rpms/selinux-policy/devel policy-20051114.patch, 1.10, 1.11 selinux-policy.spec, 1.19, 1.20
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 23 21:08:49 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25974
Modified Files:
policy-20051114.patch selinux-policy.spec
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
- Cleanup pegasus and named
- Fix spec file
policy-20051114.patch:
Makefile | 4 ++--
base.pp |binary
policy/modules/apps/webalizer.fc | 2 +-
policy/modules/kernel/filesystem.te | 1 +
policy/modules/services/avahi.te | 4 ++--
policy/modules/services/cron.te | 4 ++++
policy/modules/services/ftp.fc | 3 +--
policy/modules/services/hal.te | 2 ++
policy/modules/services/pegasus.te | 9 ++++++---
policy/modules/services/rpc.te | 2 ++
policy/modules/system/files.if | 2 ++
policy/modules/system/mount.te | 5 +----
policy/modules/system/sysnetwork.te | 1 +
policy/modules/system/userdomain.if | 8 +++++---
14 files changed, 30 insertions(+), 17 deletions(-)
Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20051114.patch 23 Nov 2005 19:11:28 -0000 1.10
+++ policy-20051114.patch 23 Nov 2005 21:08:47 -0000 1.11
@@ -1,6 +1,7 @@
+Binary files nsaserefpolicy/base.pp and serefpolicy-2.0.5/base.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.5/Makefile
--- nsaserefpolicy/Makefile 2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.5/Makefile 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/Makefile 2005-11-23 15:51:34.000000000 -0500
@@ -54,7 +54,7 @@
# This is a build option, as role transitions do
# not work in conditional policy.
@@ -21,7 +22,7 @@
endif
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.fc serefpolicy-2.0.5/policy/modules/apps/webalizer.fc
--- nsaserefpolicy/policy/modules/apps/webalizer.fc 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc 2005-11-23 15:51:34.000000000 -0500
@@ -7,4 +7,4 @@
#
# /var
@@ -30,7 +31,7 @@
+/var/lib/webalizer(/.*)? gen_context(system_u:object_r:webalizer_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.0.5/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te 2005-11-23 15:51:34.000000000 -0500
@@ -114,6 +114,7 @@
#
type autofs_t, noxattrfs;
@@ -41,7 +42,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.0.5/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/avahi.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/avahi.te 2005-11-23 15:51:34.000000000 -0500
@@ -18,9 +18,9 @@
# Local policy
#
@@ -56,7 +57,7 @@
allow avahi_t self:unix_dgram_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.0.5/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2005-11-15 09:13:36.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/cron.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/cron.te 2005-11-23 15:51:34.000000000 -0500
@@ -174,6 +174,10 @@
cyrus_manage_data(system_crond_t)
')
@@ -70,7 +71,7 @@
inn_manage_pid(system_crond_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-2.0.5/policy/modules/services/ftp.fc
--- nsaserefpolicy/policy/modules/services/ftp.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/ftp.fc 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/ftp.fc 2005-11-23 15:51:34.000000000 -0500
@@ -18,8 +18,7 @@
#
# /var
@@ -83,7 +84,7 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.0.5/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/hal.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/hal.te 2005-11-23 15:51:34.000000000 -0500
@@ -80,6 +80,7 @@
selinux_compute_user_contexts(hald_t)
@@ -102,8 +103,15 @@
allow hald_t initrc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 14:02:36.000000000 -0500
-@@ -35,7 +35,7 @@
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 16:07:32.000000000 -0500
+@@ -29,26 +29,28 @@
+
+ allow pegasus_t self:capability { dac_override net_bind_service audit_write };
+ dontaudit pegasus_t self:capability sys_tty_config;
++allow pegasus_t self:process signal;
+ allow pegasus_t self:fifo_file rw_file_perms;
+ allow pegasus_t self:unix_dgram_socket create_socket_perms;
+ allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
allow pegasus_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
allow pegasus_t self:tcp_socket create_stream_socket_perms;
@@ -112,8 +120,28 @@
allow pegasus_t pegasus_conf_t:file { r_file_perms link unlink };
allow pegasus_t pegasus_conf_t:lnk_file r_file_perms;
-@@ -79,6 +79,7 @@
- auth_read_shadow(pegasus_t)
+ allow pegasus_t pegasus_data_t:dir rw_dir_perms;
+ allow pegasus_t pegasus_data_t:file create_file_perms;
+ allow pegasus_t pegasus_data_t:lnk_file create_lnk_perms;
++type_transition pegasus_t pegasus_conf_t:{ file dir } pegasus_data_t;
+
+ allow pegasus_t pegasus_mof_t:dir r_dir_perms;
+ allow pegasus_t pegasus_mof_t:file r_file_perms;
+ allow pegasus_t pegasus_mof_t:lnk_file { getattr read };
+
+ allow pegasus_t pegasus_var_run_t:file create_file_perms;
+-allow pegasus_t pegasus_var_run_t:sock_file { create setattr };
++allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
+ allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
+ files_create_pid(pegasus_t,pegasus_var_run_t)
+
+@@ -75,10 +77,11 @@
+
+ term_dontaudit_use_console(pegasus_t)
+
++auth_domtrans_chk_passwd(pegasus_t)
+ auth_use_nsswitch(pegasus_t)
+-auth_read_shadow(pegasus_t)
domain_use_wide_inherit_fd(pegasus_t)
+domain_read_all_domains_state(pegasus_t)
@@ -122,7 +150,7 @@
files_list_var_lib(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/rpc.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/rpc.te 2005-11-23 15:51:34.000000000 -0500
@@ -31,6 +31,8 @@
type var_lib_nfs_t;
@@ -132,10 +160,33 @@
########################################
#
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/files.if serefpolicy-2.0.5/policy/modules/system/files.if
+--- nsaserefpolicy/policy/modules/system/files.if 2005-11-15 19:42:22.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/files.if 2005-11-23 15:51:34.000000000 -0500
+@@ -894,9 +894,11 @@
+ gen_require(`
+ attribute mountpoint;
+ class dir { getattr search mounton };
++ class file { getattr mounton };
+ ')
+
+ allow $1 mountpoint:dir { getattr search mounton };
++ allow $1 mountpoint:file { getattr mounton };
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.5/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/mount.te 2005-11-23 14:02:06.000000000 -0500
-@@ -133,9 +133,6 @@
++++ serefpolicy-2.0.5/policy/modules/system/mount.te 2005-11-23 15:51:34.000000000 -0500
+@@ -9,6 +9,7 @@
+ type mount_t;
+ type mount_exec_t;
+ init_system_domain(mount_t,mount_exec_t)
++
+ role system_r types mount_t;
+
+ type mount_tmp_t;
+@@ -133,9 +134,6 @@
')
ifdef(`TODO',`
@@ -145,9 +196,15 @@
# TODO: Need to examine this further. Not sure how to handle this
#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
#allow sysadm_t sysadm_mount_source_t:file create_file_perms;
+@@ -152,5 +150,4 @@
+ optional_policy(`rhgb.te', `
+ rhgb_domain(mount_t)
+ ')
+-
+ ') dnl endif TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.0.5/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te 2005-11-23 15:51:34.000000000 -0500
@@ -58,6 +58,7 @@
allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
@@ -158,7 +215,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.0.5/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2005-11-23 10:06:38.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/userdomain.if 2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/userdomain.if 2005-11-23 15:51:34.000000000 -0500
@@ -2466,12 +2466,14 @@
#
interface(`userdom_dontaudit_use_unpriv_user_tty',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- selinux-policy.spec 23 Nov 2005 19:11:28 -0000 1.19
+++ selinux-policy.spec 23 Nov 2005 21:08:47 -0000 1.20
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.0.5
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -237,7 +237,7 @@
%changelog
-* Tue Nov 21 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-2
+* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
- Cleanup pegasus and named
- Fix spec file
More information about the fedora-cvs-commits
mailing list