rpms/selinux-policy-targeted/devel policy-20050916.patch, 1.9, 1.10 selinux-policy-targeted.spec, 1.378, 1.379
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Sep 26 20:10:45 UTC 2005
- Previous message (by thread): rpms/selinux-policy-strict/devel policy-20050916.patch, 1.10, 1.11 selinux-policy-strict.spec, 1.384, 1.385
- Next message (by thread): rpms/device-mapper/devel device-mapper.1.01.05.tgz.asc, NONE, 1.1 .cvsignore, 1.12, 1.13 device-mapper.spec, 1.15, 1.16 sources, 1.13, 1.14 upstream, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv22548
Modified Files:
policy-20050916.patch selinux-policy-targeted.spec
Log Message:
* Mon Sep 26 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-8
- Many fixes for postfix and bluetooth
policy-20050916.patch:
Makefile | 22 +++++----
domains/program/crond.te | 2
domains/program/fsadm.te | 7 ++-
domains/program/hostname.te | 2
domains/program/ifconfig.te | 3 -
domains/program/initrc.te | 17 +++++++
domains/program/ldconfig.te | 3 -
domains/program/load_policy.te | 7 +--
domains/program/login.te | 21 ++++++---
domains/program/modutil.te | 14 +++---
domains/program/mount.te | 5 +-
domains/program/netutils.te | 3 -
domains/program/passwd.te | 1
domains/program/restorecon.te | 3 -
domains/program/setfiles.te | 4 -
domains/program/ssh.te | 6 ++
domains/program/su.te | 9 +++
domains/program/syslogd.te | 2
domains/program/unused/NetworkManager.te | 3 -
domains/program/unused/alsa.te | 2
domains/program/unused/amanda.te | 70 +++++++------------------------
domains/program/unused/anaconda.te | 5 --
domains/program/unused/apache.te | 9 ++-
domains/program/unused/apmd.te | 13 +++++
domains/program/unused/auditd.te | 2
domains/program/unused/automount.te | 4 +
domains/program/unused/bluetooth.te | 57 ++++++++++++++++++++++++-
domains/program/unused/cups.te | 16 +++++--
domains/program/unused/cvs.te | 3 +
domains/program/unused/cyrus.te | 2
domains/program/unused/dbusd.te | 4 +
domains/program/unused/dhcpc.te | 5 +-
domains/program/unused/dhcpd.te | 3 -
domains/program/unused/dovecot.te | 4 +
domains/program/unused/hald.te | 2
domains/program/unused/hotplug.te | 1
domains/program/unused/hwclock.te | 2
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 5 +-
domains/program/unused/mta.te | 8 +++
domains/program/unused/mysqld.te | 6 +-
domains/program/unused/named.te | 14 ++++--
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 7 +--
domains/program/unused/openct.te | 16 +++++++
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 31 +++++++++++++
domains/program/unused/ping.te | 3 -
domains/program/unused/postfix.te | 24 ++++++----
domains/program/unused/pppd.te | 7 +--
domains/program/unused/procmail.te | 11 +++-
domains/program/unused/readahead.te | 21 +++++++++
domains/program/unused/rlogind.te | 4 +
domains/program/unused/roundup.te | 29 ++++++++++++
domains/program/unused/rpcd.te | 12 ++++-
domains/program/unused/samba.te | 11 +++-
domains/program/unused/snmpd.te | 5 +-
domains/program/unused/squid.te | 3 -
domains/program/unused/udev.te | 10 +++-
domains/program/unused/utempter.te | 2
domains/program/unused/webalizer.te | 3 +
domains/program/unused/winbind.te | 1
domains/program/unused/xdm.te | 3 +
domains/program/unused/yppasswdd.te | 40 +++++++++++++++++
domains/program/unused/ypserv.te | 1
domains/program/useradd.te | 5 +-
file_contexts/distros.fc | 1
file_contexts/program/bluetooth.fc | 3 +
file_contexts/program/dhcpc.fc | 2
