rpms/selinux-policy-strict/devel policy-20051021.patch, 1.18, 1.19 selinux-policy-strict.spec, 1.416, 1.417
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Nov 7 19:43:20 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24799
Modified Files:
policy-20051021.patch selinux-policy-strict.spec
Log Message:
* Fri Nov 7 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-16
- Allow scanimage to work with hplip
- Fix multiple definititions in file context
- Fix missing launch
policy-20051021.patch:
Makefile | 14 -
attrib.te | 18 +
domains/admin.te | 2
domains/misc/kernel.te | 2
domains/program/fsadm.te | 2
domains/program/getty.te | 2
domains/program/ifconfig.te | 2
domains/program/init.te | 2
domains/program/initrc.te | 13 +
domains/program/login.te | 2
domains/program/logrotate.te | 2
domains/program/modutil.te | 8
domains/program/newrole.te | 4
domains/program/restorecon.te | 4
domains/program/setfiles.te | 2
domains/program/ssh.te | 2
domains/program/su.te | 4
domains/program/syslogd.te | 4
domains/program/tmpreaper.te | 2
domains/program/unused/NetworkManager.te | 10 +
domains/program/unused/amanda.te | 21 +-
domains/program/unused/apache.te | 16 +
domains/program/unused/apmd.te | 13 +
domains/program/unused/auditd.te | 6
domains/program/unused/avahi.te | 31 +++
domains/program/unused/bluetooth.te | 57 +++++
domains/program/unused/cups.te | 11 -
domains/program/unused/cyrus.te | 8
domains/program/unused/dbusd.te | 2
domains/program/unused/dhcpc.te | 3
domains/program/unused/dhcpd.te | 3
domains/program/unused/exim.te | 309 +++++++++++++++++++++++++++++++
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 3
domains/program/unused/mta.te | 5
domains/program/unused/mysqld.te | 6
domains/program/unused/named.te | 17 +
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 15 +
domains/program/unused/ping.te | 2
domains/program/unused/postfix.te | 55 +++--
domains/program/unused/postgresql.te | 11 -
domains/program/unused/pppd.te | 24 +-
domains/program/unused/procmail.te | 6
domains/program/unused/radius.te | 3
domains/program/unused/rpcd.te | 16 +
domains/program/unused/rpm.te | 4
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 6
domains/program/unused/saslauthd.te | 1
domains/program/unused/sendmail.te | 50 ++++-
domains/program/unused/slapd.te | 25 ++
domains/program/unused/snmpd.te | 1
domains/program/unused/spamd.te | 28 --
domains/program/unused/udev.te | 8
domains/program/unused/webalizer.te | 3
domains/program/unused/xdm.te | 2
domains/program/unused/yppasswdd.te | 40 ++++
domains/program/unused/ypserv.te | 8
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 3
file_contexts/program/avahi.fc | 4
file_contexts/program/backup.fc | 2
file_contexts/program/bluetooth.fc | 2
file_contexts/program/compat.fc | 4
file_contexts/program/dhcpc.fc | 1
file_contexts/program/dhcpd.fc | 9
file_contexts/program/exim.fc | 18 +
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 3
file_contexts/program/kudzu.fc | 2
file_contexts/program/pegasus.fc | 6
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/sendmail.fc | 7
file_contexts/program/slapd.fc | 12 +
file_contexts/program/squid.fc | 3
file_contexts/program/yppasswdd.fc | 2
file_contexts/types.fc | 5
genfs_contexts | 1
macros/base_user_macros.te | 7
macros/global_macros.te | 26 --
macros/home_macros.te | 9
macros/program/chkpwd_macros.te | 7
macros/program/dbusd_macros.te | 1
macros/program/exim_macros.te | 75 +++++++
macros/program/su_macros.te | 2
macros/program/ypbind_macros.te | 1
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 +
man/man8/httpd_selinux.8 | 9
man/man8/rsync_selinux.8 | 12 -
man/man8/samba_selinux.8 | 9
mcs | 194 ++++++-------------
mls | 227 ++++++++--------------
net_contexts | 4
targeted/assert.te | 2
targeted/domains/program/compat.te | 1
targeted/domains/program/sendmail.te | 18 -
