rpms/selinux-policy/devel users_extra-mls, NONE, 1.1 users_extra-strict, NONE, 1.1 users_extra-targeted, NONE, 1.1 policy-20060207.patch, 1.4, 1.5 selinux-policy.spec, 1.105, 1.106

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Feb 13 19:51:47 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15916

Modified Files:
	policy-20060207.patch selinux-policy.spec 
Added Files:
	users_extra-mls users_extra-strict users_extra-targeted 
Log Message:



--- NEW FILE users_extra-mls ---
user root prefix staff;
user staff_u prefix staff;
user user_u prefix user;
user sysadm_u prefix sysadm;
user secadm_u prefix secadm;


--- NEW FILE users_extra-strict ---
user root prefix staff;
user staff_u prefix staff;
user user_u prefix user;
user sysadm_u prefix sysadm;


--- NEW FILE users_extra-targeted ---
user root prefix user;
user user_u prefix user;

policy-20060207.patch:
 Rules.modular                             |    2 -
 build.conf                                |    6 +--
 policy/mcs                                |   13 +++++-
 policy/modules/admin/kudzu.te             |    2 -
 policy/modules/admin/prelink.te           |    1 
 policy/modules/admin/readahead.te         |    4 +-
 policy/modules/admin/su.if                |    7 +--
 policy/modules/kernel/bootloader.te       |    4 +-
 policy/modules/kernel/corenetwork.te.in   |    1 
 policy/modules/kernel/devices.fc          |    1 
 policy/modules/kernel/devices.if          |   19 ++++++++++
 policy/modules/kernel/devices.te          |    5 ++
 policy/modules/kernel/domain.te           |    4 +-
 policy/modules/kernel/files.fc            |    2 +
 policy/modules/kernel/files.if            |    2 -
 policy/modules/kernel/filesystem.if       |   57 ++++++++++++++++++++++++++++++
 policy/modules/kernel/terminal.if         |    2 -
 policy/modules/services/apache.fc         |    4 ++
 policy/modules/services/automount.if      |   18 +++++++++
 policy/modules/services/automount.te      |    1 
 policy/modules/services/bluetooth.te      |    1 
 policy/modules/services/cron.if           |    2 -
 policy/modules/services/cron.te           |    1 
 policy/modules/services/fetchmail.te      |    1 
 policy/modules/services/hal.te            |   11 +++++
 policy/modules/services/mta.if            |    1 
 policy/modules/services/mta.te            |    5 ++
 policy/modules/services/networkmanager.te |    7 ++-
 policy/modules/services/postfix.te        |    6 +++
 policy/modules/services/remotelogin.te    |   28 +-------------
 policy/modules/services/sendmail.te       |    1 
 policy/modules/services/spamassassin.te   |    2 +
 policy/modules/services/zebra.te          |    2 -
 policy/modules/system/fstools.te          |    2 +
 policy/modules/system/init.fc             |    3 +
 policy/modules/system/libraries.if        |   20 ++++++++++
 policy/modules/system/libraries.te        |    1 
 policy/modules/system/locallogin.te       |    4 --
 policy/modules/system/logging.te          |    4 +-
 policy/modules/system/mount.te            |    2 +
 policy/modules/system/selinuxutil.fc      |    3 +
 policy/modules/system/selinuxutil.if      |   42 +++++++++++++++++++++-
 policy/modules/system/selinuxutil.te      |   52 +++++++++++++++++++++++++++
 policy/modules/system/udev.te             |    4 +-
 policy/modules/system/unconfined.if       |    4 +-
 policy/modules/system/unconfined.te       |    6 +++
 policy/modules/system/userdomain.if       |   19 ++++++++++
 policy/modules/system/userdomain.te       |   13 ++++++
 48 files changed, 348 insertions(+), 54 deletions(-)

Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060207.patch	13 Feb 2006 17:14:30 -0000	1.4
+++ policy-20060207.patch	13 Feb 2006 19:51:43 -0000	1.5
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/build.conf serefpolicy-2.2.14/build.conf
 --- nsaserefpolicy/build.conf	2006-01-26 16:54:24.000000000 -0500
-+++ serefpolicy-2.2.14/build.conf	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/build.conf	2006-02-13 14:29:38.000000000 -0500
 @@ -8,13 +8,13 @@
  # version policy it supports.  Setting this will
  # override the version.  This only has an
@@ -28,7 +28,7 @@
  # Enable polyinstantiated directory support.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.2.14/policy/mcs
 --- nsaserefpolicy/policy/mcs	2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/mcs	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/mcs	2006-02-13 14:29:38.000000000 -0500
 @@ -137,15 +137,24 @@
  # Only files are constrained by MCS at this stage.
  #
@@ -58,7 +58,7 @@
  link unlink rename relabelfrom relabelto }')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.2.14/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2006-02-07 10:43:25.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/kudzu.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/kudzu.te	2006-02-13 14:29:38.000000000 -0500
 @@ -24,7 +24,6 @@
  allow kudzu_t self:capability { dac_override sys_admin sys_rawio net_admin sys_tty_config mknod };
  dontaudit kudzu_t self:capability sys_tty_config;
@@ -77,7 +77,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.14/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/prelink.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/prelink.te	2006-02-13 14:29:38.000000000 -0500
 @@ -65,6 +65,7 @@
  fs_getattr_xattr_fs(prelink_t)
  
@@ -88,7 +88,7 @@
  libs_use_shared_libs(prelink_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.14/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/readahead.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/readahead.te	2006-02-13 14:29:38.000000000 -0500
 @@ -47,7 +47,9 @@
  fs_search_auto_mountpoints(readahead_t)
  fs_getattr_all_pipes(readahead_t)
@@ -102,7 +102,7 @@
  term_dontaudit_use_console(readahead_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.14/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2006-02-10 21:34:11.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/su.if	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/su.if	2006-02-13 14:29:38.000000000 -0500
 @@ -23,13 +23,12 @@
  	# Transition from the user domain to this domain.
  	domain_auto_trans($2, su_exec_t, $1_su_t)
@@ -122,7 +122,7 @@
  	allow $1_su_t $2:process sigchld;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/bootloader.te serefpolicy-2.2.14/policy/modules/kernel/bootloader.te
 --- nsaserefpolicy/policy/modules/kernel/bootloader.te	2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/bootloader.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/bootloader.te	2006-02-13 14:29:38.000000000 -0500
 @@ -71,7 +71,7 @@
  
  allow bootloader_t self:capability { dac_read_search fsetid sys_rawio sys_admin mknod chown };
@@ -143,7 +143,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in	2006-02-13 14:29:38.000000000 -0500
 @@ -124,6 +124,7 @@
  network_port(uucpd, tcp,540,s0)
  network_port(vnc, tcp,5900,s0)
@@ -154,7 +154,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.14/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-02-02 10:39:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.fc	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.fc	2006-02-13 14:29:38.000000000 -0500
 @@ -78,6 +78,7 @@
  /dev/usb/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  /dev/usb/mdc800.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
@@ -165,7 +165,7 @@
  # originally from named.fc
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.14/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.if	2006-02-12 12:10:27.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.if	2006-02-13 14:29:38.000000000 -0500
 @@ -2656,3 +2656,22 @@
  	typeattribute $1 memory_raw_write, memory_raw_read;
  ')
@@ -191,7 +191,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.2.14/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2006-02-01 08:23:28.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.te	2006-02-13 14:29:38.000000000 -0500
 @@ -159,6 +159,11 @@
  genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
  genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
@@ -206,7 +206,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.14/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2006-02-10 11:31:48.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/domain.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/domain.te	2006-02-13 14:29:38.000000000 -0500
 @@ -63,5 +63,7 @@
  # SELinux identity and role change constraints
  attribute process_uncond_exempt;	# add userhelperdomain to this one
@@ -218,7 +218,7 @@
  neverallow ~{ domain unlabeled_t } *:process *;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.14/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/files.fc	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/files.fc	2006-02-13 14:29:38.000000000 -0500
 @@ -192,6 +192,8 @@
  /usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
  
