rpms/selinux-policy/devel users_extra-mls, NONE, 1.1 users_extra-strict, NONE, 1.1 users_extra-targeted, NONE, 1.1 policy-20060207.patch, 1.4, 1.5 selinux-policy.spec, 1.105, 1.106
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Feb 13 19:51:47 UTC 2006
- Previous message (by thread): rpms/checkpolicy/devel .cvsignore, 1.55, 1.56 checkpolicy.spec, 1.91, 1.92 sources, 1.56, 1.57
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.101, 1.102 policycoreutils-rhat.patch, 1.162, 1.163 policycoreutils.spec, 1.235, 1.236 sources, 1.105, 1.106
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15916
Modified Files:
policy-20060207.patch selinux-policy.spec
Added Files:
users_extra-mls users_extra-strict users_extra-targeted
Log Message:
--- NEW FILE users_extra-mls ---
user root prefix staff;
user staff_u prefix staff;
user user_u prefix user;
user sysadm_u prefix sysadm;
user secadm_u prefix secadm;
--- NEW FILE users_extra-strict ---
user root prefix staff;
user staff_u prefix staff;
user user_u prefix user;
user sysadm_u prefix sysadm;
--- NEW FILE users_extra-targeted ---
user root prefix user;
user user_u prefix user;
policy-20060207.patch:
Rules.modular | 2 -
build.conf | 6 +--
policy/mcs | 13 +++++-
policy/modules/admin/kudzu.te | 2 -
policy/modules/admin/prelink.te | 1
policy/modules/admin/readahead.te | 4 +-
policy/modules/admin/su.if | 7 +--
policy/modules/kernel/bootloader.te | 4 +-
policy/modules/kernel/corenetwork.te.in | 1
policy/modules/kernel/devices.fc | 1
policy/modules/kernel/devices.if | 19 ++++++++++
policy/modules/kernel/devices.te | 5 ++
policy/modules/kernel/domain.te | 4 +-
policy/modules/kernel/files.fc | 2 +
policy/modules/kernel/files.if | 2 -
policy/modules/kernel/filesystem.if | 57 ++++++++++++++++++++++++++++++
policy/modules/kernel/terminal.if | 2 -
policy/modules/services/apache.fc | 4 ++
policy/modules/services/automount.if | 18 +++++++++
policy/modules/services/automount.te | 1
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.if | 2 -
policy/modules/services/cron.te | 1
policy/modules/services/fetchmail.te | 1
policy/modules/services/hal.te | 11 +++++
policy/modules/services/mta.if | 1
policy/modules/services/mta.te | 5 ++
policy/modules/services/networkmanager.te | 7 ++-
policy/modules/services/postfix.te | 6 +++
policy/modules/services/remotelogin.te | 28 +-------------
policy/modules/services/sendmail.te | 1
policy/modules/services/spamassassin.te | 2 +
policy/modules/services/zebra.te | 2 -
policy/modules/system/fstools.te | 2 +
policy/modules/system/init.fc | 3 +
policy/modules/system/libraries.if | 20 ++++++++++
policy/modules/system/libraries.te | 1
policy/modules/system/locallogin.te | 4 --
policy/modules/system/logging.te | 4 +-
policy/modules/system/mount.te | 2 +
policy/modules/system/selinuxutil.fc | 3 +
policy/modules/system/selinuxutil.if | 42 +++++++++++++++++++++-
policy/modules/system/selinuxutil.te | 52 +++++++++++++++++++++++++++
policy/modules/system/udev.te | 4 +-
policy/modules/system/unconfined.if | 4 +-
policy/modules/system/unconfined.te | 6 +++
policy/modules/system/userdomain.if | 19 ++++++++++
policy/modules/system/userdomain.te | 13 ++++++
48 files changed, 348 insertions(+), 54 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060207.patch 13 Feb 2006 17:14:30 -0000 1.4
+++ policy-20060207.patch 13 Feb 2006 19:51:43 -0000 1.5
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/build.conf serefpolicy-2.2.14/build.conf
--- nsaserefpolicy/build.conf 2006-01-26 16:54:24.000000000 -0500
-+++ serefpolicy-2.2.14/build.conf 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/build.conf 2006-02-13 14:29:38.000000000 -0500
@@ -8,13 +8,13 @@
# version policy it supports. Setting this will
# override the version. This only has an
@@ -28,7 +28,7 @@
# Enable polyinstantiated directory support.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.2.14/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/mcs 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/mcs 2006-02-13 14:29:38.000000000 -0500