file_contexts/program/dhcpd.fc | 1
file_contexts/program/ftpd.fc | 5 +-
file_contexts/program/games.fc | 11 +++-
file_contexts/program/ipsec.fc | 1
file_contexts/program/openct.fc | 2
file_contexts/program/pegasus.fc | 11 ++++
file_contexts/program/pppd.fc | 2
file_contexts/program/readahead.fc | 1
file_contexts/program/roundup.fc | 2
file_contexts/program/rpm.fc | 4 +
file_contexts/program/rsync.fc | 2
file_contexts/program/xdm.fc | 2
file_contexts/program/yppasswdd.fc | 2
file_contexts/program/ypserv.fc | 1
file_contexts/types.fc | 2
genfs_contexts | 2
macros/core_macros.te | 3 +
macros/global_macros.te | 16 +++++--
macros/network_macros.te | 17 +++++++
macros/program/apache_macros.te | 13 ++++-
macros/program/cdrecord_macros.te | 2
macros/program/i18n_input_macros.te | 21 +++++++++
macros/program/mta_macros.te | 4 -
macros/program/newrole_macros.te | 2
macros/program/pyzor_macros.te | 2
macros/program/razor_macros.te | 2
macros/program/su_macros.te | 2
macros/program/uml_macros.te | 2
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 10 ++--
man/man8/rsync_selinux.8 | 6 +-
mcs | 16 ++++++-
net_contexts | 6 ++
targeted/appconfig/root_default_contexts | 4 +
targeted/domains/program/ssh.te | 3 +
targeted/domains/program/xdm.te | 4 +
targeted/domains/unconfined.te | 18 +++++++
tunables/distro.tun | 2
tunables/tunable.tun | 4 -
types/devpts.te | 4 +
types/file.te | 15 ++++--
types/network.te | 2
types/security.te | 5 ++
112 files changed, 671 insertions(+), 197 deletions(-)
Index: policy-20050916.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/policy-20050916.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- policy-20050916.patch 23 Sep 2005 21:33:30 -0000 1.9
+++ policy-20050916.patch 26 Sep 2005 20:10:42 -0000 1.10
@@ -292,7 +292,16 @@
+allow restorecon_t autofs_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/setfiles.te policy-1.27.1/domains/program/setfiles.te
--- nsapolicy/domains/program/setfiles.te 2005-09-12 16:40:29.000000000 -0400
-+++ policy-1.27.1/domains/program/setfiles.te 2005-09-20 21:33:02.000000000 -0400
++++ policy-1.27.1/domains/program/setfiles.te 2005-09-26 16:09:45.000000000 -0400
+@@ -12,7 +12,7 @@
+ #
+ # needs auth_write attribute because it has relabelfrom/relabelto
+ # access to shadow_t
+-type setfiles_t, domain, privlog, privowner, auth_write, change_context;
++type setfiles_t, domain, privlog, privowner, auth_write, change_context, mlsfileread, mlsfilewrite, mlsfileupgrade, mlsfiledowngrade;
+ type setfiles_exec_t, file_type, sysadmfile, exec_type;
+
+ role system_r types setfiles_t;
@@ -22,7 +22,7 @@
ifdef(`distro_redhat', `
domain_auto_trans(initrc_t, setfiles_exec_t, setfiles_t)
@@ -626,14 +635,15 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.27.1/domains/program/unused/bluetooth.te
--- nsapolicy/domains/program/unused/bluetooth.te 2005-09-16 11:17:08.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/bluetooth.te 2005-09-20 21:33:02.000000000 -0400
-@@ -11,11 +11,16 @@
++++ policy-1.27.1/domains/program/unused/bluetooth.te 2005-09-26 15:26:45.000000000 -0400
+@@ -11,11 +11,17 @@
daemon_domain(bluetooth)
file_type_auto_trans(bluetooth_t, var_run_t, bluetooth_var_run_t, sock_file)
+file_type_auto_trans(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
tmp_domain(bluetooth)
++var_lib_domain(bluetooth)
# Use capabilities.
allow bluetooth_t self:capability { net_admin net_raw sys_tty_config };
@@ -644,7 +654,7 @@
lock_domain(bluetooth)
