[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy/devel policy-20060802.patch, 1.10, 1.11 selinux-policy.spec, 1.252, 1.253



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28976

Modified Files:
	policy-20060802.patch selinux-policy.spec 
Log Message:
* Fri Aug 18 2006 Dan Walsh <dwalsh redhat com> 2.3.8-1
- Update from upstream


policy-20060802.patch:
 mls                                  |    9 
 modules/admin/amanda.fc              |   51 ----
 modules/admin/anaconda.te            |   20 +
 modules/admin/bootloader.te          |    4 
 modules/admin/consoletype.te         |   11 -
 modules/admin/firstboot.te           |    2 
 modules/admin/prelink.te             |binary
 modules/admin/rpm.fc                 |    2 
 modules/admin/rpm.if                 |   13 -
 modules/admin/usermanage.te          |    5 
 modules/apps/java.fc                 |    9 
 modules/apps/mozilla.if              |    2 
 modules/apps/wine.te                 |    2 
 modules/kernel/corecommands.fc       |    1 
 modules/kernel/corecommands.if       |    1 
 modules/kernel/corenetwork.te.in     |    7 
 modules/kernel/devices.fc            |    2 
 modules/kernel/devices.if            |   37 +++
 modules/kernel/devices.te            |    8 
 modules/kernel/files.if              |   18 +
 modules/kernel/filesystem.te         |    2 
 modules/kernel/kernel.if             |   75 +++++++
 modules/kernel/terminal.if           |   19 +
 modules/services/amavis.te           |    7 
 modules/services/apache.te           |    1 
 modules/services/avahi.te            |    2 
 modules/services/bind.te             |    1 
 modules/services/ccs.fc              |    8 
 modules/services/ccs.if              |   45 ++++
 modules/services/ccs.te              |   84 +++++++
 modules/services/cpucontrol.te       |    2 
 modules/services/cron.if             |   17 +
 modules/services/cron.te             |    7 
 modules/services/cups.te             |   19 +
 modules/services/cyrus.te            |    5 
 modules/services/dbus.if             |    6 
 modules/services/dovecot.te          |    2 
 modules/services/inn.te              |    1 
 modules/services/ldap.te             |    2 
 modules/services/mta.fc              |    2 
 modules/services/ntp.te              |    2 
 modules/services/oddjob.fc           |    8 
 modules/services/oddjob.if           |   76 +++++++
 modules/services/oddjob.te           |   70 ++++++
 modules/services/oddjob_mkhomedir.fc |    6 
 modules/services/oddjob_mkhomedir.if |   24 ++
 modules/services/oddjob_mkhomedir.te |   26 ++
 modules/services/openvpn.te          |    2 
 modules/services/pegasus.if          |   31 ++
 modules/services/pegasus.te          |    5 
 modules/services/postfix.te          |    7 
 modules/services/procmail.te         |    1 
 modules/services/radius.te           |    2 
 modules/services/ricci.fc            |   20 +
 modules/services/ricci.if            |  184 +++++++++++++++++
 modules/services/ricci.te            |  373 +++++++++++++++++++++++++++++++++++
 modules/services/rpc.if              |    2 
 modules/services/rpc.te              |    5 
 modules/services/samba.te            |    8 
 modules/services/setroubleshoot.fc   |    9 
 modules/services/setroubleshoot.if   |    3 
 modules/services/setroubleshoot.te   |  110 ++++++++++
 modules/services/spamassassin.te     |    4 
 modules/services/squid.te            |    4 
 modules/services/ssh.if              |   24 ++
 modules/services/sysstat.te          |    3 
 modules/services/xserver.if          |   69 ++++++
 modules/services/xserver.te          |   19 +
 modules/system/authlogin.if          |   42 ++-
 modules/system/authlogin.te          |   19 +
 modules/system/fstools.te            |    1 
 modules/system/hostname.te           |   10 
 modules/system/init.if               |    7 
 modules/system/init.te               |    2 
 modules/system/libraries.fc          |    7 
 modules/system/locallogin.te         |    4 
 modules/system/logging.fc            |    3 
 modules/system/logging.if            |   21 +
 modules/system/logging.te            |    3 
 modules/system/miscfiles.fc          |    1 
 modules/system/miscfiles.if          |   18 +
 modules/system/modutils.te           |    1 
 modules/system/mount.te              |    3 
 modules/system/selinuxutil.te        |   15 +
 modules/system/udev.fc               |    1 
 modules/system/udev.te               |    1 
 modules/system/unconfined.if         |    2 
 modules/system/unconfined.te         |    5 
 modules/system/userdomain.if         |  264 +++++++++++++++++-------
 modules/system/userdomain.te         |   52 ++--
 modules/system/xen.if                |   38 +++
 modules/system/xen.te                |   26 +-
 92 files changed, 1896 insertions(+), 258 deletions(-)