@@ -137,15 +137,24 @@
# Only files are constrained by MCS at this stage.
#
@@ -58,7 +58,7 @@
link unlink rename relabelfrom relabelto }')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.2.14/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2006-02-07 10:43:25.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/kudzu.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/kudzu.te 2006-02-13 14:29:38.000000000 -0500
@@ -24,7 +24,6 @@
allow kudzu_t self:capability { dac_override sys_admin sys_rawio net_admin sys_tty_config mknod };
dontaudit kudzu_t self:capability sys_tty_config;
@@ -77,7 +77,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.14/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/prelink.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/prelink.te 2006-02-13 14:29:38.000000000 -0500
@@ -65,6 +65,7 @@
fs_getattr_xattr_fs(prelink_t)
@@ -88,7 +88,7 @@
libs_use_shared_libs(prelink_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.14/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/readahead.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/readahead.te 2006-02-13 14:29:38.000000000 -0500
@@ -47,7 +47,9 @@
fs_search_auto_mountpoints(readahead_t)
fs_getattr_all_pipes(readahead_t)
@@ -102,7 +102,7 @@
term_dontaudit_use_console(readahead_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.14/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-02-10 21:34:11.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/admin/su.if 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/admin/su.if 2006-02-13 14:29:38.000000000 -0500
@@ -23,13 +23,12 @@
# Transition from the user domain to this domain.
domain_auto_trans($2, su_exec_t, $1_su_t)
@@ -122,7 +122,7 @@
allow $1_su_t $2:process sigchld;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/bootloader.te serefpolicy-2.2.14/policy/modules/kernel/bootloader.te
--- nsaserefpolicy/policy/modules/kernel/bootloader.te 2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/bootloader.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/bootloader.te 2006-02-13 14:29:38.000000000 -0500
@@ -71,7 +71,7 @@
allow bootloader_t self:capability { dac_read_search fsetid sys_rawio sys_admin mknod chown };
@@ -143,7 +143,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/corenetwork.te.in 2006-02-13 14:29:38.000000000 -0500
@@ -124,6 +124,7 @@
network_port(uucpd, tcp,540,s0)
network_port(vnc, tcp,5900,s0)
@@ -154,7 +154,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.14/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-02-02 10:39:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.fc 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.fc 2006-02-13 14:29:38.000000000 -0500
@@ -78,6 +78,7 @@
/dev/usb/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
/dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0)
@@ -165,7 +165,7 @@
# originally from named.fc
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.14/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.if 2006-02-12 12:10:27.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.if 2006-02-13 14:29:38.000000000 -0500
@@ -2656,3 +2656,22 @@
typeattribute $1 memory_raw_write, memory_raw_read;
')
@@ -191,7 +191,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.2.14/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2006-02-01 08:23:28.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/devices.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/devices.te 2006-02-13 14:29:38.000000000 -0500
@@ -159,6 +159,11 @@
genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
@@ -206,7 +206,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.14/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-02-10 11:31:48.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/domain.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/domain.te 2006-02-13 14:29:38.000000000 -0500
@@ -63,5 +63,7 @@
# SELinux identity and role change constraints
attribute process_uncond_exempt; # add userhelperdomain to this one
@@ -218,7 +218,7 @@
neverallow ~{ domain unlabeled_t } *:process *;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.14/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-02-03 08:55:52.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/files.fc 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/files.fc 2006-02-13 14:29:38.000000000 -0500
@@ -192,6 +192,8 @@
/usr/share(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:usr_t,s0)
@@ -230,7 +230,7 @@
/usr/tmp/.* <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.14/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/files.if 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/files.if 2006-02-13 14:29:38.000000000 -0500
@@ -2292,7 +2292,7 @@
attribute tmpfile;
')
@@ -242,7 +242,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.14/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-02-10 21:34:12.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/filesystem.if 2006-02-12 12:07:11.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/filesystem.if 2006-02-13 14:29:38.000000000 -0500
@@ -1033,6 +1033,24 @@
########################################
@@ -318,20 +318,9 @@
+
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.14/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/mls.te 2006-02-12 11:55:03.000000000 -0500
-@@ -87,6 +87,7 @@
- ')
-
- ifdef(`enable_mls',`
-+range_transition secadm_t semodule_exec_t s15:c0.c255;
- range_transition initrc_t auditd_exec_t s15:c0.c255;
- range_transition kernel_t init_exec_t s0 - s15:c0.c255;
