rpms/selinux-policy/devel .cvsignore, 1.43, 1.44 Makefile.devel, 1.3, 1.4 policy-20060207.patch, 1.18, 1.19 selinux-policy.spec, 1.120, 1.121 sources, 1.47, 1.48
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Feb 22 22:46:06 UTC 2006
- Previous message (by thread): rpms/mkinitrd/devel .cvsignore, 1.95, 1.96 mkinitrd.spec, 1.106, 1.107 sources, 1.102, 1.103
- Next message (by thread): rpms/yum/devel .cvsignore, 1.31, 1.32 sources, 1.33, 1.34 yum.spec, 1.79, 1.80 yum-2.5-comps-conditional.patch, 1.1, NONE yum-2.5-plugin-groups.patch, 1.1, NONE yum-2.5-sortedconstants.patch, 1.1, NONE yum-2.5-sortedtransaction.patch, 1.1, NONE yum-2.5-tsinfo-factory.patch, 1.1, NONE yum-2.5-txmbrhash.patch, 1.1, NONE yum-2.5.0-depsolve.patch, 1.2, NONE yum-2.5.0-locationbase.patch, 1.1, NONE yum-2.5.0-mirror.patch, 1.2, NONE yum-2.5.1-grouplists.patch, 1.1, NONE yum-2.5.1-remove.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14117
Modified Files:
.cvsignore Makefile.devel policy-20060207.patch
selinux-policy.spec sources
Log Message:
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- .cvsignore 21 Feb 2006 20:39:54 -0000 1.43
+++ .cvsignore 22 Feb 2006 22:46:02 -0000 1.44
@@ -44,3 +44,4 @@
serefpolicy-2.2.17.tgz
serefpolicy-2.2.18.tgz
serefpolicy-2.2.19.tgz
+serefpolicy-2.2.20.tgz
Index: Makefile.devel
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/Makefile.devel,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Makefile.devel 22 Feb 2006 00:53:12 -0000 1.3
+++ Makefile.devel 22 Feb 2006 22:46:02 -0000 1.4
@@ -1,192 +1,17 @@
# installation paths
-SHAREDIR := $(PREFIX)/share/selinux
-HEADERDIR := $(SHAREDIR)/refpolicy/include
+SHAREDIR := /usr/share/selinux
+HEADERDIR := $(SHAREDIR)/devel/include
-include $(HEADERDIR)/build.conf
-
-# executables
-PREFIX := /usr
-BINDIR := $(PREFIX)/bin
-SBINDIR := $(PREFIX)/sbin
-CHECKMODULE := $(BINDIR)/checkmodule
-SEMODULE := $(SBINDIR)/semodule
-SEMOD_PKG := $(BINDIR)/semodule_package
-XMLLINT := $(BINDIR)/xmllint
-
-# helper tools
AWK ?= gawk
-INSTALL ?= install
-M4 ?= m4
-SED ?= sed
-EINFO ?= echo
-PYTHON ?= python
+NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
-# set default build options if missing
-NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE)
MLSENABLED := $(shell cat /selinux/mls)
ifeq ($(MLSENABLED),1)
MCSFLAG=-mcs
endif
TYPE ?= $(NAME)${MCSFLAG}
-DIRECT_INITRC ?= n
-POLY ?= n
-QUIET ?= y
-
-genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
-
-docs = doc
-polxml = $(docs)/policy.xml
-xmldtd = $(HEADERDIR)/support/policy.dtd
-layerxml = metadata.xml
-
-globaltun = $(HEADERDIR)/global_tunables.xml
-globalbool = $(HEADERDIR)/global_booleans.xml
-
-# compile strict policy if requested.
-ifneq ($(findstring strict,$(TYPE)),)
- M4PARAM += -D strict_policy
-endif
-
-# compile targeted policy if requested.
-ifneq ($(findstring targeted,$(TYPE)),)
- M4PARAM += -D targeted_policy
-endif
-
-# enable MLS if requested.
-ifneq ($(findstring -mls,$(TYPE)),)
- M4PARAM += -D enable_mls
- CHECKPOLICY += -M
- CHECKMODULE += -M
-endif
-
-# enable MLS if MCS requested.
