rpms/selinux-policy/devel policy-20060829.patch, NONE, 1.1 .cvsignore, 1.82, 1.83 selinux-policy.spec, 1.261, 1.262 sources, 1.86, 1.87
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Aug 30 20:59:53 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6928
Modified Files:
.cvsignore selinux-policy.spec sources
Added Files:
policy-20060829.patch
Log Message:
* Tue Aug 29 2006 Dan Walsh <dwalsh at redhat.com> 2.3.10-1
- Upgrade to upstream
policy-20060829.patch:
admin/amanda.fc | 50 -----
admin/anaconda.te | 11 +
admin/bootloader.fc | 2
admin/consoletype.te | 7
admin/firstboot.te | 10 -
admin/rpm.fc | 2
admin/rpm.if | 13 -
apps/java.fc | 2
apps/mono.te | 1
kernel/corecommands.fc | 2
kernel/corecommands.if | 1
kernel/corenetwork.te.in | 4
kernel/devices.fc | 2
kernel/files.fc | 1
kernel/filesystem.te | 2
kernel/kernel.if | 39 ++++
kernel/terminal.fc | 2
services/apache.te | 1
services/ccs.fc | 8
services/ccs.if | 65 +++++++
services/ccs.te | 84 +++++++++
services/cron.if | 8
services/cron.te | 1
services/dbus.if | 1
services/dovecot.te | 2
services/ldap.te | 2
services/ntp.te | 6
services/oddjob.fc | 8
services/oddjob.if | 76 ++++++++
services/oddjob.te | 70 ++++++++
services/oddjob_mkhomedir.fc | 6
services/oddjob_mkhomedir.if | 24 ++
services/oddjob_mkhomedir.te | 26 ++
services/pegasus.if | 31 +++
services/pegasus.te | 5
services/procmail.te | 1
services/ricci.fc | 20 ++
services/ricci.if | 184 +++++++++++++++++++++
services/ricci.te | 373 +++++++++++++++++++++++++++++++++++++++++++
services/rpc.te | 1
services/setroubleshoot.fc | 9 +
services/setroubleshoot.if | 3
services/setroubleshoot.te | 112 ++++++++++++
services/spamassassin.te | 1
services/ssh.if | 24 ++
services/stunnel.te | 2
services/xserver.if | 61 ++++++-
services/xserver.te | 4
system/authlogin.te | 8
system/fstools.te | 1
system/hostname.te | 5
system/init.if | 7
system/init.te | 3
system/logging.fc | 1
system/lvm.te | 2
system/modutils.te | 1
system/mount.te | 4
system/selinuxutil.te | 9 +
system/udev.te | 5
system/unconfined.fc | 1
system/unconfined.if | 1
system/userdomain.if | 246 +++++++++++++++++++---------
system/userdomain.te | 48 ++---
63 files changed, 1520 insertions(+), 192 deletions(-)
--- NEW FILE policy-20060829.patch ---
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.10/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2006-08-29 09:00:30.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/amanda.fc 2006-08-29 10:39:25.000000000 -0400
@@ -11,61 +11,11 @@
/usr/lib(64)?/amanda -d gen_context(system_u:object_r:amanda_usr_lib_t,s0)
/usr/lib(64)?/amanda/.+ -- gen_context(system_u:object_r:amanda_exec_t,s0)
/usr/lib(64)?/amanda/amandad -- gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
-/usr/lib(64)?/amanda/amcat\.awk -- gen_context(system_u:object_r:amanda_script_exec_t,s0)
-/usr/lib(64)?/amanda/amcleanupdisk -- gen_context(system_u:object_r:amanda_exec_t,s0)
/usr/lib(64)?/amanda/amidxtaped -- gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
/usr/lib(64)?/amanda/amindexd -- gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
-/usr/lib(64)?/amanda/amlogroll -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/amplot\.awk -- gen_context(system_u:object_r:amanda_script_exec_t,s0)
-/usr/lib(64)?/amanda/amplot\.g -- gen_context(system_u:object_r:amanda_script_exec_t,s0)
-/usr/lib(64)?/amanda/amplot\.gp -- gen_context(system_u:object_r:amanda_script_exec_t,s0)
-/usr/lib(64)?/amanda/amtrmidx -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/amtrmlog -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/calcsize -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-chio -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-chs -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-manual -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-mtx -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-multi -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-rth -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-scsi -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/chg-zd-mtx -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/driver -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/dumper -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/killpgrp -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/patch-system -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/planner -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/rundump -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/runtar -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/selfcheck -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/sendbackup -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/sendsize -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/taper -- gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib(64)?/amanda/versionsuffix -- gen_context(system_u:object_r:amanda_exec_t,s0)
-
-/usr/sbin/amadmin -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amcheck -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amcheckdb -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amcleanup -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amdump -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amflush -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amgetconf -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amlabel -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amoverview -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amplot -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
/usr/sbin/amrecover -- gen_context(system_u:object_r:amanda_recover_exec_t,s0)
