rpms/selinux-policy-strict/devel policy-20051021.patch, 1.11, 1.12 selinux-policy-strict.spec, 1.410, 1.411

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Oct 31 16:06:56 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26401

Modified Files:
	policy-20051021.patch selinux-policy-strict.spec 
Log Message:
* Mon Oct 31 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-11
- Fix spamc and postfix


policy-20051021.patch:
 Makefile                                 |   14 -
 attrib.te                                |   18 +
 domains/admin.te                         |    2 
 domains/misc/kernel.te                   |    2 
 domains/program/fsadm.te                 |    2 
 domains/program/ifconfig.te              |    2 
 domains/program/init.te                  |    2 
 domains/program/initrc.te                |   13 +
 domains/program/logrotate.te             |    2 
 domains/program/modutil.te               |    8 
 domains/program/newrole.te               |    4 
 domains/program/restorecon.te            |    4 
 domains/program/setfiles.te              |    2 
 domains/program/ssh.te                   |    2 
 domains/program/su.te                    |    4 
 domains/program/syslogd.te               |    4 
 domains/program/tmpreaper.te             |    2 
 domains/program/unused/NetworkManager.te |   10 +
 domains/program/unused/amanda.te         |   21 +-
 domains/program/unused/apache.te         |   15 +
 domains/program/unused/apmd.te           |   13 +
 domains/program/unused/auditd.te         |    6 
 domains/program/unused/avahi.te          |   31 +++
 domains/program/unused/bluetooth.te      |   57 +++++
 domains/program/unused/cups.te           |   11 -
 domains/program/unused/dbusd.te          |    2 
 domains/program/unused/dhcpc.te          |    3 
 domains/program/unused/dhcpd.te          |    3 
 domains/program/unused/exim.te           |  309 +++++++++++++++++++++++++++++++
 domains/program/unused/ftpd.te           |    6 
 domains/program/unused/hald.te           |    5 
 domains/program/unused/hotplug.te        |    5 
 domains/program/unused/ipsec.te          |    2 
 domains/program/unused/kudzu.te          |    3 
 domains/program/unused/mysqld.te         |    6 
 domains/program/unused/named.te          |   17 +
 domains/program/unused/nscd.te           |    1 
 domains/program/unused/ntpd.te           |    5 
 domains/program/unused/pamconsole.te     |    2 
 domains/program/unused/pegasus.te        |   16 +
 domains/program/unused/ping.te           |    2 
 domains/program/unused/postfix.te        |   54 +++--
 domains/program/unused/postgresql.te     |   11 -
 domains/program/unused/pppd.te           |   22 +-
 domains/program/unused/rpcd.te           |   16 +
 domains/program/unused/rpm.te            |    4 
 domains/program/unused/rsync.te          |    3 
 domains/program/unused/samba.te          |    3 
 domains/program/unused/saslauthd.te      |    1 
 domains/program/unused/sendmail.te       |    3 
 domains/program/unused/snmpd.te          |    1 
 domains/program/unused/spamd.te          |   28 --
 domains/program/unused/udev.te           |    8 
 domains/program/unused/webalizer.te      |    3 
 domains/program/unused/xdm.te            |    2 
 domains/program/unused/yppasswdd.te      |   40 ++++
 file_contexts/distros.fc                 |    1 
 file_contexts/program/apache.fc          |    2 
 file_contexts/program/avahi.fc           |    4 
 file_contexts/program/backup.fc          |    2 
 file_contexts/program/bluetooth.fc       |    2 
 file_contexts/program/dhcpc.fc           |    1 
 file_contexts/program/dhcpd.fc           |    5 
 file_contexts/program/exim.fc            |   18 +
 file_contexts/program/ftpd.fc            |    5 
 file_contexts/program/games.fc           |    3 
 file_contexts/program/kudzu.fc           |    2 
 file_contexts/program/pegasus.fc         |    6 
 file_contexts/program/rshd.fc            |    1 
 file_contexts/program/rsync.fc           |    2 
 file_contexts/program/squid.fc           |    3 
 file_contexts/program/yppasswdd.fc       |    2 
 file_contexts/types.fc                   |    4 
 genfs_contexts                           |    1 
 macros/base_user_macros.te               |    7 
 macros/global_macros.te                  |   25 --
 macros/home_macros.te                    |    9 
 macros/program/chkpwd_macros.te          |    7 
 macros/program/dbusd_macros.te           |    1 
 macros/program/exim_macros.te            |   75 +++++++
 macros/program/su_macros.te              |    2 
 macros/program/ypbind_macros.te          |    1 
 macros/user_macros.te                    |    1 
 man/man8/ftpd_selinux.8                  |   19 +
 man/man8/httpd_selinux.8                 |    9 
 man/man8/rsync_selinux.8                 |   12 -
 man/man8/samba_selinux.8                 |    9 
 mcs                                      |  194 ++++++-------------
 mls                                      |  227 ++++++++--------------
 targeted/assert.te                       |    2 
 targeted/domains/program/sendmail.te     |    1 
 targeted/domains/program/ssh.te          |    2 
 targeted/domains/program/xdm.te          |    4 
 targeted/domains/unconfined.te           |    8 
 tunables/distro.tun                      |    2 
 tunables/tunable.tun                     |    4 
 types/devpts.te                          |    4 
 types/file.te                            |   43 +---
 types/network.te                         |   10 -
 types/nfs.te                             |    1 
 types/security.te                        |    2 
 101 files changed, 1073 insertions(+), 509 deletions(-)

Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20051021.patch	29 Oct 2005 00:53:20 -0000	1.11
+++ policy-20051021.patch	31 Oct 2005 16:06:49 -0000	1.12
@@ -448,8 +448,8 @@
  allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/avahi.te policy-1.27.2/domains/program/unused/avahi.te
 --- nsapolicy/domains/program/unused/avahi.te	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.2/domains/program/unused/avahi.te	2005-10-28 15:20:50.000000000 -0400
-@@ -0,0 +1,29 @@
++++ policy-1.27.2/domains/program/unused/avahi.te	2005-10-31 10:40:30.000000000 -0500
+@@ -0,0 +1,31 @@
 +#DESC avahi - mDNS/DNS-SD daemon implementing Apple’s ZeroConf architecture
 +#
 +# Author:  Dan Walsh <dwalsh at redhat.com>
@@ -475,9 +475,11 @@
 +
 +ifdef(`dbusd.te', `
 +dbusd_client(system, avahi)
++ifdef(`targeted_policy', `
 +allow avahi_t unconfined_t:dbus send_msg;
 +allow unconfined_t avahi_t:dbus send_msg;
 +')
++')
 +
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.27.2/domains/program/unused/bluetooth.te
 --- nsapolicy/domains/program/unused/bluetooth.te	2005-10-21 11:36:15.000000000 -0400
@@ -1223,7 +1225,7 @@
  
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.27.2/domains/program/unused/postfix.te
 --- nsapolicy/domains/program/unused/postfix.te	2005-10-21 11:36:15.000000000 -0400
-+++ policy-1.27.2/domains/program/unused/postfix.te	2005-10-28 13:42:12.000000000 -0400
++++ policy-1.27.2/domains/program/unused/postfix.te	2005-10-31 10:51:39.000000000 -0500
 @@ -54,6 +54,8 @@
  allow postfix_$1_t proc_net_t:dir search;
  allow postfix_$1_t proc_net_t:file { getattr read };
@@ -1346,7 +1348,7 @@
 -can_exec(postfix_local_t, shell_exec_t)
 +tmp_domain(postfix_local)
 +can_exec(postfix_local_t,{ shell_exec_t bin_t })
-+ifdef(`spamc.te'
++ifdef(`spamc.te', `
 +can_exec(postfix_local_t, spamc_exec_t)
 +')
 +allow postfix_local_t mail_spool_t:dir { remove_name };
@@ -1567,6 +1569,14 @@
  
  allow smbd_t usr_t:file { getattr read };
  
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/saslauthd.te policy-1.27.2/domains/program/unused/saslauthd.te
+--- nsapolicy/domains/program/unused/saslauthd.te	2005-09-16 11:17:10.000000000 -0400
++++ policy-1.27.2/domains/program/unused/saslauthd.te	2005-10-31 09:50:32.000000000 -0500
+@@ -39,3 +39,4 @@
+ allow saslauthd_t mysqld_db_t:dir search;
+ allow saslauthd_t mysqld_var_run_t:sock_file rw_file_perms;
+ ')
++dontaudit saslauthd_t self:capability setuid;
 diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/sendmail.te policy-1.27.2/domains/program/unused/sendmail.te
 --- nsapolicy/domains/program/unused/sendmail.te	2005-09-12 16:40:29.000000000 -0400
 +++ policy-1.27.2/domains/program/unused/sendmail.te	2005-10-27 10:26:28.000000000 -0400
@@ -2903,8 +2913,8 @@
  ')
 diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.27.2/targeted/domains/unconfined.te
 --- nsapolicy/targeted/domains/unconfined.te	2005-10-21 11:36:16.000000000 -0400
-+++ policy-1.27.2/targeted/domains/unconfined.te	2005-10-27 10:26:29.000000000 -0400
-@@ -81,10 +81,11 @@
++++ policy-1.27.2/targeted/domains/unconfined.te	2005-10-31 10:01:05.000000000 -0500
+@@ -81,10 +81,12 @@
  typealias bin_t alias i18n_input_exec_t;
  typealias unconfined_t alias i18n_input_t;
  typealias var_run_t alias i18n_input_var_run_t;
@@ -2919,6 +2929,7 @@
  role system_r types sysadm_su_t;
 +')
 +
++dontaudit unconfined_t domain:file read;
 diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.27.2/tunables/distro.tun
 --- nsapolicy/tunables/distro.tun	2005-09-12 16:40:26.000000000 -0400
 +++ policy-1.27.2/tunables/distro.tun	2005-10-27 10:26:29.000000000 -0400


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.410
retrieving revision 1.411
diff -u -r1.410 -r1.411
--- selinux-policy-strict.spec	29 Oct 2005 00:53:20 -0000	1.410
+++ selinux-policy-strict.spec	31 Oct 2005 16:06:49 -0000	1.411
@@ -9,7 +9,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.27.2
-Release: 10
+Release: 11
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -245,6 +245,9 @@
 exit 0
 
 %changelog
+* Mon Oct 31 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-11
+- Fix spamc and postfix
+
 * Fri Oct 28 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-10
 - Fix file_context
 




More information about the fedora-cvs-commits mailing list