rpms/selinux-policy-strict/devel policy-20050502.patch,1.3,1.4
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri May 6 02:42:08 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv30965
Modified Files:
policy-20050502.patch
Log Message:
* Thu May 5 2005 Dan Walsh <dwalsh at redhat.com> 1.23.14-3
- Add debugfs
- Add Russell fixes for restorecon, games
- Turn off user_canbe_sysadm
policy-20050502.patch:
Makefile | 2 +-
domains/misc/kernel.te | 2 ++
domains/program/ifconfig.te | 2 ++
domains/program/modutil.te | 2 +-
domains/program/restorecon.te | 2 +-
domains/program/unused/apmd.te | 2 +-
domains/program/unused/auditd.te | 1 +
domains/program/unused/automount.te | 9 +++++++--
domains/program/unused/consoletype.te | 1 +
domains/program/unused/cups.te | 8 ++++++--
domains/program/unused/hald.te | 7 ++++---
domains/program/unused/hotplug.te | 6 +++---
domains/program/unused/i18n_input.te | 2 ++
domains/program/unused/kudzu.te | 1 +
domains/program/unused/lvm.te | 2 +-
domains/program/unused/mysqld.te | 2 +-
domains/program/unused/pamconsole.te | 2 +-
domains/program/unused/postfix.te | 1 +
domains/program/unused/privoxy.te | 9 +++++----
domains/program/unused/udev.te | 4 ++--
domains/program/unused/updfstab.te | 6 ++++++
domains/program/unused/xdm.te | 1 +
domains/program/unused/xserver.te | 1 +
file_contexts/distros.fc | 3 ++-
file_contexts/program/cups.fc | 1 +
file_contexts/program/rhgb.fc | 1 -
file_contexts/types.fc | 2 ++
fs_use | 1 +
genfs_contexts | 3 +--
macros/core_macros.te | 1 -
macros/program/games_domain.te | 27 +++++++++++++++++++++------
macros/program/su_macros.te | 5 +++--
net_contexts | 2 ++
targeted/domains/unconfined.te | 5 +++++
tunables/distro.tun | 2 +-
tunables/tunable.tun | 4 ++--
types/file.te | 5 +++++
37 files changed, 98 insertions(+), 39 deletions(-)
Index: policy-20050502.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050502.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20050502.patch 6 May 2005 02:37:12 -0000 1.3
+++ policy-20050502.patch 6 May 2005 02:42:05 -0000 1.4
@@ -245,6 +245,18 @@
# for when /usr is not mounted
dontaudit lvm_t file_t:dir search;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.23.14/domains/program/unused/mysqld.te
+--- nsapolicy/domains/program/unused/mysqld.te 2005-04-27 10:28:51.000000000 -0400
++++ policy-1.23.14/domains/program/unused/mysqld.te 2005-05-05 22:39:47.000000000 -0400
+@@ -34,7 +34,7 @@
+
+ allow initrc_t mysqld_log_t:file { write append setattr ioctl };
+
+-allow mysqld_t self:capability { dac_override setgid setuid net_bind_service };
++allow mysqld_t self:capability { setsched dac_override setgid setuid net_bind_service };
+ allow mysqld_t self:process getsched;
+
+ allow mysqld_t proc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pamconsole.te policy-1.23.14/domains/program/unused/pamconsole.te
--- nsapolicy/domains/program/unused/pamconsole.te 2005-04-27 10:28:52.000000000 -0400
+++ policy-1.23.14/domains/program/unused/pamconsole.te 2005-05-02 14:57:26.000000000 -0400
More information about the fedora-cvs-commits
mailing list