rpms/selinux-policy-strict/devel policy-20051021.patch, 1.11, 1.12 selinux-policy-strict.spec, 1.410, 1.411
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 31 16:06:56 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26401
Modified Files:
policy-20051021.patch selinux-policy-strict.spec
Log Message:
* Mon Oct 31 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-11
- Fix spamc and postfix
policy-20051021.patch:
Makefile | 14 -
attrib.te | 18 +
domains/admin.te | 2
domains/misc/kernel.te | 2
domains/program/fsadm.te | 2
domains/program/ifconfig.te | 2
domains/program/init.te | 2
domains/program/initrc.te | 13 +
domains/program/logrotate.te | 2
domains/program/modutil.te | 8
domains/program/newrole.te | 4
domains/program/restorecon.te | 4
domains/program/setfiles.te | 2
domains/program/ssh.te | 2
domains/program/su.te | 4
domains/program/syslogd.te | 4
domains/program/tmpreaper.te | 2
domains/program/unused/NetworkManager.te | 10 +
domains/program/unused/amanda.te | 21 +-
domains/program/unused/apache.te | 15 +
domains/program/unused/apmd.te | 13 +
domains/program/unused/auditd.te | 6
domains/program/unused/avahi.te | 31 +++
domains/program/unused/bluetooth.te | 57 +++++
domains/program/unused/cups.te | 11 -
domains/program/unused/dbusd.te | 2
domains/program/unused/dhcpc.te | 3
domains/program/unused/dhcpd.te | 3
domains/program/unused/exim.te | 309 +++++++++++++++++++++++++++++++
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 3
domains/program/unused/mysqld.te | 6
domains/program/unused/named.te | 17 +
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 16 +
domains/program/unused/ping.te | 2
domains/program/unused/postfix.te | 54 +++--
domains/program/unused/postgresql.te | 11 -
domains/program/unused/pppd.te | 22 +-
domains/program/unused/rpcd.te | 16 +
domains/program/unused/rpm.te | 4
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 3
domains/program/unused/saslauthd.te | 1
domains/program/unused/sendmail.te | 3
domains/program/unused/snmpd.te | 1
domains/program/unused/spamd.te | 28 --
domains/program/unused/udev.te | 8
domains/program/unused/webalizer.te | 3
domains/program/unused/xdm.te | 2
domains/program/unused/yppasswdd.te | 40 ++++
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 2
file_contexts/program/avahi.fc | 4
file_contexts/program/backup.fc | 2
file_contexts/program/bluetooth.fc | 2
file_contexts/program/dhcpc.fc | 1
file_contexts/program/dhcpd.fc | 5
file_contexts/program/exim.fc | 18 +
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 3
file_contexts/program/kudzu.fc | 2
file_contexts/program/pegasus.fc | 6
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/squid.fc | 3
file_contexts/program/yppasswdd.fc | 2
file_contexts/types.fc | 4
genfs_contexts | 1
macros/base_user_macros.te | 7
macros/global_macros.te | 25 --
macros/home_macros.te | 9
macros/program/chkpwd_macros.te | 7
macros/program/dbusd_macros.te | 1
macros/program/exim_macros.te | 75 +++++++
macros/program/su_macros.te | 2
macros/program/ypbind_macros.te | 1
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 +
man/man8/httpd_selinux.8 | 9
man/man8/rsync_selinux.8 | 12 -
man/man8/samba_selinux.8 | 9
mcs | 194 ++++++-------------
mls | 227 ++++++++--------------
targeted/assert.te | 2
targeted/domains/program/sendmail.te | 1
targeted/domains/program/ssh.te | 2
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 8
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 4
types/file.te | 43 +---
types/network.te | 10 -
types/nfs.te | 1
types/security.te | 2
101 files changed, 1073 insertions(+), 509 deletions(-)
Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20051021.patch 29 Oct 2005 00:53:20 -0000 1.11
+++ policy-20051021.patch 31 Oct 2005 16:06:49 -0000 1.12
@@ -448,8 +448,8 @@
allow auditd_t self:capability { audit_write audit_control sys_nice sys_resource };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/avahi.te policy-1.27.2/domains/program/unused/avahi.te