-@@ -35,6 +40,7 @@
+@@ -35,6 +41,7 @@
# bluetooth_conf_t is the type of the /etc/bluetooth dir.
type bluetooth_conf_t, file_type, sysadmfile;
@@ -652,7 +662,7 @@
# Read /etc/bluetooth
allow bluetooth_t bluetooth_conf_t:dir search;
-@@ -44,5 +50,14 @@
+@@ -44,5 +51,53 @@
allow bluetooth_t usbfs_t:dir r_dir_perms;
allow bluetooth_t usbfs_t:file rw_file_perms;
allow bluetooth_t bin_t:dir search;
@@ -663,14 +673,53 @@
+#Handle bluetooth serial devices
+allow bluetooth_t tty_device_t:chr_file rw_file_perms;
+allow bluetooth_t self:fifo_file rw_file_perms;
-+allow bluetooth_t etc_t:file { getattr read };
++allow bluetooth_t { etc_t etc_runtime_t }:file { getattr read };
+r_dir_file(bluetooth_t, fonts_t)
+allow bluetooth_t urandom_device_t:chr_file r_file_perms;
+allow bluetooth_t usr_t:file { getattr read };
++
++application_domain(bluetooth_helper, `, nscd_client_domain')
++domain_auto_trans(bluetooth_t, bluetooth_helper_exec_t, bluetooth_helper_t)
++role system_r types bluetooth_helper_t;
++read_locale(bluetooth_helper_t)
++typeattribute bluetooth_helper_t unrestricted;
++r_dir_file(bluetooth_helper_t, domain)
++allow bluetooth_helper_t bin_t:dir { getattr search };
++can_exec(bluetooth_helper_t, { bin_t shell_exec_t })
++allow bluetooth_helper_t bin_t:lnk_file read;
++allow bluetooth_helper_t self:capability sys_nice;
++allow bluetooth_helper_t self:fifo_file rw_file_perms;
++allow bluetooth_helper_t self:process fork;
++allow bluetooth_helper_t self:shm create_shm_perms;
++allow bluetooth_helper_t self:unix_stream_socket create_stream_socket_perms;
++allow bluetooth_helper_t { etc_t etc_runtime_t }:file { getattr read };
++r_dir_file(bluetooth_helper_t, fonts_t)
++r_dir_file(bluetooth_helper_t, proc_t)
++read_sysctl(bluetooth_helper_t)
++allow bluetooth_helper_t tmp_t:dir search;
++allow bluetooth_helper_t usr_t:file { getattr read };
++allow bluetooth_helper_t home_dir_type:dir search;
++allow bluetooth_helper_t xserver_log_t:dir search;
++allow bluetooth_helper_t xserver_log_t:file { getattr read };
++ifdef(`targeted_policy', `
++allow bluetooth_helper_t tmp_t:sock_file { read write };
++allow bluetooth_helper_t tmpfs_t:file { read write };
++allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
++allow bluetooth_t unconfined_t:dbus send_msg;
++allow unconfined_t bluetooth_t:dbus send_msg;
++', `
++allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
++allow bluetooth_t unpriv_userdomain:dbus send_msg;
++allow unpriv_userdomain bluetooth_t:dbus send_msg;
++')
++allow bluetooth_helper_t bluetooth_t:socket { read write };
++
++dontaudit bluetooth_helper_t default_t:dir { read search };
++dontaudit bluetooth_helper_t { devtty_t ttyfile }:chr_file { read write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.27.1/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-09-16 11:17:08.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/cups.te 2005-09-20 21:33:02.000000000 -0400
++++ policy-1.27.1/domains/program/unused/cups.te 2005-09-26 16:03:35.000000000 -0400
@@ -188,6 +188,7 @@
# Uses networking to talk to the daemons
allow hplip_t self:unix_dgram_socket create_socket_perms;
@@ -704,7 +753,19 @@
can_network_tcp(cupsd_config_t)
can_ypbind(cupsd_config_t)
-@@ -311,3 +316,7 @@
+@@ -256,9 +261,8 @@
+ ifdef(`hald.te', `
+
+ ifdef(`dbusd.te', `
+-allow cupsd_t hald_t:dbus send_msg;
+-allow cupsd_config_t hald_t:dbus send_msg;
+-allow hald_t cupsd_t:dbus send_msg;
++allow { cupsd_t cupsd_config_t } hald_t:dbus send_msg;
++allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
+ ')dnl end if dbusd.te
+
+ allow hald_t cupsd_config_t:process signal;
+@@ -311,3 +315,7 @@
r_dir_file(cupsd_lpd_t, cupsd_etc_t)
r_dir_file(cupsd_lpd_t, cupsd_rw_etc_t)
allow cupsd_lpd_t ipp_port_t:tcp_socket name_connect;
@@ -789,6 +850,26 @@
-')dnl end ifdef unconfined.te
+')
')
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te policy-1.27.1/domains/program/unused/dhcpd.te
+--- nsapolicy/domains/program/unused/dhcpd.te 2005-09-12 16:40:28.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dhcpd.te 2005-09-26 11:24:26.000000000 -0400
+@@ -17,8 +17,6 @@
+ #
+ daemon_domain(dhcpd, `, nscd_client_domain')
+
+-allow dhcpd_t dhcpd_port_t:udp_socket name_bind;
+-
+ # for UDP port 4011
+ allow dhcpd_t pxe_port_t:udp_socket name_bind;
+
+@@ -27,6 +25,7 @@
+ # Use the network.
