rpms/selinux-policy/devel .cvsignore, 1.43, 1.44 Makefile.devel, 1.3, 1.4 policy-20060207.patch, 1.18, 1.19 selinux-policy.spec, 1.120, 1.121 sources, 1.47, 1.48

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Feb 22 22:46:06 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14117

Modified Files:
	.cvsignore Makefile.devel policy-20060207.patch 
	selinux-policy.spec sources 
Log Message:



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- .cvsignore	21 Feb 2006 20:39:54 -0000	1.43
+++ .cvsignore	22 Feb 2006 22:46:02 -0000	1.44
@@ -44,3 +44,4 @@
 serefpolicy-2.2.17.tgz
 serefpolicy-2.2.18.tgz
 serefpolicy-2.2.19.tgz
+serefpolicy-2.2.20.tgz


Index: Makefile.devel
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/Makefile.devel,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Makefile.devel	22 Feb 2006 00:53:12 -0000	1.3
+++ Makefile.devel	22 Feb 2006 22:46:02 -0000	1.4
@@ -1,192 +1,17 @@
 # installation paths
-SHAREDIR := $(PREFIX)/share/selinux
-HEADERDIR := $(SHAREDIR)/refpolicy/include
+SHAREDIR := /usr/share/selinux
+HEADERDIR := $(SHAREDIR)/devel/include
 
-include $(HEADERDIR)/build.conf
-
-# executables
-PREFIX := /usr
-BINDIR := $(PREFIX)/bin
-SBINDIR := $(PREFIX)/sbin
-CHECKMODULE := $(BINDIR)/checkmodule
-SEMODULE := $(SBINDIR)/semodule
-SEMOD_PKG := $(BINDIR)/semodule_package
-XMLLINT := $(BINDIR)/xmllint
-
-# helper tools
 AWK ?= gawk
-INSTALL ?= install
-M4 ?= m4
-SED ?= sed
-EINFO ?= echo
-PYTHON ?= python
+NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
 
-# set default build options if missing
-NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE)
 MLSENABLED := $(shell cat /selinux/mls)
 ifeq ($(MLSENABLED),1)
 MCSFLAG=-mcs
 endif
 
 TYPE ?= $(NAME)${MCSFLAG}
-DIRECT_INITRC ?= n
-POLY ?= n
-QUIET ?= y
-
-genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
-
-docs = doc
-polxml = $(docs)/policy.xml
-xmldtd = $(HEADERDIR)/support/policy.dtd
-layerxml = metadata.xml
-
-globaltun = $(HEADERDIR)/global_tunables.xml
-globalbool = $(HEADERDIR)/global_booleans.xml
-
-# compile strict policy if requested.
-ifneq ($(findstring strict,$(TYPE)),)
-	M4PARAM += -D strict_policy
-endif
-
-# compile targeted policy if requested.
-ifneq ($(findstring targeted,$(TYPE)),)
-	M4PARAM += -D targeted_policy
-endif
-
-# enable MLS if requested.
-ifneq ($(findstring -mls,$(TYPE)),)
-	M4PARAM += -D enable_mls
-	CHECKPOLICY += -M
-	CHECKMODULE += -M
-endif
-
-# enable MLS if MCS requested.
-ifneq ($(findstring -mcs,$(TYPE)),)
-	M4PARAM += -D enable_mcs
-	CHECKPOLICY += -M
-	CHECKMODULE += -M
-endif
 
-# enable distribution-specific policy
-ifneq ($(DISTRO),)
-	M4PARAM += -D distro_$(DISTRO)
-endif
-
-# enable polyinstantiation
-ifeq ($(POLY),y)
-	M4PARAM += -D enable_polyinstantiation
-endif
-
-ifeq ($(DIRECT_INITRC),y)
-	M4PARAM += -D direct_sysadm_daemon
-endif
+include $(HEADERDIR)/Makefile
 