-/usr/sbin/amreport -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amrestore -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amrmtape -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amstatus -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amtape -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amtoc -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-/usr/sbin/amverify -- gen_context(system_u:object_r:amanda_user_exec_t,s0)
-
/var/lib/amanda -d gen_context(system_u:object_r:amanda_var_lib_t,s0)
/var/lib/amanda/\.amandahosts -- gen_context(system_u:object_r:amanda_config_t,s0)
-/var/lib/amanda/\.bashrc -- gen_context(system_u:object_r:amanda_shellconfig_t,s0)
-/var/lib/amanda/\.profile -- gen_context(system_u:object_r:amanda_shellconfig_t,s0)
/var/lib/amanda/disklist -- gen_context(system_u:object_r:amanda_data_t,s0)
/var/lib/amanda/gnutar-lists(/.*)? gen_context(system_u:object_r:amanda_gnutarlists_t,s0)
/var/lib/amanda/index gen_context(system_u:object_r:amanda_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.10/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-08-29 09:00:30.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/anaconda.te 2006-08-29 10:39:25.000000000 -0400
@@ -60,3 +60,14 @@
optional_policy(`
usermanage_domtrans_admin_passwd(anaconda_t)
')
+
+optional_policy(`
+ ssh_domtrans_keygen(anaconda_t)
+')
+
+
+# The following is just to quiet the anaconda complaining during the install
+dontaudit domain anaconda_t:fd use;
+dontaudit domain anaconda_t:fifo_file r_file_perms;
+dontaudit domain anaconda_t:unix_stream_socket connectto;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.10/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/bootloader.fc 2006-08-29 10:39:25.000000000 -0400
@@ -10,3 +10,5 @@
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/boot/grup/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
+/boot/grup/slapsh.xpm.gz -- gen_context(system_u:object_r:boot_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.10/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/consoletype.te 2006-08-29 10:39:25.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
type consoletype_exec_t;
-init_domain(consoletype_t,consoletype_exec_t)
+#dont transition from initrc
+#init_domain(consoletype_t,consoletype_exec_t)
+domain_type(consoletype_t)
+domain_entry_file(consoletype_t,consoletype_exec_t)
+role system_r types consoletype_t;
+
mls_file_read_up(consoletype_t)
mls_file_write_down(consoletype_t)
role system_r types consoletype_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.10/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-08-29 09:00:30.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/firstboot.te 2006-08-29 10:39:25.000000000 -0400
@@ -38,9 +38,8 @@
allow firstboot_t firstboot_etc_t:file { getattr read };
-allow firstboot_t firstboot_rw_t:dir create_dir_perms;
-allow firstboot_t firstboot_rw_t:file create_file_perms;
-files_etc_filetrans(firstboot_t,firstboot_rw_t,file)
+files_manage_etc_runtime_files(firstboot_t)
+files_etc_filetrans_etc_runtime(firstboot_t, { file dir })
# The big hammer
unconfined_domain(firstboot_t)
@@ -124,6 +123,11 @@
usermanage_domtrans_useradd(firstboot_t)
')
+optional_policy(`
+ usermanage_domtrans_admin_passwd(firstboot_t)
+')
+
+
ifdef(`TODO',`
allow firstboot_t proc_t:file write;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.10/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/rpm.fc 2006-08-29 10:39:25.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/up2date -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/apt-get -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0)
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.10/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/admin/rpm.if 2006-08-29 10:39:25.000000000 -0400
@@ -75,12 +75,13 @@
')
rpm_domtrans($1)
- role $2 types rpm_t;
- role $2 types rpm_script_t;
- seutil_run_loadpolicy(rpm_script_t,$2,$3)
- seutil_run_semanage(rpm_script_t,$2,$3)
- seutil_run_setfiles(rpm_script_t,$2,$3)
- seutil_run_restorecon(rpm_script_t,$2,$3)
+ #role $2 types rpm_t;
+ #role $2 types rpm_script_t;
+ role_transition $2 rpm_exec_t system_r;
+ seutil_run_loadpolicy(rpm_script_t,system_r,$3)
+ seutil_run_semanage(rpm_script_t,system_r,$3)
+ seutil_run_setfiles(rpm_script_t,system_r,$3)
+ seutil_run_restorecon(rpm_script_t,system_r,$3)
allow rpm_t $3:chr_file rw_term_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.10/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/apps/java.fc 2006-08-29 10:39:25.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
#
-/opt/(.*/)?bin/java([^/]*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/(.*/)?java([^/]*)? -- gen_context(system_u:object_r:java_exec_t,s0)
#
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.10/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-07-14 17:04:31.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/apps/mono.te 2006-08-29 10:39:25.000000000 -0400
@@ -21,6 +21,7 @@
allow mono_t self:process { execheap execmem };
unconfined_domain_noaudit(mono_t)
unconfined_dbus_chat(mono_t)
+ userdom_generic_user_home_dir_filetrans_generic_user_home_content(mono_t,{ dir file lnk_file fifo_file sock_file })
init_dbus_chat_script(mono_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.10/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-08-29 09:00:26.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/kernel/corecommands.fc 2006-08-29 10:39:25.000000000 -0400
@@ -54,7 +54,9 @@
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
[...2207 lines suppressed...]
