rpms/selinux-policy/devel policy-20060104.patch, 1.28, 1.29 selinux-policy.spec, 1.97, 1.98
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Feb 1 13:21:39 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27367
Modified Files:
policy-20060104.patch selinux-policy.spec
Log Message:
policy-20060104.patch:
admin/usermanage.te | 3 +++
apps/mono.te | 2 +-
apps/wine.te | 2 +-
kernel/filesystem.if | 20 ++++++++++----------
kernel/filesystem.te | 1 +
kernel/mls.te | 3 ++-
services/apache.fc | 2 ++
services/apache.te | 1 +
services/automount.te | 1 +
services/hal.te | 1 +
services/irqbalance.te | 3 +++
services/networkmanager.fc | 4 +++-
services/networkmanager.te | 2 +-
services/procmail.te | 1 +
services/sendmail.if | 15 +++++++++++++++
services/spamassassin.te | 1 +
services/xserver.fc | 9 ++++++---
services/xserver.if | 21 +++++++++++++++++++++
services/xserver.te | 9 +++++----
system/init.fc | 3 ++-
system/unconfined.if | 8 ++++++--
system/unconfined.te | 4 ++++
22 files changed, 91 insertions(+), 25 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- policy-20060104.patch 31 Jan 2006 00:35:32 -0000 1.28
+++ policy-20060104.patch 1 Feb 2006 13:21:35 -0000 1.29
@@ -11,6 +11,30 @@
seutil_dontaudit_search_config(passwd_t)
userdom_use_unpriv_users_fd(passwd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.9/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te 2006-01-27 21:35:04.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/apps/mono.te 2006-01-31 17:07:25.000000000 -0500
+@@ -19,7 +19,7 @@
+
+ ifdef(`targeted_policy',`
+ allow mono_t self:process { execheap execmem };
+- unconfined_domain_template(mono_t)
++ unconfined_domain_template(mono_t, noaudit)
+ role system_r types mono_t;
+ ')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.2.9/policy/modules/apps/wine.te
+--- nsaserefpolicy/policy/modules/apps/wine.te 2006-01-19 18:02:04.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/apps/wine.te 2006-01-31 17:10:24.000000000 -0500
+@@ -19,7 +19,7 @@
+
+ ifdef(`targeted_policy',`
+ allow wine_t self:process { execstack execmem };
+- unconfined_domain_template(wine_t)
++ unconfined_domain_template(wine_t, noaudit)
+ role system_r types wine_t;
+ allow wine_t file_type:file execmod;
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.9/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-30 18:40:35.000000000 -0500
+++ serefpolicy-2.2.9/policy/modules/kernel/filesystem.if 2006-01-30 19:01:01.000000000 -0500
@@ -188,11 +212,13 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.2.9/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.2.9/policy/modules/services/networkmanager.fc 2006-01-30 19:01:01.000000000 -0500
-@@ -1,2 +1,2 @@
++++ serefpolicy-2.2.9/policy/modules/services/networkmanager.fc 2006-01-31 08:05:24.000000000 -0500
+@@ -1,2 +1,4 @@
-/usr/bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+/usr/(s)?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
++/var/run/NetworkManager.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.9/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-01-19 10:00:41.000000000 -0500
+++ serefpolicy-2.2.9/policy/modules/services/networkmanager.te 2006-01-30 19:01:01.000000000 -0500
@@ -241,6 +267,17 @@
########################################
## <summary>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.2.9/policy/modules/services/spamassassin.te
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/spamassassin.te 2006-02-01 08:17:33.000000000 -0500
+@@ -77,6 +77,7 @@
+ # DnsResolver.pm module which binds to
+ # random ports >= 1024.
+ corenet_udp_bind_generic_port(spamd_t)
++sysnet_use_ldap(spamd_t)
+
+ dev_read_sysfs(spamd_t)
+ dev_read_urand(spamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-2.2.9/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2006-01-30 18:40:36.000000000 -0500
+++ serefpolicy-2.2.9/policy/modules/services/xserver.fc 2006-01-30 19:01:01.000000000 -0500
@@ -335,9 +372,33 @@
ifdef(`distro_gentoo', `
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.9/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-01-30 18:40:37.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/unconfined.if 2006-01-31 17:12:23.000000000 -0500
+@@ -41,14 +41,18 @@
+ tunable_policy(`allow_execheap',`
+ # Allow making the stack executable via mprotect.
+ allow $1 self:process execheap;
+- auditallow $1 self:process execheap;
++ ifelse($2, `', `
++ auditallow $1 self:process execheap;
++ ')
+ ')
+
+ tunable_policy(`allow_execmem',`
+ # Allow making anonymous memory executable, e.g.
+ # for runtime-code generation or executable stack.
+ allow $1 self:process execmem;
+- auditallow $1 self:process execmem;
++ ifelse($2, `', `
++ auditallow $1 self:process execmem;
++ ')
+ ')
+
+ tunable_policy(`allow_execmem && allow_execstack',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.9/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-01-27 21:35:05.000000000 -0500
-+++ serefpolicy-2.2.9/policy/modules/system/unconfined.te 2006-01-30 19:01:01.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/unconfined.te 2006-01-31 17:01:37.000000000 -0500
@@ -148,4 +148,8 @@
optional_policy(`wine',`
wine_domtrans(unconfined_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- selinux-policy.spec 31 Jan 2006 00:35:32 -0000 1.97
+++ selinux-policy.spec 1 Feb 2006 13:21:35 -0000 1.98
@@ -1,12 +1,12 @@
%define distro redhat
%define monolithic n
%define POLICYVER 20
-%define POLICYCOREUTILSVER 1.29.5-1
+%define POLICYCOREUTILSVER 1.29.17-1
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.9
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -282,6 +282,13 @@
%{_usr}/share/selinux/refpolicy/include/*
%changelog
+
+* Wed Feb 1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.9-2
+- Fix for spamd to use ldap
+
+* Fri Jan 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.9-1
+- Update to upstream
+
* Fri Jan 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.8-2
- Update to upstream
- Fix rhgb, and other Xorg startups
More information about the fedora-cvs-commits
mailing list