-ifneq ($(findstring -mcs,$(TYPE)),)
- M4PARAM += -D enable_mcs
- CHECKPOLICY += -M
- CHECKMODULE += -M
-endif
-# enable distribution-specific policy
-ifneq ($(DISTRO),)
- M4PARAM += -D distro_$(DISTRO)
-endif
-
-# enable polyinstantiation
-ifeq ($(POLY),y)
- M4PARAM += -D enable_polyinstantiation
-endif
-
-ifeq ($(DIRECT_INITRC),y)
- M4PARAM += -D direct_sysadm_daemon
-endif
+include $(HEADERDIR)/Makefile
-ifeq ($(QUIET),y)
- verbose := @
-endif
-
-M4PARAM += -D hide_broken_symptoms
-
-# policy headers
-m4support = $(wildcard $(HEADERDIR)/support/*.spt)
-all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
-all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if))
-rolemap = $(HEADERDIR)/rolemap
-
-detected_layers = $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
-3rd_party_mods = $(wildcard *.te)
-3rd_party_ifs = $(3rd_party_mods:.te=.if)
-detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
-detected_ifs = $(3rd_party_ifs) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.if))
-all_packages = $(notdir $(detected_mods:.te=.pp))
-
-vpath %.te $(detected_layers)
-vpath %.if $(detected_layers)
-vpath %.fc $(detected_layers)
-
-# if there are modules in the current directory, add them into the third party layer
-ifneq "$(3rd_party_ifs)" ""
- genxml += -3 .
-endif
-########################################
-#
-# Functions
-#
-
-# parse-rolemap modulename,outputfile
-define parse-rolemap
- $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
- $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# peruser-expansion modulename,outputfile
-define peruser-expansion
- $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
- $(call parse-rolemap,$1,$2)
- $(verbose) echo "')" >> $2
-endef
-
-.PHONY: clean all xml
-.SUFFIXES:
-.SUFFIXES: .pp
-
-########################################
-#
-# Main targets
-#
-
-all: $(all_packages)
-
-xml: $(polxml)
-
-########################################
-#
-# Build module packages
-#
-tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
- @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
- @test -d tmp || mkdir -p tmp
- $(call peruser-expansion,$(basename $(@F)),$@.role)
- $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
- $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
-
-tmp/%.mod.fc: $(m4support) %.fc
- $(verbose) $(M4) $(M4PARAM) $^ > $@
-
-%.pp: tmp/%.mod tmp/%.mod.fc
- @echo "Creating $(NAME) $(@F) policy package"
- $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
-
-tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
- @test -d tmp || mkdir -p tmp
- $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
-
-
-########################################
-#
-# Documentation generation
-#
-
-# minimal dependencies here, because we don't want to rebuild
-# this and its dependents every time the dependencies
-# change. Also use all .if files here, rather then just the
-# enabled modules.
-$(polxml): $(detected_ifs) $(foreach dir,$(all_layers),$(dir)/$(layerxml))
- @echo "Creating $@"
- @mkdir -p doc
- $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
- $(verbose) echo '<!DOCTYPE policy SYSTEM "$(xmldtd)">' >> $@
- $(verbose) $(genxml) -m $(layerxml) --tunables-xml $(globaltun) --booleans-xml $(globalbool) $(all_layers) $(detected_layers) >> $@
- $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
- $(XMLLINT) --noout --dtdvalid $(xmldtd) $@ ;\
- fi
-
-########################################
-#
-# Clean the environment
-#
-
-clean:
- rm -fR tmp
- rm -f *.pp
policy-20060207.patch:
doc/Makefile.example | 2
policy/modules/admin/logwatch.te | 2
policy/modules/admin/su.if | 19 +++----
policy/modules/admin/vpn.te | 4 +
policy/modules/apps/java.if | 8 ---
policy/modules/apps/slocate.te | 2
policy/modules/kernel/devices.if | 39 +++++++++++++++
policy/modules/kernel/files.if | 3 -
policy/modules/kernel/files.te | 1
policy/modules/services/apache.fc | 2
policy/modules/services/apache.if | 21 ++++++++
policy/modules/services/automount.te | 3 +
policy/modules/services/cron.if | 18 +++++++
policy/modules/services/cron.te | 7 ++
policy/modules/services/cups.if | 19 +++++++
policy/modules/services/postfix.te | 1
policy/modules/services/ssh.if | 2
policy/modules/system/authlogin.te | 2
policy/modules/system/fstools.te | 2
policy/modules/system/mount.te | 2
policy/modules/system/selinuxutil.fc | 7 ++
policy/modules/system/selinuxutil.if | 87 +++++++++++++++++++++++++++++++++++
policy/modules/system/selinuxutil.te | 77 +++++++++++++++++++++++++++---
policy/modules/system/userdomain.if | 24 +++++++++
policy/modules/system/userdomain.te | 4 +
