rpms/selinux-policy-targeted/devel policy-20050502.patch,1.4,1.5
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri May 6 03:12:03 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28361
Modified Files:
policy-20050502.patch
Log Message:
* Thu May 5 2005 Dan Walsh <dwalsh at redhat.com> 1.23.14-3
- Add debugfs
- Add Russell fixes for restorecon, games
- Turn off user_canbe_sysadm
policy-20050502.patch:
Makefile | 2 +-
domains/misc/kernel.te | 2 ++
domains/program/ifconfig.te | 2 ++
domains/program/modutil.te | 2 +-
domains/program/restorecon.te | 2 +-
domains/program/unused/apmd.te | 2 +-
domains/program/unused/auditd.te | 1 +
domains/program/unused/automount.te | 9 +++++++--
domains/program/unused/consoletype.te | 1 +
domains/program/unused/cups.te | 8 ++++++--
domains/program/unused/hald.te | 7 ++++---
domains/program/unused/hotplug.te | 6 +++---
domains/program/unused/i18n_input.te | 2 ++
domains/program/unused/kudzu.te | 1 +
domains/program/unused/lvm.te | 2 +-
domains/program/unused/mysqld.te | 2 +-
domains/program/unused/pamconsole.te | 2 +-
domains/program/unused/postfix.te | 1 +
domains/program/unused/privoxy.te | 9 +++++----
domains/program/unused/udev.te | 4 ++--
domains/program/unused/updfstab.te | 6 ++++++
domains/program/unused/xdm.te | 1 +
domains/program/unused/xserver.te | 1 +
file_contexts/distros.fc | 3 ++-
file_contexts/program/cups.fc | 1 +
file_contexts/program/rhgb.fc | 1 -
file_contexts/types.fc | 2 ++
fs_use | 1 +
genfs_contexts | 3 +--
macros/core_macros.te | 1 -
macros/program/games_domain.te | 27 +++++++++++++++++++++------
macros/program/su_macros.te | 5 +++--
net_contexts | 2 ++
targeted/domains/unconfined.te | 5 +++++
tunables/distro.tun | 2 +-
tunables/tunable.tun | 4 ++--
types/file.te | 5 +++++
37 files changed, 98 insertions(+), 39 deletions(-)
Index: policy-20050502.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050502.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20050502.patch 6 May 2005 02:57:31 -0000 1.4
+++ policy-20050502.patch 6 May 2005 03:12:00 -0000 1.5
@@ -183,15 +183,8 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.14/domains/program/unused/hotplug.te
--- nsapolicy/domains/program/unused/hotplug.te 2005-05-02 14:06:54.000000000 -0400
-+++ policy-1.23.14/domains/program/unused/hotplug.te 2005-05-05 16:30:39.000000000 -0400
-@@ -23,13 +23,13 @@
- allow hotplug_t self:unix_stream_socket create_socket_perms;
- allow hotplug_t self:udp_socket create_socket_perms;
-
--read_sysctl(hotplug_t)
-+can_sysctl(hotplug_t)
- allow hotplug_t sysctl_net_t:dir r_dir_perms;
- allow hotplug_t sysctl_net_t:file { getattr read };
++++ policy-1.23.14/domains/program/unused/hotplug.te 2005-05-05 23:07:49.000000000 -0400
+@@ -29,7 +29,7 @@
# get info from /proc
r_dir_file(hotplug_t, proc_t)
@@ -200,6 +193,15 @@
allow hotplug_t devtty_t:chr_file rw_file_perms;
+@@ -129,7 +129,7 @@
+ allow hotplug_t lib_t:file { getattr read };
+
+ allow hotplug_t self:capability { net_admin sys_tty_config mknod };
+-allow hotplug_t sysfs_t:dir { getattr read search };
++allow hotplug_t sysfs_t:dir { getattr read search write };
+ allow hotplug_t sysfs_t:file { getattr read };
+ allow hotplug_t sysfs_t:lnk_file { getattr read };
+ allow hotplug_t udev_runtime_t:file rw_file_perms;
@@ -156,4 +156,4 @@
domain_auto_trans(hotplug_t, sendmail_exec_t, system_mail_t)
')
More information about the fedora-cvs-commits
mailing list