rpms/selinux-policy/devel policy-20051114.patch, 1.14, 1.15 selinux-policy.spec, 1.22, 1.23
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Nov 29 17:32:12 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29088
Modified Files:
policy-20051114.patch selinux-policy.spec
Log Message:
* Tue Nov 29 2003 Dan Walsh <dwalsh at redhat.com> 2.0.6-2
- Fixes for dovecot and saslauthd
policy-20051114.patch:
Makefile | 4 ++--
policy/modules/admin/su.if | 1 +
policy/modules/services/cups.te | 2 +-
policy/modules/services/dovecot.te | 2 ++
policy/modules/services/privoxy.fc | 3 +--
policy/modules/services/privoxy.te | 5 +++++
policy/modules/services/procmail.te | 1 +
policy/modules/services/sasl.te | 3 +++
policy/modules/system/mount.te | 4 +---
9 files changed, 17 insertions(+), 8 deletions(-)
Index: policy-20051114.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051114.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- policy-20051114.patch 29 Nov 2005 05:22:53 -0000 1.14
+++ policy-20051114.patch 29 Nov 2005 17:32:09 -0000 1.15
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.0.6/Makefile
--- nsaserefpolicy/Makefile 2005-11-23 10:06:37.000000000 -0500
-+++ serefpolicy-2.0.6/Makefile 2005-11-29 00:17:17.000000000 -0500
++++ serefpolicy-2.0.6/Makefile 2005-11-29 11:10:17.000000000 -0500
@@ -54,7 +54,7 @@
# This is a build option, as role transitions do
# not work in conditional policy.
@@ -19,9 +19,46 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.0.6/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if 2005-11-25 08:11:10.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/admin/su.if 2005-11-29 11:10:17.000000000 -0500
+@@ -57,6 +57,7 @@
+ domain_use_wide_inherit_fd($1_su_t)
+
+ files_read_etc_files($1_su_t)
++ files_read_etc_runtime_files($1_su_t)
+ files_search_var_lib($1_su_t)
+
+ init_dontaudit_use_fd($1_su_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.0.6/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/cups.te 2005-11-29 11:10:24.000000000 -0500
+@@ -663,7 +663,7 @@
+ allow initrc_t cupsd_t:dbus send_msg;
+ allow { cupsd_config_t cupsd_t } unconfined_t:dbus send_msg;
+ allow unconfined_t cupsd_config_t:dbus send_msg;
+- allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file read;
++ allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file r_file_perms;
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.0.6/policy/modules/services/dovecot.te
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/dovecot.te 2005-11-29 11:10:17.000000000 -0500
+@@ -159,8 +159,10 @@
+ dev_read_urand(dovecot_auth_t)
+
+ auth_domtrans_chk_passwd(dovecot_auth_t)
++auth_use_nsswitch(dovecot_auth_t)
+
+ files_read_etc_files(dovecot_auth_t)
++files_read_etc_runtime_files(dovecot_auth_t)
+ files_search_pids(dovecot_auth_t)
+
+ libs_use_ld_so(dovecot_auth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-2.0.6/policy/modules/services/privoxy.fc
--- nsaserefpolicy/policy/modules/services/privoxy.fc 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.0.6/policy/modules/services/privoxy.fc 2005-11-29 00:21:41.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/privoxy.fc 2005-11-29 11:10:17.000000000 -0500
@@ -1,4 +1,3 @@
-
/usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0)
@@ -30,7 +67,7 @@
+/etc/privoxy/user\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-2.0.6/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2005-11-28 10:42:53.000000000 -0500
-+++ serefpolicy-2.0.6/policy/modules/services/privoxy.te 2005-11-29 00:20:28.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/privoxy.te 2005-11-29 11:10:17.000000000 -0500
@@ -16,6 +16,9 @@
type privoxy_var_run_t;
files_pid_file(privoxy_var_run_t)
@@ -50,3 +87,45 @@
allow privoxy_t privoxy_var_run_t:file create_file_perms;
allow privoxy_t privoxy_var_run_t:dir rw_dir_perms;
files_create_pid(privoxy_t,privoxy_var_run_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.0.6/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te 2005-11-25 08:11:12.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/procmail.te 2005-11-29 11:10:17.000000000 -0500
+@@ -39,6 +39,7 @@
+ corenet_udp_sendrecv_all_ports(procmail_t)
+ corenet_tcp_bind_all_nodes(procmail_t)
+ corenet_udp_bind_all_nodes(procmail_t)
++corenet_tcp_connect_spamd_port(procmail_t)
+
+ dev_read_urand(procmail_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.0.6/policy/modules/services/sasl.te
+--- nsaserefpolicy/policy/modules/services/sasl.te 2005-11-28 10:42:53.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/services/sasl.te 2005-11-29 11:10:17.000000000 -0500
+@@ -50,10 +50,13 @@
+ term_dontaudit_use_console(saslauthd_t)
+
+ auth_domtrans_chk_passwd(saslauthd_t)
++auth_use_nsswitch(dovecot_auth_t)
+
+ domain_use_wide_inherit_fd(saslauthd_t)
+
+ files_read_etc_files(saslauthd_t)
++files_read_etc_runtime_files(saslauthd_t)
++
+ files_search_var_lib(saslauthd_t)
+ files_dontaudit_getattr_home_dir(saslauthd_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.0.6/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te 2005-11-28 10:42:54.000000000 -0500
++++ serefpolicy-2.0.6/policy/modules/system/mount.te 2005-11-29 12:20:55.000000000 -0500
+@@ -95,9 +95,7 @@
+
+ optional_policy(`portmap',`
+ # for nfs
+- #allow portmap_t mount_t:udp_socket { sendto recvfrom };
+- #allow mount_t portmap_t:udp_socket { sendto recvfrom };
+- #allow mount_t rpc_pipefs_t:dir search;
++ fs_read_rpc_dirs(mount_t)
+ corenet_tcp_sendrecv_all_if(mount_t)
+ corenet_raw_sendrecv_all_if(mount_t)
+ corenet_udp_sendrecv_all_if(mount_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- selinux-policy.spec 29 Nov 2005 05:22:53 -0000 1.22
+++ selinux-policy.spec 29 Nov 2005 17:32:09 -0000 1.23
@@ -5,12 +5,12 @@
%define polname2 mls
%define polname3 strict
%define POLICYVER 20
-%define POLICYCOREUTILSVER 1.27.28-3
+%define POLICYCOREUTILSVER 1.27.29-1
%define CHECKPOLICYVER 1.27.17-7
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.0.6
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -237,6 +237,9 @@
%changelog
+* Tue Nov 29 2003 Dan Walsh <dwalsh at redhat.com> 2.0.6-2
+- Fixes for dovecot and saslauthd
+
* Wed Nov 23 2003 Dan Walsh <dwalsh at redhat.com> 2.0.5-4
- Cleanup pegasus and named
- Fix spec file
More information about the fedora-cvs-commits
mailing list