- range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.14/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/kernel/terminal.if 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/kernel/terminal.if 2006-02-13 14:29:38.000000000 -0500
@@ -430,7 +430,7 @@
type devpts_t;
')
@@ -343,7 +332,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.14/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/apache.fc 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/apache.fc 2006-02-13 14:29:38.000000000 -0500
@@ -48,6 +48,7 @@
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -368,7 +357,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-2.2.14/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/automount.if 2006-02-12 12:07:50.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/automount.if 2006-02-13 14:29:38.000000000 -0500
@@ -43,3 +43,21 @@
corecmd_search_sbin($1)
can_exec($1,automount_etc_t)
@@ -393,7 +382,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.14/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/automount.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/automount.te 2006-02-13 14:29:38.000000000 -0500
@@ -63,6 +63,7 @@
kernel_read_system_state(automount_t)
kernel_list_proc(automount_t)
@@ -404,7 +393,7 @@
corecmd_exec_sbin(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.14/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-02-03 08:55:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/bluetooth.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/bluetooth.te 2006-02-13 14:29:38.000000000 -0500
@@ -101,6 +101,7 @@
dev_read_sysfs(bluetooth_t)
@@ -415,7 +404,7 @@
fs_getattr_all_fs(bluetooth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.14/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/cron.if 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/cron.if 2006-02-13 14:29:38.000000000 -0500
@@ -429,7 +429,7 @@
type crond_t;
')
@@ -427,7 +416,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.14/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-02-10 11:31:48.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/cron.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/cron.te 2006-02-13 14:29:38.000000000 -0500
@@ -108,6 +108,7 @@
corecmd_exec_shell(crond_t)
@@ -438,7 +427,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-2.2.14/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2006-02-03 08:55:53.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/fetchmail.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/fetchmail.te 2006-02-13 14:29:38.000000000 -0500
@@ -44,6 +44,7 @@
kernel_list_proc(fetchmail_t)
kernel_getattr_proc_files(fetchmail_t)
@@ -449,7 +438,7 @@
corenet_tcp_sendrecv_generic_if(fetchmail_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.14/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/hal.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/hal.te 2006-02-13 14:29:38.000000000 -0500
@@ -50,6 +50,7 @@
kernel_read_fs_sysctls(hald_t)
kernel_write_proc_files(hald_t)
@@ -504,7 +493,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.2.14/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2006-02-10 21:34:14.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/mta.if 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/mta.if 2006-02-13 14:29:38.000000000 -0500
@@ -458,6 +458,7 @@
allow $1 sendmail_exec_t:lnk_file r_file_perms;
@@ -515,7 +504,7 @@
allow system_mail_t $1:fd use;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.2.14/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2006-02-03 15:45:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/mta.te 2006-02-13 10:21:37.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/mta.te 2006-02-13 14:29:38.000000000 -0500
@@ -30,6 +30,9 @@
mta_base_mail_template(system)
@@ -537,7 +526,7 @@
# compatability for old default main.cf
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.14/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/networkmanager.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/networkmanager.te 2006-02-13 14:29:38.000000000 -0500
@@ -22,7 +22,7 @@
dontaudit NetworkManager_t self:capability sys_tty_config;
allow NetworkManager_t self:process { setcap getsched signal_perms };
@@ -561,7 +550,7 @@
kernel_read_network_state(NetworkManager_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.14/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-02-03 08:55:54.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/postfix.te 2006-02-13 12:08:11.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/postfix.te 2006-02-13 14:29:38.000000000 -0500
@@ -273,6 +273,8 @@
corecmd_exec_shell(postfix_local_t)
corecmd_exec_bin(postfix_local_t)
@@ -591,7 +580,7 @@
allow postfix_postdrop_t postfix_public_t:fifo_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.2.14/policy/modules/services/remotelogin.te
--- nsaserefpolicy/policy/modules/services/remotelogin.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/remotelogin.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/remotelogin.te 2006-02-13 14:29:38.000000000 -0500
@@ -98,6 +98,7 @@
files_list_mnt(remote_login_t)
# for when /var/mail is a sym-link
@@ -634,7 +623,7 @@
-') dnl endif TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.2.14/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/sendmail.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/sendmail.te 2006-02-13 14:29:38.000000000 -0500
@@ -65,6 +65,7 @@
# for piping mail to a command
@@ -645,7 +634,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.2.14/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/spamassassin.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/spamassassin.te 2006-02-13 14:29:38.000000000 -0500