--- nsapolicy/domains/program/unused/avahi.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.2/domains/program/unused/avahi.te 2005-10-28 15:20:50.000000000 -0400
-@@ -0,0 +1,29 @@
++++ policy-1.27.2/domains/program/unused/avahi.te 2005-10-31 10:40:30.000000000 -0500
+@@ -0,0 +1,31 @@
+#DESC avahi - mDNS/DNS-SD daemon implementing Appleâs ZeroConf architecture
+#
+# Author: Dan Walsh <dwalsh at redhat.com>
@@ -475,9 +475,11 @@
+
+ifdef(`dbusd.te', `
+dbusd_client(system, avahi)
++ifdef(`targeted_policy', `
+allow avahi_t unconfined_t:dbus send_msg;
+allow unconfined_t avahi_t:dbus send_msg;
+')
++')
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.27.2/domains/program/unused/bluetooth.te
--- nsapolicy/domains/program/unused/bluetooth.te 2005-10-21 11:36:15.000000000 -0400
@@ -1223,7 +1225,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.27.2/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2005-10-21 11:36:15.000000000 -0400
-+++ policy-1.27.2/domains/program/unused/postfix.te 2005-10-28 13:42:12.000000000 -0400
++++ policy-1.27.2/domains/program/unused/postfix.te 2005-10-31 10:51:39.000000000 -0500
@@ -54,6 +54,8 @@
allow postfix_$1_t proc_net_t:dir search;
allow postfix_$1_t proc_net_t:file { getattr read };
@@ -1346,7 +1348,7 @@
-can_exec(postfix_local_t, shell_exec_t)
+tmp_domain(postfix_local)
+can_exec(postfix_local_t,{ shell_exec_t bin_t })
-+ifdef(`spamc.te'
++ifdef(`spamc.te', `
+can_exec(postfix_local_t, spamc_exec_t)
+')
+allow postfix_local_t mail_spool_t:dir { remove_name };
@@ -1567,6 +1569,14 @@
allow smbd_t usr_t:file { getattr read };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/saslauthd.te policy-1.27.2/domains/program/unused/saslauthd.te
+--- nsapolicy/domains/program/unused/saslauthd.te 2005-09-16 11:17:10.000000000 -0400
++++ policy-1.27.2/domains/program/unused/saslauthd.te 2005-10-31 09:50:32.000000000 -0500
+@@ -39,3 +39,4 @@
+ allow saslauthd_t mysqld_db_t:dir search;
+ allow saslauthd_t mysqld_var_run_t:sock_file rw_file_perms;
+ ')
++dontaudit saslauthd_t self:capability setuid;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/sendmail.te policy-1.27.2/domains/program/unused/sendmail.te
--- nsapolicy/domains/program/unused/sendmail.te 2005-09-12 16:40:29.000000000 -0400
+++ policy-1.27.2/domains/program/unused/sendmail.te 2005-10-27 10:26:28.000000000 -0400
@@ -2903,8 +2913,8 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.27.2/targeted/domains/unconfined.te
--- nsapolicy/targeted/domains/unconfined.te 2005-10-21 11:36:16.000000000 -0400
-+++ policy-1.27.2/targeted/domains/unconfined.te 2005-10-27 10:26:29.000000000 -0400
-@@ -81,10 +81,11 @@
++++ policy-1.27.2/targeted/domains/unconfined.te 2005-10-31 10:01:05.000000000 -0500
+@@ -81,10 +81,12 @@
typealias bin_t alias i18n_input_exec_t;
typealias unconfined_t alias i18n_input_t;
typealias var_run_t alias i18n_input_var_run_t;
@@ -2919,6 +2929,7 @@
role system_r types sysadm_su_t;
+')
+
++dontaudit unconfined_t domain:file read;
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.27.2/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2005-09-12 16:40:26.000000000 -0400
+++ policy-1.27.2/tunables/distro.tun 2005-10-27 10:26:29.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.410
retrieving revision 1.411
diff -u -r1.410 -r1.411
--- selinux-policy-strict.spec 29 Oct 2005 00:53:20 -0000 1.410
+++ selinux-policy-strict.spec 31 Oct 2005 16:06:49 -0000 1.411
@@ -9,7 +9,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.2
-Release: 10
+Release: 11
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -245,6 +245,9 @@
exit 0
%changelog
+* Mon Oct 31 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-11
+- Fix spamc and postfix
+
* Fri Oct 28 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-10
- Fix file_context
More information about the fedora-cvs-commits
mailing list