rpms/selinux-policy/devel policy-20051114.patch,1.11,1.12
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 23 21:16:34 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5410
Modified Files:
policy-20051114.patch
Log Message:
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-3
- Cleanup pegasus and named
- Fix spec file
policy-20051114.patch:
Makefile | 4 ++--
base.pp |binary
policy/modules/apps/webalizer.fc | 2 +-
policy/modules/kernel/filesystem.te | 1 +
policy/modules/services/avahi.te | 4 ++--
policy/modules/services/cron.te | 4 ++++
policy/modules/services/ftp.fc | 3 +--
policy/modules/services/hal.te | 2 ++
policy/modules/services/pegasus.te | 27 +++++++++++++--------------
policy/modules/services/rpc.te | 2 ++
policy/modules/system/files.if | 2 ++
policy/modules/system/mount.te | 5 +----
policy/modules/system/sysnetwork.te | 1 +
policy/modules/system/userdomain.if | 8 +++++---
14 files changed, 37 insertions(+), 28 deletions(-)
Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20051114.patch 23 Nov 2005 21:08:47 -0000 1.11
+++ policy-20051114.patch 23 Nov 2005 21:16:30 -0000 1.12
@@ -103,8 +103,18 @@
allow hald_t initrc_t:dbus send_msg;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.0.5/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2005-11-18 14:19:34.000000000 -0500
-+++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 16:07:32.000000000 -0500
-@@ -29,26 +29,28 @@
++++ serefpolicy-2.0.5/policy/modules/services/pegasus.te 2005-11-23 16:16:01.000000000 -0500
+@@ -13,6 +13,9 @@
+ type pegasus_data_t;
+ files_type(pegasus_data_t)
+
++type pegasus_tmp_t;
++files_tmp_file(pegasus_tmp_t)
++
+ type pegasus_conf_t;
+ files_type(pegasus_conf_t)
+
+@@ -29,30 +32,33 @@
allow pegasus_t self:capability { dac_override net_bind_service audit_write };
dontaudit pegasus_t self:capability sys_tty_config;
@@ -135,7 +145,12 @@
allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
files_create_pid(pegasus_t,pegasus_var_run_t)
-@@ -75,10 +77,11 @@
+ kernel_read_kernel_sysctl(pegasus_t)
++kernel_read_fs_sysctl(pegasus_t)
+ kernel_read_system_state(pegasus_t)
+ kernel_search_vm_sysctl(pegasus_t)
+
+@@ -75,10 +81,11 @@
term_dontaudit_use_console(pegasus_t)
@@ -148,6 +163,25 @@
files_read_etc_files(pegasus_t)
files_list_var_lib(pegasus_t)
+@@ -122,15 +129,7 @@
+ udev_read_db(pegasus_t)
+ ')
+
+-ifdef(`TODO',`
+-optional_policy(`rhgb.te',`
+- rhgb_domain(pegasus_t)
+-')
+-') dnl end TODO
++files_create_tmp_files(pegasus_t, pegasus_tmp_t, { file dir })
++allow pegasus_t pegasus_tmp_t:dir create_dir_perms;
++allow pegasus_t pegasus_tmp_t:file create_file_perms;
+
+-# bad rules
+-type pegasus_conf_exec_t, entry_type;
+-files_type(pegasus_conf_exec_t)
+-allow pegasus_conf_exec_t pegasus_conf_t:dir rw_dir_perms;
+-allow pegasus_conf_exec_t pegasus_conf_t:file create_file_perms;
+-allow pegasus_conf_exec_t pegasus_conf_t:lnk_file create_lnk_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.0.5/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2005-11-14 18:24:07.000000000 -0500
+++ serefpolicy-2.0.5/policy/modules/services/rpc.te 2005-11-23 15:51:34.000000000 -0500
More information about the fedora-cvs-commits
mailing list