rpms/selinux-policy/devel policy-20051114.patch,1.11,1.12

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Nov 23 21:16:34 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5410

Modified Files:
	policy-20051114.patch 
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
- Cleanup pegasus and named 
- Fix spec file


policy-20051114.patch:
 Makefile                            |    4 ++--
 base.pp                             |binary
 policy/modules/apps/webalizer.fc    |    2 +-
 policy/modules/kernel/filesystem.te |    1 +
 policy/modules/services/avahi.te    |    4 ++--
 policy/modules/services/cron.te     |    4 ++++
 policy/modules/services/ftp.fc      |    3 +--
 policy/modules/services/hal.te      |    2 ++
 policy/modules/services/pegasus.te  |   27 +++++++++++++--------------
 policy/modules/services/rpc.te      |    2 ++
 policy/modules/system/files.if      |    2 ++
 policy/modules/system/mount.te      |    5 +----
 policy/modules/system/sysnetwork.te |    1 +
 policy/modules/system/userdomain.if |    8 +++++---
 14 files changed, 37 insertions(+), 28 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20051114.patch	23 Nov 2005 21:08:47 -0000	1.11
+++ policy-20051114.patch	23 Nov 2005 21:16:30 -0000	1.12
@@ -103,8 +103,18 @@
  allow hald_t initrc_t:dbus send_msg;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 16:07:32.000000000 -0500
-@@ -29,26 +29,28 @@
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te	2005-11-23 16:16:01.000000000 -0500
+@@ -13,6 +13,9 @@
+ type pegasus_data_t;
+ files_type(pegasus_data_t)
+ 
++type pegasus_tmp_t;
++files_tmp_file(pegasus_tmp_t)
++
+ type pegasus_conf_t;
+ files_type(pegasus_conf_t)
+ 
+@@ -29,30 +32,33 @@
  
  allow pegasus_t self:capability { dac_override net_bind_service audit_write }; 
  dontaudit pegasus_t self:capability sys_tty_config;
@@ -135,7 +145,12 @@
  allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
  files_create_pid(pegasus_t,pegasus_var_run_t)
  
-@@ -75,10 +77,11 @@
+ kernel_read_kernel_sysctl(pegasus_t)
++kernel_read_fs_sysctl(pegasus_t)
+ kernel_read_system_state(pegasus_t)
+ kernel_search_vm_sysctl(pegasus_t)
+ 
+@@ -75,10 +81,11 @@
  
  term_dontaudit_use_console(pegasus_t)
  
@@ -148,6 +163,25 @@
  
  files_read_etc_files(pegasus_t)
  files_list_var_lib(pegasus_t)
+@@ -122,15 +129,7 @@
+ 	udev_read_db(pegasus_t)
+ ')
+ 
+-ifdef(`TODO',`
+-optional_policy(`rhgb.te',`
+-	rhgb_domain(pegasus_t)
+-')
+-') dnl end TODO
++files_create_tmp_files(pegasus_t, pegasus_tmp_t, { file dir })
++allow pegasus_t pegasus_tmp_t:dir create_dir_perms;
++allow pegasus_t pegasus_tmp_t:file create_file_perms;
+ 
+-# bad rules
+-type pegasus_conf_exec_t, entry_type;
+-files_type(pegasus_conf_exec_t)
+-allow pegasus_conf_exec_t pegasus_conf_t:dir rw_dir_perms;
+-allow pegasus_conf_exec_t pegasus_conf_t:file create_file_perms;
+-allow pegasus_conf_exec_t pegasus_conf_t:lnk_file create_lnk_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2005-11-14 18:24:07.000000000 -0500
 +++ serefpolicy-2.0.5/policy/modules/services/rpc.te	2005-11-23 15:51:34.000000000 -0500




More information about the fedora-cvs-commits mailing list