+ can_network(dhcpd_t)
+ allow dhcpd_t port_type:tcp_socket name_connect;
++allow dhcpd_t dhcpd_port_t:{ tcp_socket udp_socket } name_bind;
+ can_ypbind(dhcpd_t)
+ allow dhcpd_t self:unix_dgram_socket create_socket_perms;
+ allow dhcpd_t self:unix_stream_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dovecot.te policy-1.27.1/domains/program/unused/dovecot.te
--- nsapolicy/domains/program/unused/dovecot.te 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.1/domains/program/unused/dovecot.te 2005-09-20 21:33:02.000000000 -0400
@@ -803,6 +884,15 @@
create_dir_file(dovecot_t, dovecot_spool_t)
create_dir_file(mta_delivery_agent, dovecot_spool_t)
allow dovecot_t mail_spool_t:lnk_file read;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.27.1/domains/program/unused/hald.te
+--- nsapolicy/domains/program/unused/hald.te 2005-09-16 11:17:09.000000000 -0400
++++ policy-1.27.1/domains/program/unused/hald.te 2005-09-26 09:21:29.000000000 -0400
+@@ -100,4 +100,4 @@
+ ifdef(`mount.te', `
+ domain_auto_trans(hald_t, mount_exec_t, mount_t)
+ ')
+-
++r_dir_file(hald_t, hwdata_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.27.1/domains/program/unused/hotplug.te
--- nsapolicy/domains/program/unused/hotplug.te 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.1/domains/program/unused/hotplug.te 2005-09-23 17:02:56.000000000 -0400
@@ -1105,8 +1195,17 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.27.1/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2005-09-12 16:40:29.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/postfix.te 2005-09-20 21:33:02.000000000 -0400
-@@ -69,6 +69,9 @@
++++ policy-1.27.1/domains/program/unused/postfix.te 2005-09-26 15:58:21.000000000 -0400
+@@ -54,6 +54,8 @@
+ allow postfix_$1_t proc_net_t:dir search;
+ allow postfix_$1_t proc_net_t:file { getattr read };
+ can_exec(postfix_$1_t, postfix_$1_exec_t)
++r_dir_file(postfix_$1_t, cert_t)
++allow postfix_$1_t { urandom_device_t random_device_t }:chr_file { read getattr };
+
+ allow postfix_$1_t tmp_t:dir getattr;
+
+@@ -69,6 +71,9 @@
postfix_domain(master, `, mail_server_domain')
rhgb_domain(postfix_master_t)
@@ -1116,7 +1215,72 @@
read_sysctl(postfix_master_t)
domain_auto_trans(initrc_t, postfix_master_exec_t, postfix_master_t)
-@@ -260,7 +263,7 @@
+@@ -98,6 +103,7 @@
+ can_exec({ sysadm_mail_t system_mail_t }, postfix_master_exec_t)
+ ifdef(`distro_redhat', `
+ file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, postfix_etc_t, etc_aliases_t)
++file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, etc_t, etc_aliases_t)
+ ', `
+ file_type_auto_trans({ sysadm_mail_t system_mail_t }, etc_t, etc_aliases_t)
+ ')
+@@ -121,7 +127,7 @@
+ can_network(postfix_master_t)
+ allow postfix_master_t port_type:tcp_socket name_connect;
+ can_ypbind(postfix_master_t)
+-allow postfix_master_t smtp_port_t:tcp_socket name_bind;
++allow postfix_master_t { amavisd_send_port_t smtp_port_t }:tcp_socket name_bind;
+ allow postfix_master_t postfix_spool_maildrop_t:dir rw_dir_perms;
+ allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
+ allow postfix_master_t postfix_prng_t:file getattr;
+@@ -135,13 +141,11 @@
+ ')
+
+ create_dir_file(postfix_master_t, postfix_spool_flush_t)
+-allow postfix_master_t random_device_t:chr_file { read getattr };
+ allow postfix_master_t postfix_prng_t:file rw_file_perms;
+ # for ls to get the current context
