rpms/selinux-policy/devel policy-20051114.patch, 1.14, 1.15 selinux-policy.spec, 1.22, 1.23

Tue Nov 29 17:32:12 UTC 2005

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29088

Modified Files:
	policy-20051114.patch selinux-policy.spec 
Log Message:
* Tue Nov 29 2003 Dan Walsh <dwalsh at redhat.com> 2.0.6-2
- Fixes for dovecot and saslauthd


policy-20051114.patch:
 Makefile                            |    4 ++--
 policy/modules/admin/su.if          |    1 +
 policy/modules/services/cups.te     |    2 +-
 policy/modules/services/dovecot.te  |    2 ++
 policy/modules/services/privoxy.fc  |    3 +--
 policy/modules/services/privoxy.te  |    5 +++++
 policy/modules/services/procmail.te |    1 +
 policy/modules/services/sasl.te     |    3 +++
 policy/modules/system/mount.te      |    4 +---
 9 files changed, 17 insertions(+), 8 deletions(-)

Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15

--- policy-20051114.patch	29 Nov 2005 05:22:53 -0000	1.14
+++ policy-20051114.patch	29 Nov 2005 17:32:09 -0000	1.15
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.6/Makefile
 --- nsaserefpolicy/Makefile	2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.6/Makefile	2005-11-29 00:17:17.000000000 -0500
++++ serefpolicy-2.0.6/Makefile	2005-11-29 11:10:17.000000000 -0500
 @@ -54,7 +54,7 @@
  # This is a build option, as role transitions do
  # not work in conditional policy.
@@ -19,9 +19,46 @@
  	override CHECKPOLICY += -M
  	override CHECKMODULE += -M
  endif
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.0.6/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if	2005-11-25 08:11:10.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/admin/su.if	2005-11-29 11:10:17.000000000 -0500
+@@ -57,6 +57,7 @@
+ 	domain_use_wide_inherit_fd($1_su_t)
+ 
+ 	files_read_etc_files($1_su_t)
++	files_read_etc_runtime_files($1_su_t)
+ 	files_search_var_lib($1_su_t)
+ 
+ 	init_dontaudit_use_fd($1_su_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.0.6/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te	2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/cups.te	2005-11-29 11:10:24.000000000 -0500
+@@ -663,7 +663,7 @@
+ 	allow initrc_t cupsd_t:dbus send_msg;
+ 	allow { cupsd_config_t cupsd_t } unconfined_t:dbus send_msg;
+ 	allow unconfined_t cupsd_config_t:dbus send_msg;
+-	allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file read;
++	allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file r_file_perms;
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.0.6/policy/modules/services/dovecot.te
+--- nsaserefpolicy/policy/modules/services/dovecot.te	2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/dovecot.te	2005-11-29 11:10:17.000000000 -0500
+@@ -159,8 +159,10 @@
+ dev_read_urand(dovecot_auth_t)
+ 
+ auth_domtrans_chk_passwd(dovecot_auth_t)
++auth_use_nsswitch(dovecot_auth_t)
+ 
+ files_read_etc_files(dovecot_auth_t)
++files_read_etc_runtime_files(dovecot_auth_t)
+ files_search_pids(dovecot_auth_t)
+ 
+ libs_use_ld_so(dovecot_auth_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-2.0.6/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.6/policy/modules/services/privoxy.fc	2005-11-29 00:21:41.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/privoxy.fc	2005-11-29 11:10:17.000000000 -0500
 @@ -1,4 +1,3 @@
 -
  /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
@@ -30,7 +67,7 @@
 +/etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-2.0.6/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2005-11-28 10:42:53.000000000 -0500
-+++ serefpolicy-2.0.6/policy/modules/services/privoxy.te	2005-11-29 00:20:28.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/privoxy.te	2005-11-29 11:10:17.000000000 -0500
 @@ -16,6 +16,9 @@
  type privoxy_var_run_t;
  files_pid_file(privoxy_var_run_t)
@@ -50,3 +87,45 @@
  allow privoxy_t privoxy_var_run_t:file create_file_perms;
  allow privoxy_t privoxy_var_run_t:dir rw_dir_perms;
  files_create_pid(privoxy_t,privoxy_var_run_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.0.6/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te	2005-11-25 08:11:12.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/procmail.te	2005-11-29 11:10:17.000000000 -0500
+@@ -39,6 +39,7 @@
+ corenet_udp_sendrecv_all_ports(procmail_t)
+ corenet_tcp_bind_all_nodes(procmail_t)
+ corenet_udp_bind_all_nodes(procmail_t)
++corenet_tcp_connect_spamd_port(procmail_t)
+ 
+ dev_read_urand(procmail_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.0.6/policy/modules/services/sasl.te
+--- nsaserefpolicy/policy/modules/services/sasl.te	2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/sasl.te	2005-11-29 11:10:17.000000000 -0500
+@@ -50,10 +50,13 @@
+ term_dontaudit_use_console(saslauthd_t)
+ 
+ auth_domtrans_chk_passwd(saslauthd_t)
++auth_use_nsswitch(dovecot_auth_t)
+ 
+ domain_use_wide_inherit_fd(saslauthd_t)
+ 
+ files_read_etc_files(saslauthd_t)
++files_read_etc_runtime_files(saslauthd_t)
++
+ files_search_var_lib(saslauthd_t)
+ files_dontaudit_getattr_home_dir(saslauthd_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.6/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te	2005-11-28 10:42:54.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/system/mount.te	2005-11-29 12:20:55.000000000 -0500
+@@ -95,9 +95,7 @@
+ 
+ optional_policy(`portmap',`
+ 	# for nfs
+-	#allow portmap_t mount_t:udp_socket { sendto recvfrom };
+-	#allow mount_t portmap_t:udp_socket { sendto recvfrom };
+-	#allow mount_t rpc_pipefs_t:dir search;
++	fs_read_rpc_dirs(mount_t)
+ 	corenet_tcp_sendrecv_all_if(mount_t)
+ 	corenet_raw_sendrecv_all_if(mount_t)
+ 	corenet_udp_sendrecv_all_if(mount_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- selinux-policy.spec	29 Nov 2005 05:22:53 -0000	1.22
+++ selinux-policy.spec	29 Nov 2005 17:32:09 -0000	1.23
@@ -5,12 +5,12 @@
 %define polname2 mls
 %define polname3 strict
 %define POLICYVER 20
-%define POLICYCOREUTILSVER 1.27.28-3
+%define POLICYCOREUTILSVER 1.27.29-1
 %define CHECKPOLICYVER 1.27.17-7
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.0.6
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -237,6 +237,9 @@
 
 
 %changelog
+* Tue Nov 29 2003 Dan Walsh <dwalsh at redhat.com> 2.0.6-2
+- Fixes for dovecot and saslauthd
+
 * Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
 - Cleanup pegasus and named 
 - Fix spec file


