rpms/selinux-policy/devel policy-20060411.patch,1.4,1.5
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Apr 14 20:35:28 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.55, 1.56 policy-20060411.patch, 1.3, 1.4 selinux-policy.spec, 1.173, 1.174 sources, 1.59, 1.60
- Next message (by thread): rpms/kernel/devel linux-2.6-xen-compile-fixes.patch,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29364
Modified Files:
policy-20060411.patch
Log Message:
* Fri Apr 14 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-1
- Update to latest from upstream
policy-20060411.patch:
Rules.modular | 2 -
policy/mcs | 6 ++-
policy/modules/admin/amanda.te | 9 ++++
policy/modules/admin/bootloader.te | 1
policy/modules/admin/rpm.fc | 1
policy/modules/admin/su.fc | 2 -
policy/modules/admin/usermanage.te | 1
policy/modules/apps/java.fc | 9 +---
policy/modules/apps/java.te | 1
policy/modules/apps/mono.te | 6 +++
policy/modules/kernel/corecommands.fc | 20 ++++++----
policy/modules/kernel/devices.fc | 3 +
policy/modules/kernel/devices.if | 24 +++++++++++-
policy/modules/kernel/files.fc | 37 ++++++++++++-------
policy/modules/kernel/files.if | 27 ++++++++++++++
policy/modules/kernel/kernel.if | 3 +
policy/modules/kernel/mcs.te | 4 ++
policy/modules/kernel/mls.te | 1
policy/modules/services/avahi.te | 1
policy/modules/services/bind.fc | 1
policy/modules/services/ftp.te | 1
policy/modules/services/hal.te | 1
policy/modules/services/kerberos.fc | 4 +-
policy/modules/services/mailman.if | 38 ++++++++++++++++++++
policy/modules/services/postfix.te | 5 ++
policy/modules/services/postgresql.if | 4 +-
policy/modules/services/rpc.te | 4 +-
policy/modules/services/samba.if | 1
policy/modules/services/samba.te | 12 +++++-
policy/modules/services/spamassassin.fc | 2 -
policy/modules/services/tftp.fc | 3 +
policy/modules/services/xserver.if | 21 +++++++++++
policy/modules/system/authlogin.fc | 3 +
policy/modules/system/authlogin.te | 4 ++
policy/modules/system/daemontools.fc | 3 +
policy/modules/system/fstools.te | 1
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 60 +++++++++++++++++++-------------
policy/modules/system/miscfiles.fc | 2 -
policy/modules/system/modutils.fc | 6 ++-
policy/modules/system/selinuxutil.if | 4 +-
policy/modules/system/unconfined.te | 3 +
policy/modules/system/userdomain.if | 28 ++++++++++----
policy/modules/system/xen.te | 5 ++
44 files changed, 293 insertions(+), 82 deletions(-)
Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060411.patch 14 Apr 2006 19:50:03 -0000 1.4
+++ policy-20060411.patch 14 Apr 2006 20:35:12 -0000 1.5
@@ -23,7 +23,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.2.32/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-03-24 11:15:40.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/admin/amanda.te 2006-04-14 12:06:19.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/amanda.te 2006-04-14 14:29:14.000000000 -0400
@@ -9,6 +9,7 @@
type amanda_t;
type amanda_inetd_exec_t;
@@ -32,7 +32,18 @@
role system_r types amanda_t;
type amanda_exec_t;
-@@ -183,13 +184,15 @@
+@@ -141,6 +142,10 @@
+ corenet_non_ipsec_sendrecv(amanda_t)
+ corenet_tcp_bind_all_nodes(amanda_t)
+ corenet_udp_bind_all_nodes(amanda_t)
++corenet_tcp_bind_reserved_port(amanda_t)
++corenet_udp_bind_reserved_port(amanda_t)
++corenet_dontaudit_tcp_bind_all_reserved_ports(amanda_t)
++corenet_dontaudit_udp_bind_all_reserved_ports(amanda_t)
+
+ dev_getattr_all_blk_files(amanda_t)
+ dev_getattr_all_chr_files(amanda_t)
+@@ -183,13 +188,15 @@
optional_policy(`
nscd_socket_use(amanda_t)
@@ -550,8 +561,24 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.32/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/postfix.te 2006-04-14 12:06:19.000000000 -0400
-@@ -408,6 +408,9 @@
++++ serefpolicy-2.2.32/policy/modules/services/postfix.te 2006-04-14 14:54:13.000000000 -0400
+@@ -305,6 +305,7 @@
+
+ kernel_read_kernel_sysctls(postfix_map_t)
+ kernel_dontaudit_list_proc(postfix_map_t)
++kernel_dontaudit_read_system_state(postfix_map_t)
+
+ corenet_tcp_sendrecv_all_if(postfix_map_t)
+ corenet_udp_sendrecv_all_if(postfix_map_t)
+@@ -350,6 +351,7 @@
+ ifdef(`targeted_policy',`
+ # FIXME: would be better to use a run interface
+ role system_r types postfix_map_t;
++ term_dontaudit_use_generic_ptys(postfix_map_t)
+ ')
+
+ tunable_policy(`read_default_t',`
+@@ -408,6 +410,9 @@
optional_policy(`
mailman_domtrans_queue(postfix_pipe_t)
@@ -563,8 +590,15 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-2.2.32/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2006-02-10 17:05:19.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/postgresql.if 2006-04-14 12:06:19.000000000 -0400
-@@ -119,4 +119,6 @@
++++ serefpolicy-2.2.32/policy/modules/services/postgresql.if 2006-04-14 16:09:39.000000000 -0400
+@@ -113,10 +113,12 @@
+ #
+ interface(`postgresql_stream_connect',`
+ gen_require(`
+- type postgresql_t, postgresql_var_run_t;
++ type postgresql_t, postgresql_var_run_t, postgresql_tmp_t;
+ ')
+
files_search_pids($1)
allow $1 postgresql_t:unix_stream_socket connectto;
allow $1 postgresql_var_run_t:sock_file write;
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.55, 1.56 policy-20060411.patch, 1.3, 1.4 selinux-policy.spec, 1.173, 1.174 sources, 1.59, 1.60
- Next message (by thread): rpms/kernel/devel linux-2.6-xen-compile-fixes.patch,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list