25 files changed, 327 insertions(+), 31 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20060207.patch 22 Feb 2006 18:41:25 -0000 1.18
+++ policy-20060207.patch 22 Feb 2006 22:46:02 -0000 1.19
@@ -1,6 +1,17 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.2.19/policy/modules/admin/logwatch.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/Makefile.example serefpolicy-2.2.20/doc/Makefile.example
+--- nsaserefpolicy/doc/Makefile.example 2006-02-22 14:08:56.000000000 -0500
++++ serefpolicy-2.2.20/doc/Makefile.example 2006-02-22 14:29:48.000000000 -0500
+@@ -3,6 +3,6 @@
+
+ NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
+ SHAREDIR ?= /usr/share/selinux
+-HEADERDIR := $(SHAREDIR)/$(NAME)/include
++HEADERDIR := $(SHAREDIR)/refpolicy/include
+
+ include $(HEADERDIR)/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.2.20/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2006-02-21 14:40:22.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/logwatch.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/logwatch.te 2006-02-22 14:22:49.000000000 -0500
@@ -71,6 +71,8 @@
selinux_dontaudit_getattr_dir(logwatch_t)
@@ -10,9 +21,9 @@
userdom_dontaudit_search_sysadm_home_dirs(logwatch_t)
userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.19/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.20/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-02-21 14:40:22.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/su.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/su.if 2006-02-22 14:22:49.000000000 -0500
@@ -220,6 +220,14 @@
nscd_socket_use($1_su_t)
')
@@ -46,9 +57,9 @@
ifdef(`ssh.te', `
# Access sshd cookie files.
allow $1_su_t sshd_tmp_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.19/policy/modules/admin/vpn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.20/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/vpn.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/vpn.te 2006-02-22 14:22:49.000000000 -0500
@@ -106,6 +106,10 @@
optional_policy(`dbus',`
@@ -60,9 +71,9 @@
')
optional_policy(`mount',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.2.19/policy/modules/apps/java.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.2.20/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/apps/java.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/apps/java.if 2006-02-22 14:22:49.000000000 -0500
@@ -149,13 +149,9 @@
userdom_manage_user_home_content_sockets($1,$1_javaplugin_t)
userdom_user_home_dir_filetrans_user_home_content($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file })
@@ -79,9 +90,9 @@
allow $1_javaplugin_t $1_javaplugin_tmp_t:file execute;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.2.19/policy/modules/apps/slocate.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.2.20/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2006-01-25 15:58:58.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/apps/slocate.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/apps/slocate.te 2006-02-22 14:22:49.000000000 -0500
@@ -36,6 +36,8 @@
files_list_all(locate_t)
@@ -91,9 +102,9 @@
files_read_etc_runtime_files(locate_t)
files_read_etc_files(locate_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.19/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.20/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/kernel/devices.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/devices.if 2006-02-22 14:22:49.000000000 -0500
@@ -1115,6 +1115,45 @@
########################################
@@ -140,9 +151,36 @@
## Read input event devices (/dev/input).
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.19/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.20/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-02-21 14:40:23.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/files.if 2006-02-22 17:28:29.000000000 -0500
+@@ -3358,10 +3358,11 @@
+ allow $1 self:process setfscreate;
+ allow $1 polymember: dir { create setattr };
+ allow $1 polydir: dir { write add_name };
+- allow $1 polyparent:dir { write add_name };
++ allow $1 polyparent:dir { write add_name relabelfrom relabelto };
+
+ # Default type for mountpoints
+ allow $1 poly_t:dir { create mounton };
++ fs_unmount_xattr_fs($1)
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.2.20/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te 2006-02-14 07:20:25.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/files.te 2006-02-22 17:01:45.000000000 -0500
+@@ -125,6 +125,7 @@
+ #
+ type tmp_t, mountpoint; #, polydir
+ files_tmp_file(tmp_t)
++files_poly_parent(tmp_t)
+
+ #
+ # usr_t is the type for /usr.