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.10 -r 1.11 policy-20060802.patch
Index: policy-20060802.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060802.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20060802.patch	12 Aug 2006 11:54:51 -0000	1.10
+++ policy-20060802.patch	18 Aug 2006 14:18:35 -0000	1.11
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.7/policy/mls
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.8/policy/mls
 --- nsaserefpolicy/policy/mls	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.7/policy/mls	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/mls	2006-08-18 07:38:02.000000000 -0400
 @@ -184,19 +184,12 @@
  	 ( t2 == mlstrustedobject ));
  
@@ -22,9 +22,76 @@
  mlsconstrain dir { add_name remove_name reparent rmdir }
  	((( l1 dom l2 ) and ( l1 domby h2 )) or
  	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.7/policy/modules/admin/anaconda.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.8/policy/modules/admin/amanda.fc
+--- nsaserefpolicy/policy/modules/admin/amanda.fc	2006-07-14 17:04:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/amanda.fc	2006-08-18 08:12:54.000000000 -0400
+@@ -9,62 +9,13 @@
+ /tmp/amanda(/.*)?			gen_context(system_u:object_r:amanda_tmp_t,s0)
+ 
+ /usr/lib(64)?/amanda		-d	gen_context(system_u:object_r:amanda_usr_lib_t,s0)
++/usr/lib(64)?/amanda/.+		--	gen_context(system_u:object_r:amanda_exec_t,s0)
+ /usr/lib(64)?/amanda/amandad	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
+-/usr/lib(64)?/amanda/amcat\.awk	--	gen_context(system_u:object_r:amanda_script_exec_t,s0)
+-/usr/lib(64)?/amanda/amcleanupdisk --	gen_context(system_u:object_r:amanda_exec_t,s0)
+ /usr/lib(64)?/amanda/amidxtaped	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
+ /usr/lib(64)?/amanda/amindexd	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
+-/usr/lib(64)?/amanda/amlogroll	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/amplot\.awk --	gen_context(system_u:object_r:amanda_script_exec_t,s0)
+-/usr/lib(64)?/amanda/amplot\.g	--	gen_context(system_u:object_r:amanda_script_exec_t,s0)
+-/usr/lib(64)?/amanda/amplot\.gp	--	gen_context(system_u:object_r:amanda_script_exec_t,s0)
+-/usr/lib(64)?/amanda/amtrmidx	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/amtrmlog	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/calcsize	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-chio	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-chs	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-manual	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-mtx	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-multi	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-rth	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-scsi	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/chg-zd-mtx	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/driver	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/dumper	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/killpgrp	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/patch-system --	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/planner	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/rundump	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/runtar	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/selfcheck	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/sendbackup	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/sendsize	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/taper	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+-/usr/lib(64)?/amanda/versionsuffix --	gen_context(system_u:object_r:amanda_exec_t,s0)
+-
+-/usr/sbin/amadmin		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amcheck		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amcheckdb		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amcleanup		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amdump		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amflush		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amgetconf		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amlabel		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amoverview		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amplot		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+ /usr/sbin/amrecover		--	gen_context(system_u:object_r:amanda_recover_exec_t,s0)
+-/usr/sbin/amreport		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amrestore		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amrmtape		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amstatus		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amtape		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amtoc			--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-/usr/sbin/amverify		--	gen_context(system_u:object_r:amanda_user_exec_t,s0)
+-
+ /var/lib/amanda			-d	gen_context(system_u:object_r:amanda_var_lib_t,s0)
+ /var/lib/amanda/\.amandahosts	--	gen_context(system_u:object_r:amanda_config_t,s0)
+-/var/lib/amanda/\.bashrc	--	gen_context(system_u:object_r:amanda_shellconfig_t,s0)
+-/var/lib/amanda/\.profile	--	gen_context(system_u:object_r:amanda_shellconfig_t,s0)
+ /var/lib/amanda/disklist	--	gen_context(system_u:object_r:amanda_data_t,s0)
+ /var/lib/amanda/gnutar-lists(/.*)?	gen_context(system_u:object_r:amanda_gnutarlists_t,s0)
+ /var/lib/amanda/index			gen_context(system_u:object_r:amanda_data_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.8/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/anaconda.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/anaconda.te	2006-08-18 07:38:02.000000000 -0400
 @@ -25,8 +25,12 @@
  