@@ -230,7 +230,7 @@
  /usr/tmp/.*			<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.14/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/files.if	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/files.if	2006-02-13 14:29:38.000000000 -0500
 @@ -2292,7 +2292,7 @@
  		attribute tmpfile;
  	')
@@ -242,7 +242,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.14/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/filesystem.if	2006-02-12 12:07:11.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/filesystem.if	2006-02-13 14:29:38.000000000 -0500
 @@ -1033,6 +1033,24 @@
  
  ########################################
@@ -318,20 +318,9 @@
 +
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.14/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/mls.te	2006-02-12 11:55:03.000000000 -0500
-@@ -87,6 +87,7 @@
- ')
- 
- ifdef(`enable_mls',`
-+range_transition secadm_t semodule_exec_t s15:c0.c255;
- range_transition initrc_t auditd_exec_t s15:c0.c255;
- range_transition kernel_t init_exec_t s0 - s15:c0.c255;
- range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.14/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/terminal.if	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/terminal.if	2006-02-13 14:29:38.000000000 -0500
 @@ -430,7 +430,7 @@
  		type devpts_t;
  	')
@@ -343,7 +332,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.14/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/apache.fc	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/apache.fc	2006-02-13 14:29:38.000000000 -0500
 @@ -48,6 +48,7 @@
  /var/lib/dav(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
  /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -368,7 +357,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-2.2.14/policy/modules/services/automount.if
 --- nsaserefpolicy/policy/modules/services/automount.if	2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/automount.if	2006-02-12 12:07:50.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/automount.if	2006-02-13 14:29:38.000000000 -0500
 @@ -43,3 +43,21 @@
  	corecmd_search_sbin($1)
  	can_exec($1,automount_etc_t)
@@ -393,7 +382,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.14/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/automount.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/automount.te	2006-02-13 14:29:38.000000000 -0500
 @@ -63,6 +63,7 @@
  kernel_read_system_state(automount_t)
  kernel_list_proc(automount_t)
@@ -404,7 +393,7 @@
  corecmd_exec_sbin(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.14/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2006-02-03 08:55:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/bluetooth.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/bluetooth.te	2006-02-13 14:29:38.000000000 -0500
 @@ -101,6 +101,7 @@
  
  dev_read_sysfs(bluetooth_t)
@@ -415,7 +404,7 @@
  fs_getattr_all_fs(bluetooth_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.14/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/cron.if	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/cron.if	2006-02-13 14:29:38.000000000 -0500
 @@ -429,7 +429,7 @@
  		type crond_t;
  	')
@@ -427,7 +416,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.14/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2006-02-10 11:31:48.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/cron.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/cron.te	2006-02-13 14:29:38.000000000 -0500
 @@ -108,6 +108,7 @@
  
  corecmd_exec_shell(crond_t)
@@ -438,7 +427,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-2.2.14/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2006-02-03 08:55:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/fetchmail.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/fetchmail.te	2006-02-13 14:29:38.000000000 -0500
 @@ -44,6 +44,7 @@
  kernel_list_proc(fetchmail_t)
  kernel_getattr_proc_files(fetchmail_t)
@@ -449,7 +438,7 @@
  corenet_tcp_sendrecv_generic_if(fetchmail_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.14/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/hal.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/hal.te	2006-02-13 14:29:38.000000000 -0500
 @@ -50,6 +50,7 @@
  kernel_read_fs_sysctls(hald_t)
  kernel_write_proc_files(hald_t)
@@ -504,7 +493,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.2.14/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2006-02-10 21:34:14.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/mta.if	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/mta.if	2006-02-13 14:29:38.000000000 -0500
 @@ -458,6 +458,7 @@
  
  	allow $1 sendmail_exec_t:lnk_file r_file_perms;
@@ -515,7 +504,7 @@
  	allow system_mail_t $1:fd use;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.2.14/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2006-02-03 15:45:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/mta.te	2006-02-13 10:21:37.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/mta.te	2006-02-13 14:29:38.000000000 -0500
 @@ -30,6 +30,9 @@
  
