdir -p $(POLICYPATH)
+- mkdir -p $(POLICYPATH)
++$(LOADPATH): policy.conf $(CHECKPOLICY)
++ @echo "Compiling policy ..."
++ @mkdir -p $(POLICYPATH)
$(CHECKPOLICY) $(CHECKPOLMLS) -o $@ policy.conf
ifneq ($(MLS),y)
+ ifneq ($(VERS),18)
+@@ -159,10 +160,11 @@
+ $(CHECKPOLICY) -c 18 -o policy.18 policy.conf
+ endif
+ endif
+- @echo "Validating file_contexts ..."
++ @echo "Validating file contexts files ..."
+ $(SETFILES) -q -c $(POLICYVER) $(FC)
+
+ reload tmp/load: $(FCPATH) $(LOADPATH)
++ @echo "Loading Policy ..."
+ ifeq ($(VERS), $(KERNVERS))
+ $(LOADPOLICY) $(LOADPATH)
+ else
+@@ -177,18 +179,19 @@
+ mv policy.audit policy.conf
+
+ policy.conf: $(POLICYFILES) $(POLICY_DIRS)
+- mkdir -p tmp
++ @echo "Building policy.conf ..."
++ @mkdir -p tmp
+ m4 $(M4PARAM) -Imacros -s $(POLICYFILES) > $@.tmp
+- mv $@.tmp $@
++ @mv $@.tmp $@
+
+ install-src:
+ rm -rf $(SRCPATH)/policy.old
+ -mv $(SRCPATH)/policy $(SRCPATH)/policy.old
+- mkdir -p $(SRCPATH)/policy
++ @mkdir -p $(SRCPATH)/policy
+ cp -R . $(SRCPATH)/policy
+
+ tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
+- mkdir -p tmp
++ @mkdir -p tmp
+ ( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@.tmp
+ ( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@.tmp
+ mv $@.tmp $@
+@@ -205,17 +208,17 @@
+ $(SETFILES) $(FC) $(FILESYSTEMS)
+
+ file_contexts/misc:
+- mkdir -p file_contexts/misc
+-
++ @mkdir -p file_contexts/misc
+
+-$(FCPATH): $(FC) $(USERPATH)/system.users
++$(FCPATH): tmp/valid_fc $(USERPATH)/system.users $(APPDIR)/customizable_types
++ @echo "Installing file contexts files..."
+ @mkdir -p $(CONTEXTPATH)/files
+ install -m 644 $(FC) $(FCPATH)
+ install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH)
+ @$(GENHOMEDIRCON) -d $(TOPDIR) -t $(TYPE) $(USEPWD)
+
+ $(FC): $(ALL_TUNABLES) tmp/program_used_flags.te $(FCFILES) domains/program domains/misc file_contexts/program file_contexts/misc users /etc/passwd
+- @echo "Building file_contexts ..."
++ @echo "Building file contexts files..."
+ @m4 $(M4PARAM) $(ALL_TUNABLES) tmp/program_used_flags.te $(FCFILES) > $@.tmp
+ @grep -v -e HOME -e ROLE $@.tmp > $@
+ @grep -e HOME -e ROLE $@.tmp > $(HOMEDIR_TEMPLATE)
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.23.5/net_contexts
--- nsapolicy/net_contexts 2005-03-24 08:58:25.000000000 -0500
+++ policy-1.23.5/net_contexts 2005-03-28 10:21:45.000000000 -0500
@@ -756,6 +871,17 @@
ifdef(`clockspeed.te', `portcon udp 4041 system_u:object_r:clockspeed_port_t')
ifdef(`transproxy.te', `portcon tcp 8081 system_u:object_r:transproxy_port_t')
ifdef(`amanda.te', `
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/ssh.te policy-1.23.5/targeted/domains/program/ssh.te
+--- nsapolicy/targeted/domains/program/ssh.te 2005-02-24 14:51:10.000000000 -0500
++++ policy-1.23.5/targeted/domains/program/ssh.te 2005-03-29 11:16:20.000000000 -0500
+@@ -13,6 +13,7 @@
+ type sshd_exec_t, file_type, sysadmfile, exec_type;
+ type ssh_exec_t, file_type, sysadmfile, exec_type;
+ type ssh_keygen_exec_t, file_type, sysadmfile, exec_type;
++type ssh_keysign_exec_t, file_type, sysadmfile, exec_type;
+ type sshd_key_t, file_type, sysadmfile;
+ type sshd_var_run_t, file_type, sysadmfile;
+ type ssh_port_t, port_type;
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.5/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2005-02-24 14:51:09.000000000 -0500
+++ policy-1.23.5/tunables/distro.tun 2005-03-28 10:21:45.000000000 -0500
More information about the fedora-cvs-commits
mailing list