  modutils_domtrans_insmod(anaconda_t)
@@ -67,9 +134,9 @@
 +dontaudit domain anaconda_t:fifo_file r_file_perms;
 +dontaudit domain anaconda_t:unix_stream_socket connectto;
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.7/policy/modules/admin/bootloader.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.8/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/bootloader.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/bootloader.te	2006-08-18 07:38:02.000000000 -0400
 @@ -83,8 +83,10 @@
  dev_read_rand(bootloader_t)
  dev_read_urand(bootloader_t)
@@ -82,9 +149,9 @@
  
  fs_getattr_xattr_fs(bootloader_t)
  fs_getattr_tmpfs(bootloader_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.7/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.8/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/consoletype.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/consoletype.te	2006-08-18 07:38:02.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -107,9 +174,9 @@
 +optional_policy(`
 +	xen_dontaudit_use_fds(consoletype_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.7/policy/modules/admin/firstboot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.8/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/firstboot.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/firstboot.te	2006-08-18 07:38:02.000000000 -0400
 @@ -106,7 +106,7 @@
  ')
  
@@ -119,26 +186,10 @@
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.7/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/prelink.te	2006-08-12 07:18:46.000000000 -0400
-@@ -1,4 +1,3 @@
--
- policy_module(prelink,1.1.5)
- 
- ########################################
-@@ -74,6 +73,8 @@
- 
- miscfiles_read_localization(prelink_t)
- 
-+selinux_get_enforce_mode(prelink_t)
-+
- optional_policy(`
- 	cron_system_entry(prelink_t, prelink_exec_t)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.7/policy/modules/admin/rpm.fc
+Binary files nsaserefpolicy/policy/modules/admin/prelink.te and serefpolicy-2.3.8/policy/modules/admin/prelink.te differ
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.8/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/rpm.fc	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/rpm.fc	2006-08-18 07:38:02.000000000 -0400
 @@ -19,6 +19,8 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -148,9 +199,9 @@
  ')
  
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.7/policy/modules/admin/rpm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.8/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/rpm.if	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/rpm.if	2006-08-18 07:38:02.000000000 -0400
 @@ -75,12 +75,13 @@
  	')
  
@@ -171,9 +222,9 @@
  	allow rpm_t $3:chr_file rw_term_perms;
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.7/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.8/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/admin/usermanage.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/usermanage.te	2006-08-18 07:38:02.000000000 -0400
 @@ -260,7 +260,7 @@
  ')
  
@@ -183,7 +234,15 @@
  	nscd_socket_use(groupadd_t)
  ')
  