-ifeq ($(QUIET),y)
-	verbose := @
-endif
-
-M4PARAM += -D hide_broken_symptoms
-
-# policy headers
-m4support = $(wildcard $(HEADERDIR)/support/*.spt)
-all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
-all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if))
-rolemap = $(HEADERDIR)/rolemap
-
-detected_layers =  $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
-3rd_party_mods = $(wildcard *.te)
-3rd_party_ifs = $(3rd_party_mods:.te=.if)
-detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
-detected_ifs = $(3rd_party_ifs) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.if))
-all_packages = $(notdir $(detected_mods:.te=.pp))
-
-vpath %.te $(detected_layers)
-vpath %.if $(detected_layers)
-vpath %.fc $(detected_layers)
-
-# if there are modules in the current directory, add them into the third party layer
-ifneq "$(3rd_party_ifs)" ""
-        genxml += -3 .
-endif
 
-########################################
-#
-# Functions
-#
-
-# parse-rolemap modulename,outputfile
-define parse-rolemap
-	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# peruser-expansion modulename,outputfile
-define peruser-expansion
-	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
-	$(call parse-rolemap,$1,$2)
-	$(verbose) echo "')" >> $2
-endef
-
-.PHONY: clean all xml
-.SUFFIXES:
-.SUFFIXES: .pp
-
-########################################
-#
-# Main targets
-#
-
-all: $(all_packages)
-
-xml: $(polxml)
-
-########################################
-#
-# Build module packages
-#
-tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
-	@$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
-	@test -d tmp || mkdir -p tmp
-	$(call peruser-expansion,$(basename $(@F)),$@.role)
-	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
-	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
-
-tmp/%.mod.fc: $(m4support) %.fc
-	$(verbose) $(M4) $(M4PARAM) $^ > $@
-
-%.pp: tmp/%.mod tmp/%.mod.fc
-	@echo "Creating $(NAME) $(@F) policy package"
-	$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
-
-tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
-	@test -d tmp || mkdir -p tmp
-	$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
-
-
-########################################
-#
-# Documentation generation
-#
-
-# minimal dependencies here, because we don't want to rebuild
-# this and its dependents every time the dependencies
-# change.  Also use all .if files here, rather then just the
-# enabled modules.
-$(polxml): $(detected_ifs) $(foreach dir,$(all_layers),$(dir)/$(layerxml))
-	@echo "Creating $@"
-	@mkdir -p doc
-	$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
-	$(verbose) echo '<!DOCTYPE policy SYSTEM "$(xmldtd)">' >> $@
-	$(verbose) $(genxml) -m $(layerxml) --tunables-xml $(globaltun) --booleans-xml $(globalbool) $(all_layers) $(detected_layers) >> $@
-	$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
-		$(XMLLINT) --noout --dtdvalid $(xmldtd) $@ ;\
-	fi
-
-########################################
-#
-# Clean the environment
-#
-
-clean:
-	rm -fR tmp
-	rm -f *.pp

policy-20060207.patch:
 doc/Makefile.example                 |    2 
 policy/modules/admin/logwatch.te     |    2 
 policy/modules/admin/su.if           |   19 +++----
 policy/modules/admin/vpn.te          |    4 +
 policy/modules/apps/java.if          |    8 ---
 policy/modules/apps/slocate.te       |    2 
 policy/modules/kernel/devices.if     |   39 +++++++++++++++
 policy/modules/kernel/files.if       |    3 -
 policy/modules/kernel/files.te       |    1 
 policy/modules/services/apache.fc    |    2 
 policy/modules/services/apache.if    |   21 ++++++++
 policy/modules/services/automount.te |    3 +
 policy/modules/services/cron.if      |   18 +++++++
 policy/modules/services/cron.te      |    7 ++
 policy/modules/services/cups.if      |   19 +++++++
 policy/modules/services/postfix.te   |    1 
 policy/modules/services/ssh.if       |    2 
 policy/modules/system/authlogin.te   |    2 
 policy/modules/system/fstools.te     |    2 
 policy/modules/system/mount.te       |    2 
 policy/modules/system/selinuxutil.fc |    7 ++
 policy/modules/system/selinuxutil.if |   87 +++++++++++++++++++++++++++++++++++
 policy/modules/system/selinuxutil.te |   77 +++++++++++++++++++++++++++---
 policy/modules/system/userdomain.if  |   24 +++++++++
 policy/modules/system/userdomain.te  |    4 +
 25 files changed, 327 insertions(+), 31 deletions(-)

Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- policy-20060207.patch	22 Feb 2006 18:41:25 -0000	1.18
+++ policy-20060207.patch	22 Feb 2006 22:46:02 -0000	1.19
@@ -1,6 +1,17 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.2.19/policy/modules/admin/logwatch.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/Makefile.example serefpolicy-2.2.20/doc/Makefile.example
+--- nsaserefpolicy/doc/Makefile.example	2006-02-22 14:08:56.000000000 -0500
++++ serefpolicy-2.2.20/doc/Makefile.example	2006-02-22 14:29:48.000000000 -0500
+@@ -3,6 +3,6 @@
+ 
+ NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
+ SHAREDIR ?= /usr/share/selinux
+-HEADERDIR := $(SHAREDIR)/$(NAME)/include
++HEADERDIR := $(SHAREDIR)/refpolicy/include
+ 
+ include $(HEADERDIR)/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.2.20/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2006-02-21 14:40:22.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/logwatch.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/logwatch.te	2006-02-22 14:22:49.000000000 -0500
 @@ -71,6 +71,8 @@
  
  selinux_dontaudit_getattr_dir(logwatch_t)
@@ -10,9 +21,9 @@
  userdom_dontaudit_search_sysadm_home_dirs(logwatch_t)
  userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.19/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.20/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2006-02-21 14:40:22.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/su.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/su.if	2006-02-22 14:22:49.000000000 -0500
 @@ -220,6 +220,14 @@
  		nscd_socket_use($1_su_t)
  	')
@@ -46,9 +57,9 @@
  	ifdef(`ssh.te', `
  	# Access sshd cookie files.
  	allow $1_su_t sshd_tmp_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.19/policy/modules/admin/vpn.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.20/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/admin/vpn.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/admin/vpn.te	2006-02-22 14:22:49.000000000 -0500
 @@ -106,6 +106,10 @@
  
  optional_policy(`dbus',`
@@ -60,9 +71,9 @@
  ')
  
  optional_policy(`mount',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.2.19/policy/modules/apps/java.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.2.20/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/apps/java.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/apps/java.if	2006-02-22 14:22:49.000000000 -0500
 @@ -149,13 +149,9 @@
  	userdom_manage_user_home_content_sockets($1,$1_javaplugin_t)
  	userdom_user_home_dir_filetrans_user_home_content($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file })
@@ -79,9 +90,9 @@
  
  		allow $1_javaplugin_t $1_javaplugin_tmp_t:file execute;
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.2.19/policy/modules/apps/slocate.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.2.20/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2006-01-25 15:58:58.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/apps/slocate.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/apps/slocate.te	2006-02-22 14:22:49.000000000 -0500
 @@ -36,6 +36,8 @@
  
  files_list_all(locate_t)
@@ -91,9 +102,9 @@
  files_read_etc_runtime_files(locate_t)
  files_read_etc_files(locate_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.19/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.20/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/kernel/devices.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/devices.if	2006-02-22 14:22:49.000000000 -0500
 @@ -1115,6 +1115,45 @@
  
