rpms/selinux-policy-strict/devel policy-20051021.patch, 1.8, 1.9 selinux-policy-strict.spec, 1.407, 1.408
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Oct 28 14:41:55 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16672
Modified Files:
policy-20051021.patch selinux-policy-strict.spec
Log Message:
* Fri Oct 28 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-8
- Allow spamd to rewrite ~/.spamassin file
policy-20051021.patch:
Makefile | 14 -
attrib.te | 18 +
domains/admin.te | 2
domains/misc/kernel.te | 2
domains/program/fsadm.te | 2
domains/program/ifconfig.te | 2
domains/program/init.te | 2
domains/program/initrc.te | 13 +
domains/program/logrotate.te | 2
domains/program/modutil.te | 8
domains/program/newrole.te | 4
domains/program/restorecon.te | 4
domains/program/setfiles.te | 2
domains/program/ssh.te | 2
domains/program/su.te | 4
domains/program/syslogd.te | 4
domains/program/tmpreaper.te | 2
domains/program/unused/NetworkManager.te | 10 +
domains/program/unused/amanda.te | 21 +-
domains/program/unused/apache.te | 15 +
domains/program/unused/apmd.te | 13 +
domains/program/unused/auditd.te | 6
domains/program/unused/bluetooth.te | 57 +++++
domains/program/unused/cups.te | 11 -
domains/program/unused/dbusd.te | 2
domains/program/unused/dhcpc.te | 3
domains/program/unused/dhcpd.te | 3
domains/program/unused/exim.te | 309 +++++++++++++++++++++++++++++++
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 3
domains/program/unused/mysqld.te | 6
domains/program/unused/named.te | 17 +
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 16 +
domains/program/unused/ping.te | 2
domains/program/unused/postfix.te | 50 +++--
domains/program/unused/postgresql.te | 11 -
domains/program/unused/pppd.te | 22 +-
domains/program/unused/rpcd.te | 16 +
domains/program/unused/rpm.te | 4
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 3
domains/program/unused/sendmail.te | 3
domains/program/unused/snmpd.te | 1
domains/program/unused/spamd.te | 28 --
domains/program/unused/udev.te | 8
domains/program/unused/webalizer.te | 3
domains/program/unused/xdm.te | 2
domains/program/unused/yppasswdd.te | 40 ++++
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 2
file_contexts/program/backup.fc | 2
file_contexts/program/bluetooth.fc | 2
file_contexts/program/dhcpc.fc | 1
file_contexts/program/dhcpd.fc | 5
file_contexts/program/exim.fc | 18 +
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 3
file_contexts/program/kudzu.fc | 2
file_contexts/program/pegasus.fc | 6
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/squid.fc | 3
file_contexts/program/yppasswdd.fc | 2
file_contexts/types.fc | 4
genfs_contexts | 1
macros/base_user_macros.te | 7
macros/global_macros.te | 25 --
macros/home_macros.te | 9
macros/program/chkpwd_macros.te | 7
macros/program/dbusd_macros.te | 1
macros/program/exim_macros.te | 75 +++++++
macros/program/su_macros.te | 2
macros/program/ypbind_macros.te | 1
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 +
man/man8/httpd_selinux.8 | 9
man/man8/rsync_selinux.8 | 12 -
man/man8/samba_selinux.8 | 9
mcs | 194 ++++++-------------
mls | 227 ++++++++--------------
targeted/assert.te | 2
targeted/domains/program/sendmail.te | 1
targeted/domains/program/ssh.te | 2
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 7
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 4
types/file.te | 43 +---
types/network.te | 10 -
types/nfs.te | 1
types/security.te | 2
98 files changed, 1032 insertions(+), 509 deletions(-)
Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- policy-20051021.patch 27 Oct 2005 21:19:56 -0000 1.8