@@ -77,6 +77,8 @@
# DnsResolver.pm module which binds to
# random ports >= 1024.
@@ -657,7 +646,7 @@
dev_read_urand(spamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-2.2.14/policy/modules/services/zebra.te
--- nsaserefpolicy/policy/modules/services/zebra.te 2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/services/zebra.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/services/zebra.te 2006-02-13 14:29:38.000000000 -0500
@@ -34,7 +34,7 @@
allow zebra_t self:unix_dgram_socket create_socket_perms;
allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
@@ -669,7 +658,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.14/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/fstools.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/fstools.te 2006-02-13 14:29:38.000000000 -0500
@@ -57,6 +57,8 @@
kernel_rw_unlabeled_dirs(fsadm_t)
kernel_rw_unlabeled_blk_files(fsadm_t)
@@ -681,7 +670,7 @@
dev_read_rand(fsadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.2.14/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/init.fc 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/init.fc 2006-02-13 14:29:38.000000000 -0500
@@ -22,7 +22,8 @@
#
# /sbin
@@ -694,7 +683,7 @@
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-2.2.14/policy/modules/system/libraries.if
--- nsaserefpolicy/policy/modules/system/libraries.if 2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/libraries.if 2006-02-12 12:08:28.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/libraries.if 2006-02-13 14:29:38.000000000 -0500
@@ -80,6 +80,25 @@
########################################
@@ -731,7 +720,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.2.14/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/libraries.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/libraries.te 2006-02-13 14:29:38.000000000 -0500
@@ -53,6 +53,7 @@
allow ldconfig_t ld_so_cache_t:file create_file_perms;
@@ -742,7 +731,7 @@
allow ldconfig_t lib_t:lnk_file { getattr create read unlink };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.14/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/locallogin.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/locallogin.te 2006-02-13 14:29:38.000000000 -0500
@@ -214,10 +214,8 @@
alsa_domtrans(local_login_t)
')
@@ -757,7 +746,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.14/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/logging.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/logging.te 2006-02-13 14:29:38.000000000 -0500
@@ -92,6 +92,8 @@
term_use_unallocated_ttys(auditctl_t)
')
@@ -778,7 +767,7 @@
allow auditd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.14/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/mount.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/mount.te 2006-02-13 14:29:38.000000000 -0500
@@ -33,6 +33,8 @@
dev_getattr_all_blk_files(mount_t)
dev_list_all_dev_nodes(mount_t)
@@ -790,7 +779,7 @@
storage_raw_write_fixed_disk(mount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc 2006-02-12 11:57:39.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.fc 2006-02-13 14:29:38.000000000 -0500
@@ -10,6 +10,7 @@
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
@@ -807,7 +796,7 @@
+/usr/sbin/semodule -- gen_context(system_u:object_r:semodule_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.14/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.if 2006-02-12 12:03:06.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.if 2006-02-13 14:29:38.000000000 -0500
@@ -587,6 +587,22 @@
########################################
@@ -870,7 +859,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.14/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-02-03 15:45:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.te 2006-02-12 11:58:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/selinuxutil.te 2006-02-13 14:29:38.000000000 -0500
@@ -245,6 +245,7 @@
selinux_compute_relabel_context(newrole_t)
selinux_compute_user_contexts(newrole_t)
@@ -943,7 +932,7 @@
+allow semodule_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.14/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/udev.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/udev.te 2006-02-13 14:29:38.000000000 -0500
@@ -18,6 +18,8 @@
domain_obj_id_change_exemption(udev_t)
domain_entry_file(udev_t,udev_helper_exec_t)
@@ -964,7 +953,7 @@
selinux_validate_context(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.14/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/unconfined.if 2006-02-12 12:13:10.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/unconfined.if 2006-02-13 14:29:38.000000000 -0500
