rpms/selinux-policy/devel policy-20060104.patch, 1.28, 1.29 selinux-policy.spec, 1.97, 1.98

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Feb 1 13:21:39 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27367

Modified Files:
	policy-20060104.patch selinux-policy.spec 
Log Message:


policy-20060104.patch:
 admin/usermanage.te        |    3 +++
 apps/mono.te               |    2 +-
 apps/wine.te               |    2 +-
 kernel/filesystem.if       |   20 ++++++++++----------
 kernel/filesystem.te       |    1 +
 kernel/mls.te              |    3 ++-
 services/apache.fc         |    2 ++
 services/apache.te         |    1 +
 services/automount.te      |    1 +
 services/hal.te            |    1 +
 services/irqbalance.te     |    3 +++
 services/networkmanager.fc |    4 +++-
 services/networkmanager.te |    2 +-
 services/procmail.te       |    1 +
 services/sendmail.if       |   15 +++++++++++++++
 services/spamassassin.te   |    1 +
 services/xserver.fc        |    9 ++++++---
 services/xserver.if        |   21 +++++++++++++++++++++
 services/xserver.te        |    9 +++++----
 system/init.fc             |    3 ++-
 system/unconfined.if       |    8 ++++++--
 system/unconfined.te       |    4 ++++
 22 files changed, 91 insertions(+), 25 deletions(-)

Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- policy-20060104.patch	31 Jan 2006 00:35:32 -0000	1.28
+++ policy-20060104.patch	1 Feb 2006 13:21:35 -0000	1.29
@@ -11,6 +11,30 @@
  seutil_dontaudit_search_config(passwd_t)
  
  userdom_use_unpriv_users_fd(passwd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.9/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te	2006-01-27 21:35:04.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/apps/mono.te	2006-01-31 17:07:25.000000000 -0500
+@@ -19,7 +19,7 @@
+ 
+ ifdef(`targeted_policy',`
+ 	allow mono_t self:process { execheap execmem };
+-	unconfined_domain_template(mono_t)
++	unconfined_domain_template(mono_t, noaudit)
+ 	role system_r types mono_t;
+ ')
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.2.9/policy/modules/apps/wine.te
+--- nsaserefpolicy/policy/modules/apps/wine.te	2006-01-19 18:02:04.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/apps/wine.te	2006-01-31 17:10:24.000000000 -0500
+@@ -19,7 +19,7 @@
+ 
+ ifdef(`targeted_policy',`
+ 	allow wine_t self:process { execstack execmem };
+-	unconfined_domain_template(wine_t)
++	unconfined_domain_template(wine_t, noaudit)
+ 	role system_r types wine_t;
+ 	allow wine_t file_type:file execmod;
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.9/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-01-30 18:40:35.000000000 -0500
 +++ serefpolicy-2.2.9/policy/modules/kernel/filesystem.if	2006-01-30 19:01:01.000000000 -0500
@@ -188,11 +212,13 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.2.9/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.2.9/policy/modules/services/networkmanager.fc	2006-01-30 19:01:01.000000000 -0500
-@@ -1,2 +1,2 @@
++++ serefpolicy-2.2.9/policy/modules/services/networkmanager.fc	2006-01-31 08:05:24.000000000 -0500
+@@ -1,2 +1,4 @@
  
 -/usr/bin/NetworkManager	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 +/usr/(s)?bin/NetworkManager	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
++/var/run/NetworkManager.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++/var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.9/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-01-19 10:00:41.000000000 -0500
 +++ serefpolicy-2.2.9/policy/modules/services/networkmanager.te	2006-01-30 19:01:01.000000000 -0500
@@ -241,6 +267,17 @@
  
  ########################################
  ## <summary>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.2.9/policy/modules/services/spamassassin.te
+--- nsaserefpolicy/policy/modules/services/spamassassin.te	2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/spamassassin.te	2006-02-01 08:17:33.000000000 -0500
+@@ -77,6 +77,7 @@
+ # DnsResolver.pm module which binds to
+ # random ports >= 1024.
+ corenet_udp_bind_generic_port(spamd_t)
++sysnet_use_ldap(spamd_t)
+ 
+ dev_read_sysfs(spamd_t)
+ dev_read_urand(spamd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-2.2.9/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2006-01-30 18:40:36.000000000 -0500
 +++ serefpolicy-2.2.9/policy/modules/services/xserver.fc	2006-01-30 19:01:01.000000000 -0500
@@ -335,9 +372,33 @@
  
  ifdef(`distro_gentoo', `
  /sbin/rc			--	gen_context(system_u:object_r:initrc_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.9/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2006-01-30 18:40:37.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/unconfined.if	2006-01-31 17:12:23.000000000 -0500
+@@ -41,14 +41,18 @@
+ 	tunable_policy(`allow_execheap',`
+ 		# Allow making the stack executable via mprotect.
+ 		allow $1 self:process execheap;
+-		auditallow $1 self:process execheap;
++		ifelse($2, `', `
++			auditallow $1 self:process execheap;
++		')
+ 	')
+ 
+ 	tunable_policy(`allow_execmem',`
+ 		# Allow making anonymous memory executable, e.g. 
+ 		# for runtime-code generation or executable stack.
+ 		allow $1 self:process execmem;
+-		auditallow $1 self:process execmem;
++		ifelse($2, `', `
++			auditallow $1 self:process execmem;
++		')
+ 	')
+ 
+ 	tunable_policy(`allow_execmem && allow_execstack',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.9/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2006-01-27 21:35:05.000000000 -0500
-+++ serefpolicy-2.2.9/policy/modules/system/unconfined.te	2006-01-30 19:01:01.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/unconfined.te	2006-01-31 17:01:37.000000000 -0500
 @@ -148,4 +148,8 @@
  	optional_policy(`wine',`
  		wine_domtrans(unconfined_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- selinux-policy.spec	31 Jan 2006 00:35:32 -0000	1.97
+++ selinux-policy.spec	1 Feb 2006 13:21:35 -0000	1.98
@@ -1,12 +1,12 @@
 %define distro redhat
 %define monolithic n
 %define POLICYVER 20
-%define POLICYCOREUTILSVER 1.29.5-1
+%define POLICYCOREUTILSVER 1.29.17-1
 %define CHECKPOLICYVER 1.28-3
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.9
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -282,6 +282,13 @@
 %{_usr}/share/selinux/refpolicy/include/*
 
 %changelog
+
+* Wed Feb 1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.9-2
+- Fix for spamd to use ldap
+
+* Fri Jan 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.9-1
+- Update to upstream
+
 * Fri Jan 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.8-2
 - Update to upstream
 - Fix rhgb, and other Xorg startups




More information about the fedora-cvs-commits mailing list