-@@ -535,7 +535,7 @@
+@@ -486,6 +486,7 @@
+ auth_relabel_shadow(useradd_t)
+ auth_etc_filetrans_shadow(useradd_t)
+ auth_rw_lastlog(useradd_t)
++auth_rw_faillog(useradd_t)
+ auth_use_nsswitch(useradd_t)
+ 
+ corecmd_exec_shell(useradd_t)
+@@ -535,7 +536,7 @@
[...1658 lines suppressed...]
+@@ -357,6 +423,10 @@
+ 	')
+ 
+ 	optional_policy(`
++		jabber_tcp_connect($1_t)
++	')
++
++	optional_policy(`
+ 		mta_rw_spool($1_t)
+ 	')
+ 
+@@ -373,6 +443,10 @@
+ 	')
+ 
+ 	optional_policy(`
++		nessus_tcp_connect($1_t)
++	')
++
++	optional_policy(`
+ 		nscd_socket_use($1_t)
+ 	')
+ 
+@@ -426,8 +500,10 @@
  		xserver_stream_connect_xdm($1_t)
  		# certain apps want to read xdm.pid file
  		xserver_read_xdm_pid($1_t)
@@ -2916,7 +3413,7 @@
  	')
  ')
  
-@@ -501,6 +549,7 @@
+@@ -457,6 +533,7 @@
  
  	# Inherit rules for ordinary users.
  	base_user_template($1)
@@ -2924,7 +3421,7 @@
  
  	typeattribute $1_t unpriv_userdomain;
  	domain_interactive_fd($1_t)
-@@ -521,9 +570,6 @@
+@@ -477,9 +554,6 @@
  	# Local policy
  	#
  
@@ -2934,7 +3431,7 @@
  	# Rules used to associate a homedir as a mountpoint
  	allow $1_home_t self:filesystem associate;
  	allow $1_file_type $1_home_t:filesystem associate;
-@@ -535,10 +581,6 @@
+@@ -491,10 +565,6 @@
  	allow privhome $1_home_t:sock_file create_file_perms;
  	allow privhome $1_home_t:fifo_file create_file_perms;
  	type_transition privhome $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t;
@@ -2945,7 +3442,7 @@
  	dev_read_sysfs($1_t)
  
  	corecmd_exec_all_executables($1_t)
-@@ -546,11 +588,8 @@
+@@ -502,11 +572,8 @@
  	# port access is audited even if dac would not have allowed it, so dontaudit it here
  	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
  
@@ -2958,7 +3455,7 @@
  	# Read directories and files with the readable_t type.
  	# This type is a general type for "world"-readable files.
  	files_list_world_readable($1_t)
-@@ -558,8 +597,6 @@
+@@ -514,8 +581,6 @@
  	files_read_world_readable_symlinks($1_t)
  	files_read_world_readable_pipes($1_t)
  	files_read_world_readable_sockets($1_t)
@@ -2967,7 +3464,7 @@
  
  	init_read_utmp($1_t)
  	# The library functions always try to open read-write first,
-@@ -665,6 +702,8 @@
+@@ -621,6 +686,8 @@
  
  	# do not audit read on disk devices
  	dontaudit $1_t { removable_device_t fixed_disk_device_t }:blk_file read;
@@ -2976,7 +3473,7 @@
  
  	ifdef(`xdm.te', `
  		allow xdm_t $1_home_t:lnk_file read;
-@@ -701,8 +740,6 @@
+@@ -657,8 +724,6 @@
  	# Do not audit write denials to /etc/ld.so.cache.
  	dontaudit $1_t ld_so_cache_t:file write;
  
@@ -2985,7 +3482,7 @@
  	allow $1_t initrc_t:fifo_file write;
  	') dnl end TODO
  ')
-@@ -748,6 +785,7 @@
+@@ -704,6 +769,7 @@
  
