rpms/selinux-policy/devel policy-20060802.patch,1.1,1.2

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Sun Aug 6 00:34:40 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29275

Modified Files:
	policy-20060802.patch 
Log Message:
* Thu Aug 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.4-1
- Update to the latest from upstream


policy-20060802.patch:
 mls                                |    9 -
 modules/admin/anaconda.te          |   10 -
 modules/admin/consoletype.te       |   11 +
 modules/admin/firstboot.te         |    2 
 modules/admin/rpm.fc               |    2 
 modules/admin/usermanage.te        |    4 
 modules/apps/mozilla.if            |    2 
 modules/kernel/corecommands.fc     |    1 
 modules/kernel/corenetwork.te.in   |    3 
 modules/kernel/devices.te          |    2 
 modules/kernel/filesystem.te       |    2 
 modules/kernel/kernel.if           |   75 ++++++++++++
 modules/kernel/terminal.if         |   19 +++
 modules/services/amavis.te         |    7 +
 modules/services/apache.te         |    1 
 modules/services/avahi.te          |    1 
 modules/services/bind.te           |    1 
 modules/services/bluetooth.te      |    5 
 modules/services/clamav.if         |    1 
 modules/services/cron.if           |   16 ++
 modules/services/cups.te           |    6 
 modules/services/dbus.if           |    5 
 modules/services/ldap.te           |    2 
 modules/services/nis.te            |    2 
 modules/services/ntp.te            |    2 
 modules/services/pegasus.if        |   31 ++++
 modules/services/pegasus.te        |    5 
 modules/services/postfix.te        |    7 +
 modules/services/procmail.te       |    1 
 modules/services/samba.te          |    4 
 modules/services/setroubleshoot.fc |    9 +
 modules/services/setroubleshoot.if |    3 
 modules/services/setroubleshoot.te |  102 ++++++++++++++++
 modules/services/spamassassin.te   |    4 
 modules/services/squid.te          |    4 
 modules/services/ssh.if            |   25 +++-
 modules/services/stunnel.te        |    4 
 modules/services/xserver.if        |   51 +++++++-
 modules/services/xserver.te        |   14 +-
 modules/system/fstools.te          |    1 
 modules/system/hostname.te         |   10 +
 modules/system/init.if             |    7 -
 modules/system/libraries.fc        |    2 
 modules/system/locallogin.te       |    4 
 modules/system/logging.fc          |    3 
 modules/system/logging.if          |   21 +++
 modules/system/logging.te          |    3 
 modules/system/miscfiles.fc        |    1 
 modules/system/mount.te            |    2 
 modules/system/selinuxutil.te      |    6 
 modules/system/udev.fc             |    1 
 modules/system/unconfined.if       |    2 
 modules/system/unconfined.te       |    5 
 modules/system/userdomain.if       |  231 +++++++++++++++++++++++++------------
 modules/system/userdomain.te       |   50 +++-----
 modules/system/xen.if              |   38 ++++++
 modules/system/xen.te              |   26 +++-
 57 files changed, 704 insertions(+), 164 deletions(-)

Index: policy-20060802.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060802.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20060802.patch	4 Aug 2006 22:58:10 -0000	1.1
+++ policy-20060802.patch	6 Aug 2006 00:34:38 -0000	1.2
@@ -152,7 +152,7 @@
  /etc/mysql/debian-start		--	gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.4/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.4/policy/modules/kernel/corenetwork.te.in	2006-08-04 18:56:39.000000000 -0400
++++ serefpolicy-2.3.4/policy/modules/kernel/corenetwork.te.in	2006-08-05 20:14:55.000000000 -0400
 @@ -73,6 +73,7 @@
  network_port(dhcpc, udp,68,s0)
  network_port(dhcpd, udp,67,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0)
@@ -166,7 +166,7 @@
  network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0)
  network_port(howl, tcp,5335,s0, udp,5353,s0)
 -network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,1782,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-+network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,2208,s0 tcp,2207,s0 tcp,1782,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
++network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,2208,s0, tcp,2207,s0, tcp,1782,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
  network_port(i18n_input, tcp,9010,s0)
  network_port(imaze, tcp,5323,s0, udp,5323,s0)
  network_port(inetd_child, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
@@ -377,6 +377,17 @@
  
  userdom_dontaudit_use_unpriv_user_fds(avahi_t)
  userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.4/policy/modules/services/bind.te
+--- nsaserefpolicy/policy/modules/services/bind.te	2006-08-02 10:34:07.000000000 -0400
++++ serefpolicy-2.3.4/policy/modules/services/bind.te	2006-08-05 06:30:41.000000000 -0400
+@@ -226,6 +226,7 @@
+ allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
+ 
+ allow ndc_t dnssec_t:file { getattr read };
++allow ndc_t dnssec_t:lnk_file { getattr read };
+ 
+ allow ndc_t named_t:tcp_socket { connectto recvfrom };
+ allow ndc_t named_t:unix_stream_socket connectto;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.4/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2006-08-02 10:34:07.000000000 -0400
 +++ serefpolicy-2.3.4/policy/modules/services/bluetooth.te	2006-08-03 16:23:23.000000000 -0400

More information about the fedora-cvs-commits mailing list