rpms/selinux-policy/devel policy-20060207.patch,1.12,1.13
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Feb 21 05:22:58 UTC 2006
- Previous message (by thread): rpms/gnome-user-docs/devel .cvsignore, 1.10, 1.11 gnome-user-docs.spec, 1.13, 1.14 sources, 1.10, 1.11
- Next message (by thread): rpms/at-spi/devel .cvsignore, 1.19, 1.20 at-spi.spec, 1.28, 1.29 sources, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4255
Modified Files:
policy-20060207.patch
Log Message:
policy-20060207.patch:
policy/modules/admin/su.if | 19 ++----
policy/modules/apps/slocate.te | 2
policy/modules/kernel/devices.if | 39 ++++++++++++++
policy/modules/services/cron.if | 2
policy/modules/services/cron.te | 4 +
policy/modules/services/cups.if | 19 ++++++
policy/modules/services/spamassassin.te | 1
policy/modules/services/ssh.if | 2
policy/modules/system/authlogin.te | 2
policy/modules/system/mount.te | 2
policy/modules/system/selinuxutil.fc | 7 ++
policy/modules/system/selinuxutil.if | 87 ++++++++++++++++++++++++++++++++
policy/modules/system/selinuxutil.te | 74 +++++++++++++++++++++++++--
policy/modules/system/userdomain.if | 24 ++++++++
policy/modules/system/userdomain.te | 2
support/Makefile.devel | 12 +++-
16 files changed, 278 insertions(+), 20 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20060207.patch 20 Feb 2006 22:11:40 -0000 1.12
+++ policy-20060207.patch 21 Feb 2006 05:22:50 -0000 1.13
@@ -308,34 +308,27 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.17/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-02-16 14:46:56.000000000 -0500
-+++ serefpolicy-2.2.17/policy/modules/system/selinuxutil.te 2006-02-20 17:08:53.000000000 -0500
-@@ -526,12 +526,74 @@
++++ serefpolicy-2.2.17/policy/modules/system/selinuxutil.te 2006-02-21 00:09:26.000000000 -0500
+@@ -1,5 +1,5 @@
- miscfiles_read_localization(setfiles_t)
+-policy_module(selinuxutil,1.1.5)
++policy_module(selinuxutil,1.1.6)
-+seutil_module_get_trans_lock(setfiles_t)
-+seutil_module_get_read_lock(setfiles_t)
-+
- userdom_use_all_users_fd(setfiles_t)
- # for config files in a home directory
- userdom_read_all_user_files(setfiles_t)
-
--ifdef(`TODO',`
--# for upgrading glibc and other shared objects - without this the upgrade
--# scripts will put things in a state such that setfiles can not be run!
--allow setfiles_t lib_t:file { read execute };
--') dnl endif TODO
-+########################################
-+#
-+# Declarations
+ gen_require(`
+ bool secure_mode;
+@@ -103,6 +103,27 @@
+
+ ########################################
+ #
++# semodule Declarations
+#
+
+type semodule_t;
+domain_type(semodule_t)
++role system_r types semodule_t;
+
+type semodule_exec_t;
+domain_entry_file(semodule_t, semodule_exec_t)
-+role system_r types semodule_t;
+
+type semodule_store_t;
+files_type(semodule_store_t)
@@ -346,13 +339,35 @@
+type semodule_trans_lock_t;
+files_type(semodule_trans_lock_t)
+
-+term_use_all_terms(semodule_t)
-+allow semodule_t policy_config_t:file { read write };
++########################################
++#
+ # Checkpolicy local policy
+ #
+
+@@ -526,12 +547,53 @@
+
+ miscfiles_read_localization(setfiles_t)
+
++seutil_module_get_trans_lock(setfiles_t)
++seutil_module_get_read_lock(setfiles_t)
+
+ userdom_use_all_users_fd(setfiles_t)
+ # for config files in a home directory
+ userdom_read_all_user_files(setfiles_t)
+
+-ifdef(`TODO',`
+-# for upgrading glibc and other shared objects - without this the upgrade
+-# scripts will put things in a state such that setfiles can not be run!
+-allow setfiles_t lib_t:file { read execute };
+-') dnl endif TODO
+########################################
+#
+# semodule local policy
+#
++term_use_all_terms(semodule_t)
++allow semodule_t policy_config_t:file { read write };
++allow semodule_t self:unix_stream_socket create_stream_socket_perms;
++
+corecmd_exec_bin(semodule_t)
+corecmd_exec_sbin(semodule_t)
+
@@ -372,10 +387,6 @@
+mls_file_write_down(semodule_t)
+mls_rangetrans_target(semodule_t)
+
-+optional_policy(`selinux', `
-+ selinux_get_enforce_mode(semodule_t)
-+')
-+
+seutil_search_default_contexts(semodule_t)
+seutil_rw_file_contexts(semodule_t)
+seutil_domtrans_setfiles(semodule_t)
@@ -384,11 +395,14 @@
+seutil_manage_bin_policy(semodule_t)
+seutil_use_newrole_fd(semodule_t)
+
-+allow semodule_t self:unix_stream_socket create_stream_socket_perms;
-+
+seutil_manage_module_store_files(semodule_t)
+seutil_module_get_trans_lock(semodule_t)
+seutil_module_get_read_lock(semodule_t)
++
++optional_policy(`selinux', `
++ selinux_get_enforce_mode(semodule_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.17/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-02-20 14:07:38.000000000 -0500
+++ serefpolicy-2.2.17/policy/modules/system/userdomain.if 2006-02-20 16:22:06.000000000 -0500
- Previous message (by thread): rpms/gnome-user-docs/devel .cvsignore, 1.10, 1.11 gnome-user-docs.spec, 1.13, 1.14 sources, 1.10, 1.11
- Next message (by thread): rpms/at-spi/devel .cvsignore, 1.19, 1.20 at-spi.spec, 1.28, 1.29 sources, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list