rpms/selinux-policy/devel policy-20051114.patch, 1.10, 1.11 selinux-policy.spec, 1.19, 1.20

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Nov 23 21:08:49 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25974

Modified Files:
	policy-20051114.patch selinux-policy.spec 
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
- Cleanup pegasus and named 
- Fix spec file


policy-20051114.patch:
 Makefile                            |    4 ++--
 base.pp                             |binary
 policy/modules/apps/webalizer.fc    |    2 +-
 policy/modules/kernel/filesystem.te |    1 +
 policy/modules/services/avahi.te    |    4 ++--
 policy/modules/services/cron.te     |    4 ++++
 policy/modules/services/ftp.fc      |    3 +--
 policy/modules/services/hal.te      |    2 ++
 policy/modules/services/pegasus.te  |    9 ++++++---
 policy/modules/services/rpc.te      |    2 ++
 policy/modules/system/files.if      |    2 ++
 policy/modules/system/mount.te      |    5 +----
 policy/modules/system/sysnetwork.te |    1 +
 policy/modules/system/userdomain.if |    8 +++++---
 14 files changed, 30 insertions(+), 17 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20051114.patch	23 Nov 2005 19:11:28 -0000	1.10
+++ policy-20051114.patch	23 Nov 2005 21:08:47 -0000	1.11
@@ -1,6 +1,7 @@
+Binary files nsaserefpolicy/base.pp and serefpolicy-2.0.5/base.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.5/Makefile
 --- nsaserefpolicy/Makefile	2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.5/Makefile	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/Makefile	2005-11-23 15:51:34.000000000 -0500
 @@ -54,7 +54,7 @@
  # This is a build option, as role transitions do
  # not work in conditional policy.
@@ -21,7 +22,7 @@
  endif
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.fc serefpolicy-2.0.5/policy/modules/apps/webalizer.fc
 --- nsaserefpolicy/policy/modules/apps/webalizer.fc	2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/apps/webalizer.fc	2005-11-23 15:51:34.000000000 -0500
 @@ -7,4 +7,4 @@
  #
  # /var
@@ -30,7 +31,7 @@
 +/var/lib/webalizer(/.*)?	gen_context(system_u:object_r:webalizer_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.0.5/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/kernel/filesystem.te	2005-11-23 15:51:34.000000000 -0500
 @@ -114,6 +114,7 @@
  #
  type autofs_t, noxattrfs;
@@ -41,7 +42,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.0.5/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/avahi.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/avahi.te	2005-11-23 15:51:34.000000000 -0500
 @@ -18,9 +18,9 @@
  # Local policy
  #
@@ -56,7 +57,7 @@
  allow avahi_t self:unix_dgram_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.0.5/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2005-11-15 09:13:36.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/cron.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/cron.te	2005-11-23 15:51:34.000000000 -0500
 @@ -174,6 +174,10 @@
  	cyrus_manage_data(system_crond_t)
  ')
@@ -70,7 +71,7 @@
  	inn_manage_pid(system_crond_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-2.0.5/policy/modules/services/ftp.fc
 --- nsaserefpolicy/policy/modules/services/ftp.fc	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/ftp.fc	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/ftp.fc	2005-11-23 15:51:34.000000000 -0500
 @@ -18,8 +18,7 @@
  #
  # /var
@@ -83,7 +84,7 @@
  /var/log/vsftpd.*	--	gen_context(system_u:object_r:xferlog_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.0.5/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/hal.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/hal.te	2005-11-23 15:51:34.000000000 -0500
 @@ -80,6 +80,7 @@
  selinux_compute_user_contexts(hald_t)
  
@@ -102,8 +103,15 @@
  allow hald_t initrc_t:dbus send_msg;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 14:02:36.000000000 -0500
-@@ -35,7 +35,7 @@
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 16:07:32.000000000 -0500
+@@ -29,26 +29,28 @@
+ 
+ allow pegasus_t self:capability { dac_override net_bind_service audit_write }; 
+ dontaudit pegasus_t self:capability sys_tty_config;
++allow pegasus_t self:process signal;
+ allow pegasus_t self:fifo_file rw_file_perms;
+ allow pegasus_t self:unix_dgram_socket create_socket_perms;
+ allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
  allow pegasus_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
  allow pegasus_t self:tcp_socket create_stream_socket_perms;
  