  ########################################
@@ -140,9 +151,36 @@
  ##	Read input event devices (/dev/input).
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.19/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.20/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if	2006-02-21 14:40:23.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/files.if	2006-02-22 17:28:29.000000000 -0500
+@@ -3358,10 +3358,11 @@
+ 	allow $1 self:process setfscreate;
+ 	allow $1 polymember: dir { create setattr };
+ 	allow $1 polydir: dir { write add_name };
+-	allow $1 polyparent:dir { write add_name };
++	allow $1 polyparent:dir { write add_name relabelfrom relabelto };
+ 
+ 	# Default type for mountpoints
+ 	allow $1 poly_t:dir { create mounton };
++	fs_unmount_xattr_fs($1)
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.2.20/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te	2006-02-14 07:20:25.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/kernel/files.te	2006-02-22 17:01:45.000000000 -0500
+@@ -125,6 +125,7 @@
+ #
+ type tmp_t, mountpoint; #, polydir
+ files_tmp_file(tmp_t)
++files_poly_parent(tmp_t)
+ 
+ #
+ # usr_t is the type for /usr.
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.20/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-02-14 07:20:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/apache.fc	2006-02-21 19:01:53.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/apache.fc	2006-02-22 14:22:49.000000000 -0500
 @@ -45,7 +45,7 @@
  /var/cache/rt3(/.*)?			gen_context(system_u:object_r:httpd_cache_t,s0)
  /var/cache/ssl.*\.sem		--	gen_context(system_u:object_r:httpd_cache_t,s0)
@@ -152,9 +190,9 @@
  /var/lib/dav(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
  /var/lib/htdig(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/lib/httpd(/.*)?			gen_context(system_u:object_r:httpd_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.19/policy/modules/services/apache.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.20/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/apache.if	2006-02-22 08:16:12.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/apache.if	2006-02-22 14:28:46.000000000 -0500
 @@ -94,6 +94,7 @@
  
  	corecmd_exec_bin(httpd_$1_script_t)
@@ -171,7 +209,7 @@
  
  		files_read_etc_runtime_files(httpd_$1_script_t)
  		files_read_usr_files(httpd_$1_script_t)
-@@ -798,3 +800,40 @@
+@@ -798,3 +800,22 @@
  
  	allow $1 httpd_sys_script_t:dir search;
  ')
@@ -179,24 +217,6 @@
 +
 +########################################
 +## <summary>
-+##	Read apache config files
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`apache_read_config',`
-+	gen_require(`
-+		type httpd_config_t;
-+	')
-+
-+	allow $1 httpd_config_t:file { getattr read };
-+')
-+
-+########################################
-+## <summary>
 +##	Read apache system content
 +## </summary>
 +## <param name="domain">
@@ -212,9 +232,9 @@
 +	allow $1 httpd_sys_content_t:dir r_dir_perms;
 +	allow $1 httpd_sys_content_t:file { getattr read };
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.19/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.20/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/automount.te	2006-02-22 11:39:30.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/automount.te	2006-02-22 14:22:49.000000000 -0500
 @@ -83,6 +83,9 @@
  corenet_tcp_connect_portmap_port(automount_t)
  corenet_tcp_connect_all_ports(automount_t)
@@ -225,9 +245,9 @@
  
  dev_read_sysfs(automount_t)
  # for SSP
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.19/policy/modules/services/cron.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.2.20/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cron.if	2006-02-22 08:23:34.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cron.if	2006-02-22 14:22:49.000000000 -0500
 @@ -434,6 +434,24 @@
  
  ########################################
@@ -253,9 +273,9 @@
  ##	Read, and write cron daemon TCP sockets.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.19/policy/modules/services/cron.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.20/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cron.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cron.te	2006-02-22 14:22:49.000000000 -0500
 @@ -360,6 +360,9 @@
  	optional_policy(`apache',`
  		# Needed	 for certwatch
@@ -277,9 +297,9 @@
  	optional_policy(`samba',`
  		samba_read_config(system_crond_t)
  		samba_read_log(system_crond_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.19/policy/modules/services/cups.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.20/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2006-02-10 21:34:13.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/cups.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/cups.if	2006-02-22 14:22:49.000000000 -0500
 @@ -169,6 +169,25 @@
  
  ########################################
@@ -306,9 +326,9 @@
  ##	Connect to ptal over an unix domain stream socket.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.19/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.20/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-02-21 14:40:24.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/postfix.te	2006-02-22 08:23:50.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/postfix.te	2006-02-22 14:22:49.000000000 -0500
 @@ -440,6 +440,7 @@
  optional_policy(`crond',`
  	cron_use_fd(postfix_postdrop_t)
@@ -317,9 +337,9 @@
  	cron_use_system_job_fds(postfix_postdrop_t)
  	cron_rw_system_job_pipes(postfix_postdrop_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.2.19/policy/modules/services/ssh.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.2.20/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/services/ssh.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/services/ssh.if	2006-02-22 14:22:49.000000000 -0500
 @@ -279,6 +279,8 @@
  
  	allow $1_ssh_agent_t { $1_ssh_agent_t $2 }:process signull;
@@ -329,9 +349,9 @@
  	allow $1_ssh_t $1_ssh_agent_t:unix_stream_socket connectto;
  