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.20/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-14 07:20:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/apache.fc 2006-02-21 19:01:53.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/apache.fc 2006-02-22 14:22:49.000000000 -0500
@@ -45,7 +45,7 @@
/var/cache/rt3(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
@@ -152,9 +190,9 @@
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.19/policy/modules/services/apache.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.20/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/apache.if 2006-02-22 08:16:12.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/apache.if 2006-02-22 14:28:46.000000000 -0500
@@ -94,6 +94,7 @@
corecmd_exec_bin(httpd_$1_script_t)
@@ -171,7 +209,7 @@
files_read_etc_runtime_files(httpd_$1_script_t)
files_read_usr_files(httpd_$1_script_t)
-@@ -798,3 +800,40 @@
+@@ -798,3 +800,22 @@
allow $1 httpd_sys_script_t:dir search;
')
@@ -179,24 +217,6 @@
+
+########################################
+## <summary>
-+## Read apache config files
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain to not audit.
-+## </summary>
-+## </param>
-+#
-+interface(`apache_read_config',`
-+ gen_require(`
-+ type httpd_config_t;
-+ ')
-+
-+ allow $1 httpd_config_t:file { getattr read };
-+')
-+
-+########################################
-+## <summary>
+## Read apache system content
+## </summary>
+## <param name="domain">
@@ -212,9 +232,9 @@
+ allow $1 httpd_sys_content_t:dir r_dir_perms;
+ allow $1 httpd_sys_content_t:file { getattr read };
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.19/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.20/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/automount.te 2006-02-22 11:39:30.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/automount.te 2006-02-22 14:22:49.000000000 -0500
@@ -83,6 +83,9 @@
corenet_tcp_connect_portmap_port(automount_t)
corenet_tcp_connect_all_ports(automount_t)
@@ -225,9 +245,9 @@
dev_read_sysfs(automount_t)
# for SSP
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.19/policy/modules/services/cron.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.20/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cron.if 2006-02-22 08:23:34.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cron.if 2006-02-22 14:22:49.000000000 -0500
@@ -434,6 +434,24 @@
########################################
@@ -253,9 +273,9 @@
## Read, and write cron daemon TCP sockets.
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.19/policy/modules/services/cron.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.20/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cron.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cron.te 2006-02-22 14:22:49.000000000 -0500
@@ -360,6 +360,9 @@
optional_policy(`apache',`
# Needed for certwatch
@@ -277,9 +297,9 @@
optional_policy(`samba',`
samba_read_config(system_crond_t)
samba_read_log(system_crond_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.19/policy/modules/services/cups.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.20/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cups.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cups.if 2006-02-22 14:22:49.000000000 -0500