@@ -112,8 +120,28 @@
  allow pegasus_t pegasus_conf_t:file { r_file_perms link unlink };
  allow pegasus_t pegasus_conf_t:lnk_file r_file_perms;
  
-@@ -79,6 +79,7 @@
- auth_read_shadow(pegasus_t)
+ allow pegasus_t pegasus_data_t:dir rw_dir_perms;
+ allow pegasus_t pegasus_data_t:file create_file_perms;
+ allow pegasus_t pegasus_data_t:lnk_file create_lnk_perms;
++type_transition pegasus_t pegasus_conf_t:{ file dir } pegasus_data_t;
+ 
+ allow pegasus_t pegasus_mof_t:dir r_dir_perms;
+ allow pegasus_t pegasus_mof_t:file r_file_perms;
+ allow pegasus_t pegasus_mof_t:lnk_file { getattr read };
+ 
+ allow pegasus_t pegasus_var_run_t:file create_file_perms;
+-allow pegasus_t pegasus_var_run_t:sock_file { create setattr };
++allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
+ allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
+ files_create_pid(pegasus_t,pegasus_var_run_t)
+ 
+@@ -75,10 +77,11 @@
+ 
+ term_dontaudit_use_console(pegasus_t)
+ 
++auth_domtrans_chk_passwd(pegasus_t)
+ auth_use_nsswitch(pegasus_t)
+-auth_read_shadow(pegasus_t)
  
  domain_use_wide_inherit_fd(pegasus_t)
 +domain_read_all_domains_state(pegasus_t)
@@ -122,7 +150,7 @@
  files_list_var_lib(pegasus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/rpc.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/services/rpc.te	2005-11-23 15:51:34.000000000 -0500
 @@ -31,6 +31,8 @@
  
  type var_lib_nfs_t;
@@ -132,10 +160,33 @@
  
  ########################################
  #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/files.if serefpolicy-2.0.5/policy/modules/system/files.if
+--- nsaserefpolicy/policy/modules/system/files.if	2005-11-15 19:42:22.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/files.if	2005-11-23 15:51:34.000000000 -0500
+@@ -894,9 +894,11 @@
+ 	gen_require(`
+ 		attribute mountpoint;
+ 		class dir { getattr search mounton };
++		class file { getattr mounton };
+ 	')
+ 
+ 	allow $1 mountpoint:dir { getattr search mounton };
++	allow $1 mountpoint:file { getattr mounton };
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.5/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/mount.te	2005-11-23 14:02:06.000000000 -0500
-@@ -133,9 +133,6 @@
++++ serefpolicy-2.0.5/policy/modules/system/mount.te	2005-11-23 15:51:34.000000000 -0500
+@@ -9,6 +9,7 @@
+ type mount_t;
+ type mount_exec_t;
+ init_system_domain(mount_t,mount_exec_t)
++
+ role system_r types mount_t;
+ 
+ type mount_tmp_t;
+@@ -133,9 +134,6 @@
  ')
  
  ifdef(`TODO',`
@@ -145,9 +196,15 @@
  # TODO: Need to examine this further. Not sure how to handle this
  #type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
  #allow sysadm_t sysadm_mount_source_t:file create_file_perms;
+@@ -152,5 +150,4 @@
+ optional_policy(`rhgb.te', `
+ rhgb_domain(mount_t)
+ ')
+-
+ ') dnl endif TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.0.5/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/sysnetwork.te	2005-11-23 15:51:34.000000000 -0500
 @@ -58,6 +58,7 @@
  
  allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
@@ -158,7 +215,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.0.5/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2005-11-23 10:06:38.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/system/userdomain.if	2005-11-23 14:02:06.000000000 -0500
++++ serefpolicy-2.0.5/policy/modules/system/userdomain.if	2005-11-23 15:51:34.000000000 -0500
 @@ -2466,12 +2466,14 @@
  #
  interface(`userdom_dontaudit_use_unpriv_user_tty',`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- selinux-policy.spec	23 Nov 2005 19:11:28 -0000	1.19
+++ selinux-policy.spec	23 Nov 2005 21:08:47 -0000	1.20
@@ -10,7 +10,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.0.5
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -237,7 +237,7 @@
 
 
 %changelog
-* Tue Nov 21 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-2
+* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
 - Cleanup pegasus and named 
 - Fix spec file
 




More information about the fedora-cvs-commits mailing list