  	# for ssh-add
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.19/policy/modules/system/authlogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.20/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/authlogin.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/authlogin.te	2006-02-22 14:22:49.000000000 -0500
 @@ -153,6 +153,8 @@
  dev_read_sysfs(pam_console_t)
  dev_getattr_apm_bios_dev(pam_console_t)
@@ -341,9 +361,9 @@
  dev_getattr_framebuffer_dev(pam_console_t)
  dev_setattr_framebuffer_dev(pam_console_t)
  dev_getattr_misc_dev(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.19/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.20/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/fstools.te	2006-02-21 18:41:06.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/fstools.te	2006-02-22 14:22:49.000000000 -0500
 @@ -45,7 +45,7 @@
  files_tmp_filetrans(fsadm_t, fsadm_tmp_t, { file dir })
  
@@ -353,9 +373,9 @@
  
  kernel_read_system_state(fsadm_t)
  kernel_read_kernel_sysctls(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.19/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.20/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/mount.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/mount.te	2006-02-22 14:22:49.000000000 -0500
 @@ -137,6 +137,8 @@
  	samba_domtrans_smbmount(mount_t)
  ')
@@ -365,9 +385,9 @@
  ifdef(`TODO',`
  # TODO: Need to examine this further. Not sure how to handle this
  #type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.19/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.20/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.fc	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.fc	2006-02-22 17:10:36.000000000 -0500
 @@ -39,3 +39,10 @@
  ifdef(`distro_debian', `
  /usr/share/selinux(/.*)?		gen_context(system_u:object_r:policy_src_t,s0)
@@ -375,14 +395,13 @@
 +
 +/usr/sbin/semodule		--	gen_context(system_u:object_r:semodule_exec_t,s0)
 +
-+/etc/selinux([^/]*/)?modules    -d	gen_context(system_u:object_r:selinux_config_t,s0)
-+/etc/selinux([^/]*/)?modules/(active|tmp|previous)(/.*)?     --	gen_context(system_u:object_r:semodule_store_t,s0)
-+/etc/selinux([^/]*/)?modules/semanage.read.LOCK    --	gen_context(system_u:object_r:semodule_read_lock_t,s0)
-+/etc/selinux([^/]*/)?modules/semanage.trans.LOCK   --	gen_context(system_u:object_r:semodule_trans_lock_t,s0)
-\ No newline at end of file
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.19/policy/modules/system/selinuxutil.if
++/etc/selinux/([^/]*/)?modules    -d	gen_context(system_u:object_r:selinux_config_t,s0)
++/etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?     --	gen_context(system_u:object_r:semodule_store_t,s0)
++/etc/selinux/([^/]*/)?modules/semanage.read.LOCK    --	gen_context(system_u:object_r:semodule_read_lock_t,s0)
++/etc/selinux/([^/]*/)?modules/semanage.trans.LOCK   --	gen_context(system_u:object_r:semodule_trans_lock_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.20/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.if	2006-02-22 14:22:49.000000000 -0500
 @@ -778,3 +778,90 @@
  	allow $1 policy_src_t:dir create_dir_perms;
  	allow $1 policy_src_t:file create_file_perms;
@@ -474,9 +493,9 @@
 +	allow $1 semodule_trans_lock_t:file rw_file_perms;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.19/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.20/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/selinuxutil.te	2006-02-22 08:12:03.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/selinuxutil.te	2006-02-22 14:22:49.000000000 -0500
 @@ -103,6 +103,27 @@
  
  ########################################
@@ -583,9 +602,9 @@
 +	selinux_get_enforce_mode(semodule_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.19/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.20/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/userdomain.if	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/userdomain.if	2006-02-22 14:22:49.000000000 -0500
 @@ -145,6 +145,7 @@
  	allow $1_t unpriv_userdomain:fd use;
  