@@ -169,6 +169,25 @@
########################################
@@ -306,9 +326,9 @@
## Connect to ptal over an unix domain stream socket.
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.19/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.20/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-02-21 14:40:24.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/postfix.te 2006-02-22 08:23:50.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/postfix.te 2006-02-22 14:22:49.000000000 -0500
@@ -440,6 +440,7 @@
optional_policy(`crond',`
cron_use_fd(postfix_postdrop_t)
@@ -317,9 +337,9 @@
cron_use_system_job_fds(postfix_postdrop_t)
cron_rw_system_job_pipes(postfix_postdrop_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.2.19/policy/modules/services/ssh.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.2.20/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/ssh.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/ssh.if 2006-02-22 14:22:49.000000000 -0500
@@ -279,6 +279,8 @@
allow $1_ssh_agent_t { $1_ssh_agent_t $2 }:process signull;
@@ -329,9 +349,9 @@
allow $1_ssh_t $1_ssh_agent_t:unix_stream_socket connectto;
# for ssh-add
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.19/policy/modules/system/authlogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.20/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/authlogin.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/authlogin.te 2006-02-22 14:22:49.000000000 -0500
@@ -153,6 +153,8 @@
dev_read_sysfs(pam_console_t)
dev_getattr_apm_bios_dev(pam_console_t)
@@ -341,9 +361,9 @@
dev_getattr_framebuffer_dev(pam_console_t)
dev_setattr_framebuffer_dev(pam_console_t)
dev_getattr_misc_dev(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.19/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.20/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/fstools.te 2006-02-21 18:41:06.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/fstools.te 2006-02-22 14:22:49.000000000 -0500
@@ -45,7 +45,7 @@
files_tmp_filetrans(fsadm_t, fsadm_tmp_t, { file dir })
@@ -353,9 +373,9 @@
kernel_read_system_state(fsadm_t)
kernel_read_kernel_sysctls(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.19/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.20/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/mount.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/mount.te 2006-02-22 14:22:49.000000000 -0500
@@ -137,6 +137,8 @@
samba_domtrans_smbmount(mount_t)
')
@@ -365,9 +385,9 @@
ifdef(`TODO',`
# TODO: Need to examine this further. Not sure how to handle this
#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.19/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.20/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.fc 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.fc 2006-02-22 17:10:36.000000000 -0500
@@ -39,3 +39,10 @@
ifdef(`distro_debian', `
/usr/share/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
@@ -375,14 +395,13 @@
+
+/usr/sbin/semodule -- gen_context(system_u:object_r:semodule_exec_t,s0)
+
-+/etc/selinux([^/]*/)?modules -d gen_context(system_u:object_r:selinux_config_t,s0)
-+/etc/selinux([^/]*/)?modules/(active|tmp|previous)(/.*)? -- gen_context(system_u:object_r:semodule_store_t,s0)
-+/etc/selinux([^/]*/)?modules/semanage.read.LOCK -- gen_context(system_u:object_r:semodule_read_lock_t,s0)
-+/etc/selinux([^/]*/)?modules/semanage.trans.LOCK -- gen_context(system_u:object_r:semodule_trans_lock_t,s0)
-\ No newline at end of file
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.19/policy/modules/system/selinuxutil.if
++/etc/selinux/([^/]*/)?modules -d gen_context(system_u:object_r:selinux_config_t,s0)
++/etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? -- gen_context(system_u:object_r:semodule_store_t,s0)
++/etc/selinux/([^/]*/)?modules/semanage.read.LOCK -- gen_context(system_u:object_r:semodule_read_lock_t,s0)
++/etc/selinux/([^/]*/)?modules/semanage.trans.LOCK -- gen_context(system_u:object_r:semodule_trans_lock_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.20/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.if 2006-02-22 14:22:49.000000000 -0500
@@ -778,3 +778,90 @@
allow $1 policy_src_t:dir create_dir_perms;
allow $1 policy_src_t:file create_file_perms;
@@ -474,9 +493,9 @@
+ allow $1 semodule_trans_lock_t:file rw_file_perms;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.19/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.20/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.te 2006-02-22 08:12:03.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.te 2006-02-22 14:22:49.000000000 -0500
@@ -103,6 +103,27 @@
########################################
@@ -583,9 +602,9 @@