@@ -19,6 +19,7 @@
# Use any Linux capability.
@@ -988,7 +977,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.14/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-02-07 10:43:26.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/unconfined.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/unconfined.te 2006-02-13 14:29:38.000000000 -0500
@@ -152,4 +152,10 @@
optional_policy(`xserver',`
xserver_domtrans_xdm_xserver(unconfined_t)
@@ -1002,7 +991,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.14/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-02-10 21:34:15.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/userdomain.if 2006-02-12 12:09:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/userdomain.if 2006-02-13 14:29:38.000000000 -0500
@@ -3049,6 +3049,25 @@
########################################
@@ -1031,7 +1020,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.14/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-02-03 08:55:55.000000000 -0500
-+++ serefpolicy-2.2.14/policy/modules/system/userdomain.te 2006-02-12 11:55:03.000000000 -0500
++++ serefpolicy-2.2.14/policy/modules/system/userdomain.te 2006-02-13 14:29:38.000000000 -0500
@@ -162,10 +162,16 @@
')
')
@@ -1070,3 +1059,15 @@
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.14/Rules.modular
+--- nsaserefpolicy/Rules.modular 2006-01-26 16:54:24.000000000 -0500
++++ serefpolicy-2.2.14/Rules.modular 2006-02-13 14:29:38.000000000 -0500
+@@ -81,7 +81,7 @@
+ #
+ $(BASE_PKG): tmp/base.mod $(BASE_FC)
+ @echo "Creating $(NAME) base module package"
+- $(verbose) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
++ $(verbose) $(SEMOD_PKG) $(USER_EXTRAS) -o $@ -m tmp/base.mod -f $(BASE_FC)
+
+ tmp/base.mod: base.conf
+ @echo "Compiling $(NAME) base module"
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- selinux-policy.spec 13 Feb 2006 17:14:30 -0000 1.105
+++ selinux-policy.spec 13 Feb 2006 19:51:43 -0000 1.106
@@ -61,7 +61,7 @@
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
%define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} USER_EXTRAS="-u ${RPM_SOURCE_DIR}/users_extra-%1" base.pp \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} modules \
%{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
%{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
@@ -75,13 +75,11 @@
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/users_extra \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
install -m0644 ${RPM_SOURCE_DIR}/seusers-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/seusers \
-install -m0644 ${RPM_SOURCE_DIR}/users_extra-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/users_extra \
install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/setrans.conf \
%nil
@@ -95,11 +93,9 @@
%dir %{_sysconfdir}/selinux/%1 \
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
%ghost %{_sysconfdir}/selinux/%1/seusers \
-%ghost %{_sysconfdir}/selinux/%1/users_extra \
%dir %{_sysconfdir}/selinux/%1/modules \
%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
-%verify(not md5 size mtime) %attr(600,root,root) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
%dir %{_sysconfdir}/selinux/%1/policy/ \
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
%dir %{_sysconfdir}/selinux/%1/contexts \
- Previous message (by thread): rpms/checkpolicy/devel .cvsignore, 1.55, 1.56 checkpolicy.spec, 1.91, 1.92 sources, 1.56, 1.57
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.101, 1.102 policycoreutils-rhat.patch, 1.162, 1.163 policycoreutils.spec, 1.235, 1.236 sources, 1.105, 1.106
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list