  mta_base_mail_template(system)
@@ -537,7 +526,7 @@
  		# compatability for old default main.cf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.14/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/networkmanager.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/networkmanager.te	2006-02-13 14:29:38.000000000 -0500
 @@ -22,7 +22,7 @@
  dontaudit NetworkManager_t self:capability sys_tty_config;
  allow NetworkManager_t self:process { setcap getsched signal_perms };
@@ -561,7 +550,7 @@
  kernel_read_network_state(NetworkManager_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.14/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-02-03 08:55:54.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/postfix.te	2006-02-13 12:08:11.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/postfix.te	2006-02-13 14:29:38.000000000 -0500
 @@ -273,6 +273,8 @@
  corecmd_exec_shell(postfix_local_t)
  corecmd_exec_bin(postfix_local_t)
@@ -591,7 +580,7 @@
  allow postfix_postdrop_t postfix_public_t:fifo_file rw_file_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.2.14/policy/modules/services/remotelogin.te
 --- nsaserefpolicy/policy/modules/services/remotelogin.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/remotelogin.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/remotelogin.te	2006-02-13 14:29:38.000000000 -0500
 @@ -98,6 +98,7 @@
  files_list_mnt(remote_login_t)
  # for when /var/mail is a sym-link
@@ -634,7 +623,7 @@
 -') dnl endif TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.2.14/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/sendmail.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/sendmail.te	2006-02-13 14:29:38.000000000 -0500
 @@ -65,6 +65,7 @@
  
  # for piping mail to a command
@@ -645,7 +634,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.2.14/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/spamassassin.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/spamassassin.te	2006-02-13 14:29:38.000000000 -0500
 @@ -77,6 +77,8 @@
  # DnsResolver.pm module which binds to
  # random ports >= 1024.
@@ -657,7 +646,7 @@
  dev_read_urand(spamd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-2.2.14/policy/modules/services/zebra.te
 --- nsaserefpolicy/policy/modules/services/zebra.te	2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/zebra.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/zebra.te	2006-02-13 14:29:38.000000000 -0500
 @@ -34,7 +34,7 @@
  allow zebra_t self:unix_dgram_socket create_socket_perms;
  allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
@@ -669,7 +658,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.14/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/fstools.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/fstools.te	2006-02-13 14:29:38.000000000 -0500
 @@ -57,6 +57,8 @@
  kernel_rw_unlabeled_dirs(fsadm_t)
  kernel_rw_unlabeled_blk_files(fsadm_t)
@@ -681,7 +670,7 @@
  dev_read_rand(fsadm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.2.14/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/init.fc	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/init.fc	2006-02-13 14:29:38.000000000 -0500
 @@ -22,7 +22,8 @@
  #
  # /sbin
@@ -694,7 +683,7 @@
  /sbin/rc			--	gen_context(system_u:object_r:initrc_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-2.2.14/policy/modules/system/libraries.if
 --- nsaserefpolicy/policy/modules/system/libraries.if	2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/libraries.if	2006-02-12 12:08:28.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/libraries.if	2006-02-13 14:29:38.000000000 -0500
 @@ -80,6 +80,25 @@
  
  ########################################
@@ -731,7 +720,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.2.14/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/libraries.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/libraries.te	2006-02-13 14:29:38.000000000 -0500
 @@ -53,6 +53,7 @@
  
  allow ldconfig_t ld_so_cache_t:file create_file_perms;
@@ -742,7 +731,7 @@
  allow ldconfig_t lib_t:lnk_file { getattr create read unlink };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.14/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/locallogin.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/locallogin.te	2006-02-13 14:29:38.000000000 -0500
 @@ -214,10 +214,8 @@
  	alsa_domtrans(local_login_t)
  ')
@@ -757,7 +746,7 @@
  # 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.14/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/logging.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/logging.te	2006-02-13 14:29:38.000000000 -0500
 @@ -92,6 +92,8 @@
  	term_use_unallocated_ttys(auditctl_t)
  ')
@@ -778,7 +767,7 @@
  allow auditd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.14/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/mount.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/mount.te	2006-02-13 14:29:38.000000000 -0500
 @@ -33,6 +33,8 @@
  dev_getattr_all_blk_files(mount_t)
  dev_list_all_dev_nodes(mount_t)
@@ -790,7 +779,7 @@
  storage_raw_write_fixed_disk(mount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc	2006-02-12 11:57:39.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc	2006-02-13 14:29:38.000000000 -0500
 @@ -10,6 +10,7 @@
  /etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
  