+
+ dontaudit $1 sysadm_home_t:file ra_file_perms;
+')
+
+########################################
+## <summary>
## Read files in the staff users home directory.
## </summary>
## <param name="domain">
@@ -4079,7 +4132,7 @@
gen_require(`
type user_home_dir_t;
')
-
+ allow $1 user_home_dir_t:dir manage_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -4164,7 +4217,7 @@
')
files_search_home($1)
- allow $1 user_home_dir_t:dir search_dir_perms;
+ allow $1 user_home_dir_t:dir rw_dir_perms;
allow $1 user_home_t:dir create_dir_perms;
')
@@ -4206,7 +4259,7 @@
')
files_search_home($1)
- allow $1 user_home_dir_t:dir search_dir_perms;
+ allow $1 user_home_dir_t:dir rw_dir_perms;
allow $1 user_home_t:dir rw_dir_perms;
allow $1 user_home_t:file create_file_perms;
')
@@ -4228,7 +4281,7 @@
')
files_search_home($1)
- allow $1 user_home_dir_t:dir search_dir_perms;
+ allow $1 user_home_dir_t:dir rw_dir_perms;
allow $1 user_home_t:dir rw_dir_perms;
allow $1 user_home_t:lnk_file create_lnk_perms;
')
@@ -4250,7 +4303,7 @@
')
files_search_home($1)
- allow $1 user_home_dir_t:dir search_dir_perms;
+ allow $1 user_home_dir_t:dir rw_dir_perms;
allow $1 user_home_t:dir rw_dir_perms;
allow $1 user_home_t:fifo_file create_file_perms;
')
@@ -4272,7 +4325,7 @@
')
files_search_home($1)
- allow $1 user_home_dir_t:dir search_dir_perms;
+ allow $1 user_home_dir_t:dir rw_dir_perms;
allow $1 user_home_t:dir rw_dir_perms;
allow $1 user_home_t:sock_file create_file_perms;
')
@@ -4740,3 +4793,34 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
+
+########################################
+## <summary>
+## The template containing rules for changing from one role to another
+## </summary>
+## <desc>
+## <p>
+## This should only be used for new non login user roles, rather the
+## unpriv_user_template or admin_user_template should
+## be used.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## userdomain changing from
+## </summary>
+## </param>
+## <param name="userdomain_prefix">
+## <summary>
+## userdomain changing to
+## </summary>
+## </param>
+#
+template(`role_change_template',`
+ allow $1_r $2_r;
+ type_change $2_t $1_devpts_t:chr_file $2_devpts_t;
+ type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t;
+ # avoid annoying messages on terminal hangup
+ dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.10/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-08-16 08:46:31.000000000 -0400
+++ serefpolicy-2.3.10/policy/modules/system/userdomain.te 2006-08-29 10:39:25.000000000 -0400
@@ -56,14 +56,6 @@
# Local policy
#
-define(`role_change',`
- allow $1_r $2_r;
- type_change $2_t $1_devpts_t:chr_file $2_devpts_t;
- type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t;
- # avoid annoying messages on terminal hangup
- dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
-')