+++ policy-20051021.patch 28 Oct 2005 14:41:47 -0000 1.9
@@ -1548,9 +1548,13 @@
dontaudit snmpd_t selinux_config_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/spamd.te policy-1.27.2/domains/program/unused/spamd.te
--- nsapolicy/domains/program/unused/spamd.te 2005-09-12 16:40:29.000000000 -0400
-+++ policy-1.27.2/domains/program/unused/spamd.te 2005-10-27 17:16:01.000000000 -0400
-@@ -13,16 +13,17 @@
++++ policy-1.27.2/domains/program/unused/spamd.te 2005-10-28 10:40:44.000000000 -0400
+@@ -9,20 +9,22 @@
+ tmp_domain(spamd)
+
+-allow spamd_t spamd_port_t:tcp_socket name_bind;
+-
general_domain_access(spamd_t)
uses_shlib(spamd_t)
-can_ypbind(spamd_t)
@@ -1561,15 +1565,18 @@
dontaudit spamd_t shadow_t:file { getattr read };
dontaudit spamd_t initrc_var_run_t:file { read write lock };
-dontaudit spamd_t sysadm_home_dir_t:dir getattr;
-+dontaudit spamd_t home_dir_type:dir { getattr search };
++dontaudit spamd_t sysadm_home_dir_t:dir { getattr search };
can_network_server(spamd_t)
++allow spamd_t spamd_port_t:tcp_socket name_bind;
++allow spamd_t port_type:udp_socket name_bind;
++dontaudit spamd_t reserved_port_type:udp_socket name_bind;
+can_ypbind(spamd_t)
+can_resolve(spamd_t)
allow spamd_t self:capability net_bind_service;
allow spamd_t proc_t:file { getattr read };
-@@ -52,20 +53,4 @@
+@@ -52,20 +54,4 @@
allow spamd_t urandom_device_t:chr_file { getattr read };
system_crond_entry(spamd_exec_t, spamd_t)
@@ -1590,7 +1597,7 @@
-allow spamd_t user_home_dir_type:dir { search getattr };
-
-
-+ifdef(`targeted_policy', `home_domain_ro_access(spamd_t, user)')
++ifdef(`targeted_policy', `home_domain_access(spamd_t, user)')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.27.2/domains/program/unused/udev.te
--- nsapolicy/domains/program/unused/udev.te 2005-10-21 11:36:15.000000000 -0400
+++ policy-1.27.2/domains/program/unused/udev.te 2005-10-27 10:26:28.000000000 -0400
@@ -2001,15 +2008,15 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/home_macros.te policy-1.27.2/macros/home_macros.te
--- nsapolicy/macros/home_macros.te 2005-09-12 16:40:26.000000000 -0400
-+++ policy-1.27.2/macros/home_macros.te 2005-10-27 10:26:28.000000000 -0400
++++ policy-1.27.2/macros/home_macros.te 2005-10-28 10:33:44.000000000 -0400
@@ -68,7 +68,11 @@
define(`home_domain_ro_access', `
allow $1 { home_root_t $2_home_dir_t }:dir { search getattr };
read_network_home($1)
-+ifelse($3, `
- r_dir_file($1, $2_$3_ro_home_t)
-+', `
++ifelse($3, `', `
+r_dir_file($1, $2_home_t)
++', `
+ r_dir_file($1, $2_$3_ro_home_t)
+')
') dnl home_domain_ro_access
@@ -2018,11 +2025,11 @@
define(`home_domain_access', `
allow $1 { home_root_t $2_home_dir_t }:dir { search getattr };
write_network_home($1)
-+ifelse($3, `
- create_dir_file($1, $2_$3_home_t)
-+', `
++ifelse($3, `', `
+file_type_auto_trans($1, $2_home_dir_t, $2_home_t)
+create_dir_file($1, $2_home_t)
++', `
+ create_dir_file($1, $2_$3_home_t)
+')
') dnl home_domain_access
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.407
retrieving revision 1.408
diff -u -r1.407 -r1.408
--- selinux-policy-strict.spec 27 Oct 2005 21:19:56 -0000 1.407
+++ selinux-policy-strict.spec 28 Oct 2005 14:41:47 -0000 1.408
@@ -9,7 +9,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.2
-Release: 7
+Release: 8
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -245,6 +245,9 @@
exit 0
%changelog
+* Fri Oct 28 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-8
+- Allow spamd to rewrite ~/.spamassin file
+
* Wed Oct 26 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-7
- Allow spamd to resolve
More information about the fedora-cvs-commits
mailing list