@@ -807,7 +796,7 @@
 +/usr/sbin/semodule		--	gen_context(system_u:object_r:semodule_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.14/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.if	2006-02-12 12:03:06.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.if	2006-02-13 14:29:38.000000000 -0500
 @@ -587,6 +587,22 @@
  
  ########################################
@@ -870,7 +859,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.14/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-02-03 15:45:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.te	2006-02-12 11:58:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.te	2006-02-13 14:29:38.000000000 -0500
 @@ -245,6 +245,7 @@
  selinux_compute_relabel_context(newrole_t)
  selinux_compute_user_contexts(newrole_t)
@@ -943,7 +932,7 @@
 +allow semodule_t self:unix_stream_socket create_stream_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.14/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/udev.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/udev.te	2006-02-13 14:29:38.000000000 -0500
 @@ -18,6 +18,8 @@
  domain_obj_id_change_exemption(udev_t)
  domain_entry_file(udev_t,udev_helper_exec_t)
@@ -964,7 +953,7 @@
  selinux_validate_context(udev_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.14/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/unconfined.if	2006-02-12 12:13:10.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/unconfined.if	2006-02-13 14:29:38.000000000 -0500
 @@ -19,6 +19,7 @@
  
  	# Use any Linux capability.
@@ -988,7 +977,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.14/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/unconfined.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/unconfined.te	2006-02-13 14:29:38.000000000 -0500
 @@ -152,4 +152,10 @@
  	optional_policy(`xserver',`
  		xserver_domtrans_xdm_xserver(unconfined_t)
@@ -1002,7 +991,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.14/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/userdomain.if	2006-02-12 12:09:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/userdomain.if	2006-02-13 14:29:38.000000000 -0500
 @@ -3049,6 +3049,25 @@
  
  ########################################
@@ -1031,7 +1020,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.14/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/userdomain.te	2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/userdomain.te	2006-02-13 14:29:38.000000000 -0500
 @@ -162,10 +162,16 @@
  		')
  	')
@@ -1070,3 +1059,15 @@
  		', `
  			selinux_set_enforce_mode(sysadm_t)
  			selinux_set_boolean(sysadm_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.14/Rules.modular
+--- nsaserefpolicy/Rules.modular	2006-01-26 16:54:24.000000000 -0500
++++ serefpolicy-2.2.14/Rules.modular	2006-02-13 14:29:38.000000000 -0500
+@@ -81,7 +81,7 @@
+ #
+ $(BASE_PKG): tmp/base.mod $(BASE_FC)
+ 	@echo "Creating $(NAME) base module package"
+-	$(verbose) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
++	$(verbose) $(SEMOD_PKG) $(USER_EXTRAS) -o $@ -m tmp/base.mod -f $(BASE_FC)
+ 
+ tmp/base.mod: base.conf
+ 	@echo "Compiling $(NAME) base module"


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- selinux-policy.spec	13 Feb 2006 17:14:30 -0000	1.105
+++ selinux-policy.spec	13 Feb 2006 19:51:43 -0000	1.106
@@ -61,7 +61,7 @@
 cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
 
 %define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} USER_EXTRAS="-u ${RPM_SOURCE_DIR}/users_extra-%1" base.pp \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} modules \
 %{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
 %{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
@@ -75,13 +75,11 @@
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/users_extra \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
 install -m0644 ${RPM_SOURCE_DIR}/seusers-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/seusers \
-install -m0644 ${RPM_SOURCE_DIR}/users_extra-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/users_extra \
 install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/setrans.conf \
 %nil
 
@@ -95,11 +93,9 @@
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
 %ghost %{_sysconfdir}/selinux/%1/seusers \
-%ghost %{_sysconfdir}/selinux/%1/users_extra \
 %dir %{_sysconfdir}/selinux/%1/modules \
 %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
 %verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
-%verify(not md5 size mtime) %attr(600,root,root) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
 %dir %{_sysconfdir}/selinux/%1/policy/ \
 %ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
 %dir %{_sysconfdir}/selinux/%1/contexts \

More information about the fedora-cvs-commits mailing list