-
ifdef(`targeted_policy',`
# Define some type aliases to help with compatibility with
# macros and domains from the "strict" policy.
@@ -124,34 +116,34 @@
# user role change rules:
# sysadm_r can change to user roles
- role_change(sysadm, user)
- role_change(sysadm, staff)
+ role_change_template(sysadm, user)
+ role_change_template(sysadm, staff)
# only staff_r can change to sysadm_r
- role_change(staff, sysadm)
+ role_change_template(staff, sysadm)
ifdef(`enable_mls',`
unpriv_user_template(secadm)
unpriv_user_template(auditadm)
- role_change(staff,auditadm)
- role_change(staff,secadm)
+ role_change_template(staff,auditadm)
+ role_change_template(staff,secadm)
- role_change(sysadm,secadm)
- role_change(sysadm,auditadm)
+ role_change_template(sysadm,secadm)
+ role_change_template(sysadm,auditadm)
- role_change(auditadm,secadm)
- role_change(auditadm,sysadm)
+ role_change_template(auditadm,secadm)
+ role_change_template(auditadm,sysadm)
- role_change(secadm,auditadm)
- role_change(secadm,sysadm)
+ role_change_template(secadm,auditadm)
+ role_change_template(secadm,sysadm)
')
# this should be tunable_policy, but
# currently type_change and RBAC allow
# do not work in conditionals
ifdef(`user_canbe_sysadm',`
- role_change(user,sysadm)
+ role_change_template(user,sysadm)
')
allow privhome home_root_t:dir { getattr search };
@@ -172,6 +164,8 @@
mls_process_read_up(sysadm_t)
+ term_getattr_all_user_ttys(sysadm_t)
+
init_exec(sysadm_t)
ifdef(`direct_sysadm_daemon',`
@@ -210,7 +204,9 @@
init_exec(secadm_t)
logging_read_audit_log(secadm_t)
logging_read_generic_logs(secadm_t)
- userdom_dontaudit_append_staff_home_content_files(secadm_t)
+ userdom_dontaudit_append_sysadm_home_content_files(secadm_t)
+ userdom_dontaudit_read_sysadm_home_content_files(secadm_t)
+
', `
logging_manage_audit_log(sysadm_t)
logging_manage_audit_config(sysadm_t)
@@ -439,11 +435,11 @@
selinux_set_parameters(secadm_t)
seutil_manage_bin_policy(secadm_t)
- seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal)
- seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal)
- seutil_run_semanage(secadm_t,secadm_r,admin_terminal)
- seutil_run_setfiles(secadm_t,secadm_r,admin_terminal)
- seutil_run_restorecon(secadm_t,secadm_r,admin_terminal)
+ seutil_run_checkpolicy(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
+ seutil_run_loadpolicy(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
+ seutil_run_semanage(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
+ seutil_run_setfiles(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
+ seutil_run_restorecon(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- .cvsignore 23 Aug 2006 20:42:38 -0000 1.82
+++ .cvsignore 30 Aug 2006 20:59:51 -0000 1.83
@@ -83,3 +83,5 @@
serefpolicy-2.3.7.tgz
serefpolicy-2.3.8.tgz
serefpolicy-2.3.9.tgz
+serefpolicy-2.3.10.tgz
+clog
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.261
retrieving revision 1.262
diff -u -r1.261 -r1.262
--- selinux-policy.spec 28 Aug 2006 21:49:05 -0000 1.261
+++ selinux-policy.spec 30 Aug 2006 20:59:51 -0000 1.262
@@ -15,12 +15,12 @@
%define CHECKPOLICYVER 1.30.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.3.9
-Release: 6
+Version: 2.3.10
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-20060802.patch
+patch: policy-20060829.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -37,7 +37,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
-PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage > 1.6.13-1
+PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage > 1.6.16-1
Obsoletes: policy
%description
@@ -347,6 +347,9 @@
%endif
%changelog
+* Tue Aug 29 2006 Dan Walsh <dwalsh at redhat.com> 2.3.10-1
+- Upgrade to upstream
+
* Mon Aug 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.9-6
- Fix install problems
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- sources 23 Aug 2006 20:42:38 -0000 1.86
+++ sources 30 Aug 2006 20:59:51 -0000 1.87
@@ -1 +1 @@
-41f53e40030dbc765875f29d3b34dc2a serefpolicy-2.3.9.tgz
+f3e5eb409c4d0a06738b616e2742353b serefpolicy-2.3.10.tgz
More information about the fedora-cvs-commits
mailing list