  	# Inherit rules for ordinary users.
  	base_user_template($1)
@@ -2993,7 +3490,7 @@
  
  	typeattribute $1_t privhome;
  	domain_obj_id_change_exemption($1_t)
-@@ -783,11 +821,6 @@
+@@ -736,11 +802,6 @@
  
  	allow $1_t self:netlink_audit_socket nlmsg_readpriv;
  
@@ -3005,7 +3502,7 @@
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
  	kernel_getattr_message_if($1_t)
-@@ -855,6 +888,7 @@
+@@ -806,6 +867,7 @@
  	domain_getattr_all_sockets($1_t)
  
  	files_exec_usr_src_files($1_t)
@@ -3013,7 +3510,7 @@
  
  	init_rw_initctl($1_t)
  
-@@ -3408,6 +3442,25 @@
+@@ -3359,6 +3421,25 @@
  
  ########################################
  ## <summary>
@@ -3039,7 +3536,7 @@
  ##	Read files in the staff users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4128,7 +4181,7 @@
+@@ -4079,7 +4160,7 @@
  	gen_require(`
  		type user_home_dir_t;
  	')
@@ -3048,7 +3545,7 @@
  	files_home_filetrans($1,user_home_dir_t,dir)
  ')
  
-@@ -4789,3 +4842,34 @@
+@@ -4740,3 +4821,34 @@
  	allow $1 user_home_dir_t:dir create_dir_perms;
  	files_home_filetrans($1,user_home_dir_t,dir)
  ')
@@ -3083,9 +3580,9 @@
 +        dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.7/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/system/userdomain.te	2006-08-12 07:18:46.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.8/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2006-08-16 08:46:31.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/userdomain.te	2006-08-18 07:38:03.000000000 -0400
 @@ -56,14 +56,6 @@
  # Local policy
  #
@@ -3168,7 +3665,18 @@
  	', `
  		logging_manage_audit_log(sysadm_t)
  		logging_manage_audit_config(sysadm_t)
-@@ -443,11 +439,11 @@
+@@ -417,6 +413,10 @@
+ 	')
+ 
+ 	optional_policy(`
++		radius_use(sysadm_t,sysadm_r,admin_terminal)
++	')
++
++	optional_policy(`
+ 		rpm_run(sysadm_t,sysadm_r,admin_terminal)
+ 	')
+ 
+@@ -439,11 +439,11 @@
  			selinux_set_parameters(secadm_t)
  
  			seutil_manage_bin_policy(secadm_t)
@@ -3185,9 +3693,9 @@
  		', `
  			selinux_set_enforce_mode(sysadm_t)
  			selinux_set_boolean(sysadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.7/policy/modules/system/xen.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.8/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/system/xen.if	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/xen.if	2006-08-18 07:38:03.000000000 -0400
 @@ -127,3 +127,41 @@
  	allow xm_t $1:fifo_file rw_file_perms;
  	allow xm_t $1:process sigchld;
@@ -3230,9 +3738,9 @@
 +
 +	dontaudit $1 xend_t:fd use;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.7/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.8/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.7/policy/modules/system/xen.te	2006-08-12 07:18:46.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/xen.te	2006-08-18 07:38:03.000000000 -0400
 @@ -69,7 +69,10 @@
  #
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -r1.252 -r1.253
--- selinux-policy.spec	12 Aug 2006 11:54:51 -0000	1.252
+++ selinux-policy.spec	18 Aug 2006 14:18:35 -0000	1.253
@@ -15,7 +15,7 @@
 %define CHECKPOLICYVER 1.30.4-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.3.7
+Version: 2.3.8
 Release: 1
 License: GPL
 Group: System Environment/Base
@@ -347,6 +347,9 @@
 %endif
 
 %changelog
+* Fri Aug 18 2006 Dan Walsh <dwalsh redhat com> 2.3.8-1
+- Update from upstream
+
 * Sat Aug 10 2006 Dan Walsh <dwalsh redhat com> 2.3.7-1
 - Update from upstream
 - More java fixes


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]