[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-strict/devel policy-20051021.patch, 1.18, 1.19 selinux-policy-strict.spec, 1.416, 1.417



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24799

Modified Files:
	policy-20051021.patch selinux-policy-strict.spec 
Log Message:
* Fri Nov 7 2005 Dan Walsh <dwalsh redhat com> 1.27.2-16
- Allow scanimage to work with hplip
- Fix multiple definititions in file context
- Fix missing launch


policy-20051021.patch:
 Makefile                                 |   14 -
 attrib.te                                |   18 +
 domains/admin.te                         |    2 
 domains/misc/kernel.te                   |    2 
 domains/program/fsadm.te                 |    2 
 domains/program/getty.te                 |    2 
 domains/program/ifconfig.te              |    2 
 domains/program/init.te                  |    2 
 domains/program/initrc.te                |   13 +
 domains/program/login.te                 |    2 
 domains/program/logrotate.te             |    2 
 domains/program/modutil.te               |    8 
 domains/program/newrole.te               |    4 
 domains/program/restorecon.te            |    4 
 domains/program/setfiles.te              |    2 
 domains/program/ssh.te                   |    2 
 domains/program/su.te                    |    4 
 domains/program/syslogd.te               |    4 
 domains/program/tmpreaper.te             |    2 
 domains/program/unused/NetworkManager.te |   10 +
 domains/program/unused/amanda.te         |   21 +-
 domains/program/unused/apache.te         |   16 +
 domains/program/unused/apmd.te           |   13 +
 domains/program/unused/auditd.te         |    6 
 domains/program/unused/avahi.te          |   31 +++
 domains/program/unused/bluetooth.te      |   57 +++++
 domains/program/unused/cups.te           |   11 -
 domains/program/unused/cyrus.te          |    8 
 domains/program/unused/dbusd.te          |    2 
 domains/program/unused/dhcpc.te          |    3 
 domains/program/unused/dhcpd.te          |    3 
 domains/program/unused/exim.te           |  309 +++++++++++++++++++++++++++++++
 domains/program/unused/ftpd.te           |    6 
 domains/program/unused/hald.te           |    5 
 domains/program/unused/hotplug.te        |    5 
 domains/program/unused/ipsec.te          |    2 
 domains/program/unused/kudzu.te          |    3 
 domains/program/unused/mta.te            |    5 
 domains/program/unused/mysqld.te         |    6 
 domains/program/unused/named.te          |   17 +
 domains/program/unused/nscd.te           |    1 
 domains/program/unused/ntpd.te           |    5 
 domains/program/unused/pamconsole.te     |    2 
 domains/program/unused/pegasus.te        |   15 +
 domains/program/unused/ping.te           |    2 
 domains/program/unused/postfix.te        |   55 +++--
 domains/program/unused/postgresql.te     |   11 -
 domains/program/unused/pppd.te           |   24 +-
 domains/program/unused/procmail.te       |    6 
 domains/program/unused/radius.te         |    3 
 domains/program/unused/rpcd.te           |   16 +
 domains/program/unused/rpm.te            |    4 
 domains/program/unused/rsync.te          |    3 
 domains/program/unused/samba.te          |    6 
 domains/program/unused/saslauthd.te      |    1 
 domains/program/unused/sendmail.te       |   50 ++++-
 domains/program/unused/slapd.te          |   25 ++
 domains/program/unused/snmpd.te          |    1 
 domains/program/unused/spamd.te          |   28 --
 domains/program/unused/udev.te           |    8 
 domains/program/unused/webalizer.te      |    3 
 domains/program/unused/xdm.te            |    2 
 domains/program/unused/yppasswdd.te      |   40 ++++
 domains/program/unused/ypserv.te         |    8 
 file_contexts/distros.fc                 |    1 
 file_contexts/program/apache.fc          |    3 
 file_contexts/program/avahi.fc           |    4 
 file_contexts/program/backup.fc          |    2 
 file_contexts/program/bluetooth.fc       |    2 
 file_contexts/program/compat.fc          |    4 
 file_contexts/program/dhcpc.fc           |    1 
 file_contexts/program/dhcpd.fc           |    9 
 file_contexts/program/exim.fc            |   18 +
 file_contexts/program/ftpd.fc            |    5 
 file_contexts/program/games.fc           |    3 
 file_contexts/program/kudzu.fc           |    2 
 file_contexts/program/pegasus.fc         |    6 
 file_contexts/program/rshd.fc            |    1 
 file_contexts/program/rsync.fc           |    2 
 file_contexts/program/sendmail.fc        |    7 
 file_contexts/program/slapd.fc           |   12 +
 file_contexts/program/squid.fc           |    3 
 file_contexts/program/yppasswdd.fc       |    2 
 file_contexts/types.fc                   |    5 
 genfs_contexts                           |    1 
 macros/base_user_macros.te               |    7 
 macros/global_macros.te                  |   26 --
 macros/home_macros.te                    |    9 
 macros/program/chkpwd_macros.te          |    7 
 macros/program/dbusd_macros.te           |    1 
 macros/program/exim_macros.te            |   75 +++++++
 macros/program/su_macros.te              |    2 
 macros/program/ypbind_macros.te          |    1 
 macros/user_macros.te                    |    1 
 man/man8/ftpd_selinux.8                  |   19 +
 man/man8/httpd_selinux.8                 |    9 
 man/man8/rsync_selinux.8                 |   12 -
 man/man8/samba_selinux.8                 |    9 
 mcs                                      |  194 ++++++-------------
 mls                                      |  227 ++++++++--------------
 net_contexts                             |    4 
 targeted/assert.te                       |    2 
 targeted/domains/program/compat.te       |    1 
 targeted/domains/program/sendmail.te     |   18 -
 targeted/domains/program/ssh.te          |    2 
 targeted/domains/program/xdm.te          |    4 
 targeted/domains/unconfined.te           |   10 -
 tunables/distro.tun                      |    2 
 tunables/tunable.tun                     |    4 
 types/devpts.te                          |    4 
 types/file.te                            |   44 +---
 types/network.te                         |   10 -
 types/nfs.te                             |    1 
 types/security.te                        |    2 
 114 files changed, 1200 insertions(+), 549 deletions(-)

Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20051021.patch	7 Nov 2005 18:56:50 -0000	1.18
+++ policy-20051021.patch	7 Nov 2005 19:43:16 -0000	1.19
@@ -1489,7 +1489,7 @@
 +}
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.27.2/domains/program/unused/pppd.te
 --- nsapolicy/domains/program/unused/pppd.te	2005-10-21 11:36:15.000000000 -0400
-+++ policy-1.27.2/domains/program/unused/pppd.te	2005-11-07 11:43:42.000000000 -0500
++++ policy-1.27.2/domains/program/unused/pppd.te	2005-11-07 14:41:31.000000000 -0500
 @@ -14,7 +14,7 @@
  #
  bool pppd_for_user false;
@@ -1525,7 +1525,7 @@
  
  # for scripts
  allow pppd_t self:fifo_file rw_file_perms;
-@@ -105,14 +106,17 @@
+@@ -105,14 +106,18 @@
  dontaudit pppd_t initrc_var_run_t:file { lock write };
  
  # pppd needs to load kernel modules for certain modems
@@ -1533,6 +1533,7 @@
 -if (pppd_can_insmod) {
  ifdef(`modutil.te', `
 +bool pppd_can_insmod false;
++typeattribute ifconfig_t privsysmod;
 +
 +if (pppd_can_insmod && !secure_mode_insmod) {
  domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
@@ -1547,7 +1548,7 @@
  can_network_client_tcp(pptp_t)
  allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
  can_exec(pptp_t, hostname_exec_t)
-@@ -121,11 +125,11 @@
+@@ -121,11 +126,11 @@
  allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
  allow pptp_t self:unix_dgram_socket create_socket_perms;
  can_exec(pptp_t, pppd_etc_rw_t)
@@ -1561,7 +1562,7 @@
  allow pppd_t pptp_t:process signal;
  allow pptp_t self:capability net_raw;
  allow pptp_t self:fifo_file { read write };
-@@ -145,3 +149,4 @@
+@@ -145,3 +150,4 @@
  # Allow /etc/ppp/ip-{up,down} to run most anything
  type pppd_script_exec_t, file_type, sysadmfile;
  domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
@@ -2194,20 +2195,18 @@
 +/srv/([^/]*/)?rsync(/.*)?	system_u:object_r:public_content_t
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/sendmail.fc policy-1.27.2/file_contexts/program/sendmail.fc
 --- nsapolicy/file_contexts/program/sendmail.fc	2005-09-12 16:40:27.000000000 -0400
-+++ policy-1.27.2/file_contexts/program/sendmail.fc	2005-11-07 10:47:22.000000000 -0500
-@@ -4,3 +4,12 @@
++++ policy-1.27.2/file_contexts/program/sendmail.fc	2005-11-07 14:40:02.000000000 -0500
+@@ -4,3 +4,10 @@
  /var/log/mail(/.*)?			system_u:object_r:sendmail_log_t
  /var/run/sendmail\.pid		--	system_u:object_r:sendmail_var_run_t
  /var/run/sm-client\.pid		--	system_u:object_r:sendmail_var_run_t
 +ifdef(`distro_redhat', `
-+ifdef(`targeted_policy', `', `
 +/etc/rc.d/init.d/sendmail	--	system_u:object_r:sendmail_launch_exec_t
 +/var/lock/subsys/sm-client	--	system_u:object_r:sendmail_launch_lock_t
 +/var/lock/subsys/sendmail	--	system_u:object_r:sendmail_launch_lock_t
 +', `
 +/etc/init.d/sendmail	--	system_u:object_r:sendmail_launch_exec_t
 +')
-+')
 diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/slapd.fc policy-1.27.2/file_contexts/program/slapd.fc
 --- nsapolicy/file_contexts/program/slapd.fc	2005-09-12 16:40:28.000000000 -0400
 +++ policy-1.27.2/file_contexts/program/slapd.fc	2005-11-07 10:47:22.000000000 -0500


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.416
retrieving revision 1.417
diff -u -r1.416 -r1.417
--- selinux-policy-strict.spec	7 Nov 2005 18:56:50 -0000	1.416
+++ selinux-policy-strict.spec	7 Nov 2005 19:43:16 -0000	1.417
@@ -4,7 +4,7 @@
 %define PRE_FILE_CONTEXT %{FILE_CONTEXT}.pre
 %define POLICYVER 20
 %define POLICYCOREUTILSVER 1.27.20-1
-%define CHECKPOLICYVER 1.27.17-1
+%define CHECKPOLICYVER 1.27.17-5
 
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]