+ allow postfix_master_t self:file { getattr read };
+
+ # for SSP
+-allow postfix_master_t urandom_device_t:chr_file read;
+
+ # allow access to deferred queue and allow removing bogus incoming entries
+ allow postfix_master_t postfix_spool_t:dir create_dir_perms;
+@@ -163,7 +167,6 @@
+ allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
+ allow postfix_smtp_t { postfix_private_t postfix_public_t }:dir search;
+ allow postfix_smtp_t { postfix_private_t postfix_public_t }:sock_file write;
+-allow postfix_smtp_t urandom_device_t:chr_file { getattr read };
+ allow postfix_smtp_t postfix_master_t:unix_stream_socket connectto;
+ # if you have two different mail servers on the same host let them talk via
+ # SMTP, also if one mail server wants to talk to itself then allow it and let
+@@ -172,7 +175,6 @@
+ can_tcp_connect(postfix_smtp_t, mail_server_domain)
+
+ postfix_server_domain(smtpd)
+-allow postfix_smtpd_t urandom_device_t:chr_file { getattr read };
+ allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
+ allow postfix_smtpd_t { postfix_private_t postfix_public_t }:dir search;
+ allow postfix_smtpd_t { postfix_private_t postfix_public_t }:sock_file rw_file_perms;
+@@ -184,7 +186,7 @@
+
+ # for prng_exch
+ allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
+-
++dontaudit postfix_smtpd_t { home_root_t boot_t }:dir getattr;
+ allow { postfix_smtp_t postfix_smtpd_t } postfix_prng_t:file rw_file_perms;
+
+ postfix_server_domain(local, `, mta_delivery_agent')
+@@ -196,7 +198,7 @@
+ ')
+ allow postfix_local_t etc_aliases_t:file r_file_perms;
+ allow postfix_local_t self:fifo_file rw_file_perms;
+-allow postfix_local_t self:process setrlimit;
++allow postfix_local_t postfix_local_t:process { setsched setrlimit };
+ allow postfix_local_t postfix_spool_t:file rw_file_perms;
+ # for .forward - maybe we need a new type for it?
+ allow postfix_local_t postfix_private_t:dir search;
+@@ -260,7 +262,7 @@
postfix_user_domain(showq)
# the following auto_trans is usually in postfix server domain
domain_auto_trans(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
@@ -1125,7 +1289,7 @@
r_dir_file(postfix_showq_t, postfix_spool_maildrop_t)
domain_auto_trans(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
allow postfix_showq_t self:capability { setuid setgid };
-@@ -329,7 +332,8 @@
+@@ -329,7 +331,8 @@
domain_auto_trans(postfix_pipe_t, procmail_exec_t, procmail_t)
')
ifdef(`sendmail.te', `
@@ -1135,15 +1299,24 @@
')
# Program for creating database files
+@@ -348,5 +351,8 @@
+ dontaudit postfix_map_t var_t:dir search;
+ can_network_server(postfix_map_t)
+ allow postfix_map_t port_type:tcp_socket name_connect;
++r_dir_file(postfix_local_t, etc_mail_t)
+ allow postfix_local_t mail_spool_t:dir { remove_name };
+ allow postfix_local_t mail_spool_t:file { unlink };
++can_exec(postfix_local_t, bin_t)
++
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.27.1/domains/program/unused/pppd.te
--- nsapolicy/domains/program/unused/pppd.te 2005-09-16 11:17:09.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/pppd.te 2005-09-20 21:33:02.000000000 -0400
++++ policy-1.27.1/domains/program/unused/pppd.te 2005-09-26 11:31:22.000000000 -0400
@@ -14,7 +14,7 @@
#
bool pppd_for_user false;
-daemon_domain(pppd, `, privmail')
-+daemon_domain(pppd, `, privmail, privsysmod')
++daemon_domain(pppd, `, privmail, privsysmod, nscd_client_domain')
type pppd_secret_t, file_type, sysadmfile;