+ selinux_get_enforce_mode(semodule_t)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.19/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.20/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/userdomain.if 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/userdomain.if 2006-02-22 14:22:49.000000000 -0500
@@ -145,6 +145,7 @@
allow $1_t unpriv_userdomain:fd use;
@@ -628,9 +647,9 @@
+ allow $1 user_home_type:dir mounton;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.19/policy/modules/system/userdomain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.20/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/userdomain.te 2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/userdomain.te 2006-02-22 14:22:49.000000000 -0500
@@ -75,7 +75,7 @@
files_associate_tmp(user_home_t)
fs_associate_tmpfs(user_home_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- selinux-policy.spec 22 Feb 2006 18:48:03 -0000 1.120
+++ selinux-policy.spec 22 Feb 2006 22:46:02 -0000 1.121
@@ -8,14 +8,15 @@
%define CHECKPOLICYVER 1.29.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.19
-Release: 3
+Version: 2.2.20
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
patch: policy-20060207.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
+Source3: Makefile.devel
Source4: setrans-targeted.conf
Source5: modules-mls.conf
Source6: booleans-mls.conf
@@ -37,7 +38,11 @@
%files
%{_mandir}/man8/*
-%doc /usr/share/doc/%{name}-%{version}
+%doc %{_usr}/share/doc/%{name}-%{version}
+%dir %{_usr}/share/selinux
+%dir %{_sysconfdir}/selinux
+%ghost %config(noreplace) %{_sysconfdir}/selinux/config
+%ghost %{_sysconfdir}/sysconfig/selinux
%define setupCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} bare \
@@ -60,8 +65,6 @@
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp \
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
@@ -72,12 +75,8 @@
%define fileList() \
%defattr(-,root,root) \
-%dir %{_usr}/share/selinux \
%dir %{_usr}/share/selinux/%1 \
%{_usr}/share/selinux/%1/*.pp \
-%dir %{_sysconfdir}/selinux \
-%ghost %config(noreplace) %{_sysconfdir}/selinux/config \
-%ghost %{_sysconfdir}/sysconfig/selinux \
%dir %{_sysconfdir}/selinux/%1 \
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
%ghost %{_sysconfdir}/selinux/%1/seusers \
@@ -139,6 +138,11 @@
%{__rm} -fR $RPM_BUILD_ROOT
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -m 644 man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
+mkdir -p %{_usr}/share/selinux
+touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config
+touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux
# Build targeted policy
# Commented out because only targeted ref policy currently builds
@@ -157,10 +161,10 @@
# Install devel
make clean
-make
-make DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
-install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/
-install -m 755 doc/Makefile.example ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/Makefile
+make NAME=devel TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
+install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/Makefile
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/doc/%{name}-%{version}/Makefile.example
%clean
@@ -284,15 +288,15 @@
%files devel
%defattr(-,root,root)
-%dir %{_usr}/share/selinux/refpolicy
-%dir %{_usr}/share/selinux/refpolicy/include
-%{_usr}/share/selinux/refpolicy/include/*
-%{_usr}/share/selinux/refpolicy/Makefile
-%{_usr}/share/selinux/refpolicy/policygentool
+%dir %{_usr}/share/selinux/devel
+%dir %{_usr}/share/selinux/devel/include
+%{_usr}/share/selinux/devel/include/*
+%{_usr}/share/selinux/devel/Makefile
+%{_usr}/share/selinux/devel/policygentool
%changelog
-* Wed Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.19-3
+* Wed Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.20-1
- Fix load_policy to work on MLS
- Fix cron_rw_system_pipes for postfix_postdrop_t
- Allow audotmount to run showmount
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- sources 21 Feb 2006 20:39:54 -0000 1.47
+++ sources 22 Feb 2006 22:46:02 -0000 1.48
@@ -1 +1 @@
-9799c5001a35b5b3857b3c58931ab515 serefpolicy-2.2.19.tgz
+16bf45c49cbe78b2c977cffc88884de2 serefpolicy-2.2.20.tgz
- Previous message (by thread): rpms/mkinitrd/devel .cvsignore, 1.95, 1.96 mkinitrd.spec, 1.106, 1.107 sources, 1.102, 1.103
- Next message (by thread): rpms/yum/devel .cvsignore, 1.31, 1.32 sources, 1.33, 1.34 yum.spec, 1.79, 1.80 yum-2.5-comps-conditional.patch, 1.1, NONE yum-2.5-plugin-groups.patch, 1.1, NONE yum-2.5-sortedconstants.patch, 1.1, NONE yum-2.5-sortedtransaction.patch, 1.1, NONE yum-2.5-tsinfo-factory.patch, 1.1, NONE yum-2.5-txmbrhash.patch, 1.1, NONE yum-2.5.0-depsolve.patch, 1.2, NONE yum-2.5.0-locationbase.patch, 1.1, NONE yum-2.5.0-mirror.patch, 1.2, NONE yum-2.5.1-grouplists.patch, 1.1, NONE yum-2.5.1-remove.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list