targeted/domains/program/ssh.te | 2
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 10 -
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 4
types/file.te | 44 +---
types/network.te | 10 -
types/nfs.te | 1
types/security.te | 2
114 files changed, 1200 insertions(+), 549 deletions(-)
Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20051021.patch 7 Nov 2005 18:56:50 -0000 1.18
+++ policy-20051021.patch 7 Nov 2005 19:43:16 -0000 1.19
@@ -1489,7 +1489,7 @@
+}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.27.2/domains/program/unused/pppd.te
--- nsapolicy/domains/program/unused/pppd.te 2005-10-21 11:36:15.000000000 -0400
-+++ policy-1.27.2/domains/program/unused/pppd.te 2005-11-07 11:43:42.000000000 -0500
++++ policy-1.27.2/domains/program/unused/pppd.te 2005-11-07 14:41:31.000000000 -0500
@@ -14,7 +14,7 @@
#
bool pppd_for_user false;
@@ -1525,7 +1525,7 @@
# for scripts
allow pppd_t self:fifo_file rw_file_perms;
-@@ -105,14 +106,17 @@
+@@ -105,14 +106,18 @@
dontaudit pppd_t initrc_var_run_t:file { lock write };
# pppd needs to load kernel modules for certain modems
@@ -1533,6 +1533,7 @@
-if (pppd_can_insmod) {
ifdef(`modutil.te', `
+bool pppd_can_insmod false;
++typeattribute ifconfig_t privsysmod;
+
+if (pppd_can_insmod && !secure_mode_insmod) {
domain_auto_trans(pppd_t, insmod_exec_t, insmod_t)
@@ -1547,7 +1548,7 @@
can_network_client_tcp(pptp_t)
allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
can_exec(pptp_t, hostname_exec_t)
-@@ -121,11 +125,11 @@
+@@ -121,11 +126,11 @@
allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow pptp_t self:unix_dgram_socket create_socket_perms;
can_exec(pptp_t, pppd_etc_rw_t)
@@ -1561,7 +1562,7 @@
allow pppd_t pptp_t:process signal;
allow pptp_t self:capability net_raw;
allow pptp_t self:fifo_file { read write };
-@@ -145,3 +149,4 @@
+@@ -145,3 +150,4 @@
# Allow /etc/ppp/ip-{up,down} to run most anything
type pppd_script_exec_t, file_type, sysadmfile;
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
@@ -2194,20 +2195,18 @@
+/srv/([^/]*/)?rsync(/.*)? system_u:object_r:public_content_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/sendmail.fc policy-1.27.2/file_contexts/program/sendmail.fc
--- nsapolicy/file_contexts/program/sendmail.fc 2005-09-12 16:40:27.000000000 -0400
-+++ policy-1.27.2/file_contexts/program/sendmail.fc 2005-11-07 10:47:22.000000000 -0500
-@@ -4,3 +4,12 @@
++++ policy-1.27.2/file_contexts/program/sendmail.fc 2005-11-07 14:40:02.000000000 -0500
+@@ -4,3 +4,10 @@
/var/log/mail(/.*)? system_u:object_r:sendmail_log_t
/var/run/sendmail\.pid -- system_u:object_r:sendmail_var_run_t
/var/run/sm-client\.pid -- system_u:object_r:sendmail_var_run_t
+ifdef(`distro_redhat', `
-+ifdef(`targeted_policy', `', `
+/etc/rc.d/init.d/sendmail -- system_u:object_r:sendmail_launch_exec_t
+/var/lock/subsys/sm-client -- system_u:object_r:sendmail_launch_lock_t
+/var/lock/subsys/sendmail -- system_u:object_r:sendmail_launch_lock_t
+', `
+/etc/init.d/sendmail -- system_u:object_r:sendmail_launch_exec_t
+')
-+')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/slapd.fc policy-1.27.2/file_contexts/program/slapd.fc
--- nsapolicy/file_contexts/program/slapd.fc 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.2/file_contexts/program/slapd.fc 2005-11-07 10:47:22.000000000 -0500
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.416
retrieving revision 1.417
diff -u -r1.416 -r1.417
--- selinux-policy-strict.spec 7 Nov 2005 18:56:50 -0000 1.416
+++ selinux-policy-strict.spec 7 Nov 2005 19:43:16 -0000 1.417
@@ -4,7 +4,7 @@
%define PRE_FILE_CONTEXT %{FILE_CONTEXT}.pre
%define POLICYVER 20
%define POLICYCOREUTILSVER 1.27.20-1
-%define CHECKPOLICYVER 1.27.17-1
+%define CHECKPOLICYVER 1.27.17-5
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
More information about the fedora-cvs-commits
mailing list