rpms/selinux-policy-strict/devel policy-20051021.patch,1.13,1.14
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Nov 3 20:04:01 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8502
Modified Files:
policy-20051021.patch
Log Message:
* Thu Nov 3 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-12
- Add Russell patch to allow transition to strict policy
- Allow pegasus to use pam
- Add back transtion from unconfined_t to httpd_t
policy-20051021.patch:
Makefile | 14 -
attrib.te | 18 +
domains/admin.te | 2
domains/misc/kernel.te | 2
domains/program/fsadm.te | 2
domains/program/ifconfig.te | 2
domains/program/init.te | 2
domains/program/initrc.te | 13 +
domains/program/logrotate.te | 2
domains/program/modutil.te | 8
domains/program/newrole.te | 4
domains/program/restorecon.te | 4
domains/program/setfiles.te | 2
domains/program/ssh.te | 2
domains/program/su.te | 4
domains/program/syslogd.te | 4
domains/program/tmpreaper.te | 2
domains/program/unused/NetworkManager.te | 10 +
domains/program/unused/amanda.te | 21 +-
domains/program/unused/apache.te | 16 +
domains/program/unused/apmd.te | 13 +
domains/program/unused/auditd.te | 6
domains/program/unused/avahi.te | 31 +++
domains/program/unused/bluetooth.te | 57 +++++
domains/program/unused/cups.te | 11 -
domains/program/unused/dbusd.te | 2
domains/program/unused/dhcpc.te | 3
domains/program/unused/dhcpd.te | 3
domains/program/unused/exim.te | 309 +++++++++++++++++++++++++++++++
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 3
domains/program/unused/mysqld.te | 6
domains/program/unused/named.te | 17 +
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 15 +
domains/program/unused/ping.te | 2
domains/program/unused/postfix.te | 54 +++--
domains/program/unused/postgresql.te | 11 -
domains/program/unused/pppd.te | 22 +-
domains/program/unused/radius.te | 3
domains/program/unused/rpcd.te | 16 +
domains/program/unused/rpm.te | 4
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 6
domains/program/unused/saslauthd.te | 1
domains/program/unused/sendmail.te | 3
domains/program/unused/snmpd.te | 1
domains/program/unused/spamd.te | 28 --
domains/program/unused/udev.te | 8
domains/program/unused/webalizer.te | 3
domains/program/unused/xdm.te | 2
domains/program/unused/yppasswdd.te | 40 ++++
domains/program/unused/ypserv.te | 8
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 3
file_contexts/program/avahi.fc | 4
file_contexts/program/backup.fc | 2
file_contexts/program/bluetooth.fc | 2
file_contexts/program/compat.fc | 7
file_contexts/program/dhcpc.fc | 1
file_contexts/program/dhcpd.fc | 5
file_contexts/program/exim.fc | 18 +
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 3
file_contexts/program/kudzu.fc | 2
file_contexts/program/pegasus.fc | 6
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/squid.fc | 3
file_contexts/program/yppasswdd.fc | 2
file_contexts/types.fc | 4
genfs_contexts | 1
macros/base_user_macros.te | 7
macros/global_macros.te | 25 --
macros/home_macros.te | 9
macros/program/chkpwd_macros.te | 7
macros/program/dbusd_macros.te | 1
macros/program/exim_macros.te | 75 +++++++
macros/program/su_macros.te | 2
macros/program/ypbind_macros.te | 1
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 +
man/man8/httpd_selinux.8 | 9
man/man8/rsync_selinux.8 | 12 -
man/man8/samba_selinux.8 | 9
mcs | 194 ++++++-------------
mls | 227 ++++++++--------------
targeted/assert.te | 2
targeted/domains/program/compat.te | 1
targeted/domains/program/sendmail.te | 1
targeted/domains/program/ssh.te | 2
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 8
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 4
types/file.te | 43 +---
types/network.te | 10 -
types/nfs.te | 1
types/security.te | 2
105 files changed, 1094 insertions(+), 511 deletions(-)
Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20051021.patch 3 Nov 2005 18:57:05 -0000 1.13
+++ policy-20051021.patch 3 Nov 2005 20:03:38 -0000 1.14
@@ -1505,6 +1505,23 @@
type pppd_script_exec_t, file_type, sysadmfile;
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
+allow pppd_t initrc_t:process noatsecure;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/radius.te policy-1.27.2/domains/program/unused/radius.te
+--- nsapolicy/domains/program/unused/radius.te 2005-09-12 16:40:28.000000000 -0400
++++ policy-1.27.2/domains/program/unused/radius.te 2005-11-03 14:07:34.000000000 -0500
+@@ -10,7 +10,7 @@
+ #
+ # radiusd_exec_t is the type of the radiusd executable.
+ #
+-daemon_domain(radiusd, `, auth')
++daemon_domain(radiusd, `, auth_chkpwd')
+
+ etcdir_domain(radiusd)
+
+@@ -64,3 +64,4 @@
+ can_udp_send(radiusd_t, sysadm_t)
+
+ allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
++allow radiusd_t urandom_device_t:chr_file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.27.2/domains/program/unused/rpcd.te
--- nsapolicy/domains/program/unused/rpcd.te 2005-10-21 11:36:15.000000000 -0400
+++ policy-1.27.2/domains/program/unused/rpcd.te 2005-10-27 10:26:28.000000000 -0400
More information about the fedora-cvs-commits
mailing list