@@ -628,9 +647,9 @@
 +	allow $1 user_home_type:dir mounton;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.19/policy/modules/system/userdomain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.20/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.19/policy/modules/system/userdomain.te	2006-02-21 17:24:20.000000000 -0500
++++ serefpolicy-2.2.20/policy/modules/system/userdomain.te	2006-02-22 14:22:49.000000000 -0500
 @@ -75,7 +75,7 @@
  	files_associate_tmp(user_home_t)
  	fs_associate_tmpfs(user_home_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- selinux-policy.spec	22 Feb 2006 18:48:03 -0000	1.120
+++ selinux-policy.spec	22 Feb 2006 22:46:02 -0000	1.121
@@ -8,14 +8,15 @@
 %define CHECKPOLICYVER 1.29.4-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.2.19
-Release: 3
+Version: 2.2.20
+Release: 1
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
 patch: policy-20060207.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
+Source3: Makefile.devel
 Source4: setrans-targeted.conf
 Source5: modules-mls.conf
 Source6: booleans-mls.conf	
@@ -37,7 +38,11 @@
 
 %files 
 %{_mandir}/man8/*
-%doc /usr/share/doc/%{name}-%{version}
+%doc %{_usr}/share/doc/%{name}-%{version}
+%dir %{_usr}/share/selinux
+%dir %{_sysconfdir}/selinux
+%ghost %config(noreplace) %{_sysconfdir}/selinux/config
+%ghost %{_sysconfdir}/sysconfig/selinux
 
 %define setupCmds() \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} bare \
@@ -60,8 +65,6 @@
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
 install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp \
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
 touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
@@ -72,12 +75,8 @@
 
 %define fileList() \
 %defattr(-,root,root) \
-%dir %{_usr}/share/selinux \
 %dir %{_usr}/share/selinux/%1 \
 %{_usr}/share/selinux/%1/*.pp \
-%dir %{_sysconfdir}/selinux \
-%ghost %config(noreplace) %{_sysconfdir}/selinux/config \
-%ghost %{_sysconfdir}/sysconfig/selinux \
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
 %ghost %{_sysconfdir}/selinux/%1/seusers \
@@ -139,6 +138,11 @@
 %{__rm} -fR $RPM_BUILD_ROOT
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8/
 install -m 644 man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
+mkdir -p %{_usr}/share/selinux
+touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config
+touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux
 
 # Build targeted policy
 # Commented out because only targeted ref policy currently builds
@@ -157,10 +161,10 @@
 
 # Install devel
 make clean
-make 
-make DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
-install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/
-install -m 755 doc/Makefile.example ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/Makefile
+make NAME=devel TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
+install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/Makefile
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/doc/%{name}-%{version}/Makefile.example
 
 
 %clean
@@ -284,15 +288,15 @@
 
 %files devel
 %defattr(-,root,root) 
-%dir %{_usr}/share/selinux/refpolicy
-%dir %{_usr}/share/selinux/refpolicy/include
-%{_usr}/share/selinux/refpolicy/include/*
-%{_usr}/share/selinux/refpolicy/Makefile
-%{_usr}/share/selinux/refpolicy/policygentool
+%dir %{_usr}/share/selinux/devel
+%dir %{_usr}/share/selinux/devel/include
+%{_usr}/share/selinux/devel/include/*
+%{_usr}/share/selinux/devel/Makefile
+%{_usr}/share/selinux/devel/policygentool
 
 %changelog
 
-* Wed Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.19-3
+* Wed Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.20-1
 - Fix load_policy to work on MLS
 - Fix cron_rw_system_pipes for postfix_postdrop_t
 - Allow audotmount to run showmount


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- sources	21 Feb 2006 20:39:54 -0000	1.47
+++ sources	22 Feb 2006 22:46:02 -0000	1.48
@@ -1 +1 @@
-9799c5001a35b5b3857b3c58931ab515  serefpolicy-2.2.19.tgz
+16bf45c49cbe78b2c977cffc88884de2  serefpolicy-2.2.20.tgz

More information about the fedora-cvs-commits mailing list