# Define a separate type for /etc/ppp
@@ -1164,6 +1337,15 @@
# Access /dev/ppp.
allow pppd_t ppp_device_t:chr_file rw_file_perms;
+@@ -111,7 +112,7 @@
+ ')
+ }
+
+-daemon_domain(pptp)
++daemon_domain(pptp, `, nscd_client_domain')
+ can_network_client_tcp(pptp_t)
+ allow pptp_t { reserved_port_type port_t }:tcp_socket name_connect;
+ can_exec(pptp_t, hostname_exec_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.27.1/domains/program/unused/procmail.te
--- nsapolicy/domains/program/unused/procmail.te 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.1/domains/program/unused/procmail.te 2005-09-20 21:33:02.000000000 -0400
@@ -1531,14 +1713,19 @@
/usr/lib/ladspa/analogue_osc_1416\.so -- system_u:object_r:texrel_shlib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/bluetooth.fc policy-1.27.1/file_contexts/program/bluetooth.fc
--- nsapolicy/file_contexts/program/bluetooth.fc 2005-09-12 16:40:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/bluetooth.fc 2005-09-20 21:33:02.000000000 -0400
-@@ -1,5 +1,6 @@
++++ policy-1.27.1/file_contexts/program/bluetooth.fc 2005-09-26 15:24:30.000000000 -0400
+@@ -1,8 +1,11 @@
# bluetooth
/etc/bluetooth(/.*)? system_u:object_r:bluetooth_conf_t
+/etc/bluetooth/link_key system_u:object_r:bluetooth_conf_rw_t
/usr/bin/rfcomm -- system_u:object_r:bluetooth_exec_t
/usr/sbin/hcid -- system_u:object_r:bluetooth_exec_t
/usr/sbin/sdpd -- system_u:object_r:bluetooth_exec_t
+ /usr/sbin/hciattach -- system_u:object_r:bluetooth_exec_t
+ /var/run/sdp -s system_u:object_r:bluetooth_var_run_t
+ /usr/sbin/hid2hci -- system_u:object_r:bluetooth_exec_t
++/usr/bin/bluepin -- system_u:object_r:bluetooth_helper_exec_t
++/var/lib/bluetooth(/.*)? system_u:object_r:bluetooth_var_lib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/dhcpc.fc policy-1.27.1/file_contexts/program/dhcpc.fc
--- nsapolicy/file_contexts/program/dhcpc.fc 2005-09-12 16:40:27.000000000 -0400
+++ policy-1.27.1/file_contexts/program/dhcpc.fc 2005-09-23 17:32:37.000000000 -0400
@@ -1705,8 +1892,16 @@
/etc/ypserv\.conf -- system_u:object_r:ypserv_conf_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.27.1/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2005-09-16 11:17:10.000000000 -0400
-+++ policy-1.27.1/file_contexts/types.fc 2005-09-23 17:01:01.000000000 -0400
-@@ -485,6 +485,7 @@
++++ policy-1.27.1/file_contexts/types.fc 2005-09-26 11:59:56.000000000 -0400
+@@ -133,6 +133,7 @@
+ /dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
+ /dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
+ /dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t
++/dev/rfcomm[0-9]+ -c system_u:object_r:tty_device_t
+ /dev/isdn.* -c system_u:object_r:tty_device_t
+ /dev/.*tty[^/]* -c system_u:object_r:tty_device_t
+ /dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t
+@@ -485,6 +486,7 @@
# Turboprint
#
/usr/share/turboprint/lib(/.*)? -- system_u:object_r:bin_t
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/devel/selinux-policy-targeted.spec,v
retrieving revision 1.378
retrieving revision 1.379
diff -u -r1.378 -r1.379
--- selinux-policy-targeted.spec 23 Sep 2005 21:33:30 -0000 1.378
+++ selinux-policy-targeted.spec 26 Sep 2005 20:10:42 -0000 1.379
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.1
-Release: 7
+Release: 8
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -246,6 +246,9 @@
exit 0
%changelog
+* Mon Sep 26 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-8
+- Many fixes for postfix and bluetooth
+
* Fri Sep 23 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-7
- Fix su behavior on MCS platform
- Fix dhcpd/dhclient dirs
- Previous message (by thread): rpms/selinux-policy-strict/devel policy-20050916.patch, 1.10, 1.11 selinux-policy-strict.spec, 1.384, 1.385
- Next message (by thread): rpms/device-mapper/devel device-mapper.1.01.05.tgz.asc, NONE, 1.1 .cvsignore, 1.12, 1.13 device-mapper.spec, 1.15, 1.16 sources, 1.13, 1.14 upstream, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list