rpms/selinux-policy/devel policy-20060207.patch, 1.21, 1.22 selinux-policy.spec, 1.123, 1.124

[fedora-cvs-commits at redhat.com]

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5440

Modified Files:
	policy-20060207.patch selinux-policy.spec 
Log Message:


policy-20060207.patch:
 Makefile                              |   12 ++++++------
 policy/modules/admin/logwatch.te      |    2 ++
 policy/modules/admin/su.fc            |    1 +
 policy/modules/admin/vpn.te           |    6 ++++++
 policy/modules/apps/java.if           |    8 ++------
 policy/modules/kernel/corecommands.fc |    1 +
 policy/modules/kernel/devices.fc      |    1 +
 policy/modules/kernel/files.if        |    3 ++-
 policy/modules/kernel/files.te        |    1 +
 policy/modules/services/apache.fc     |    2 +-
 policy/modules/services/apache.if     |   21 +++++++++++++++++++++
 policy/modules/services/automount.te  |    7 +++++--
 policy/modules/services/cron.te       |    3 +++
 policy/modules/services/hal.te        |    2 +-
 policy/modules/services/xserver.te    |    2 +-
 policy/modules/system/fstools.te      |    2 +-
 policy/modules/system/mount.te        |    2 +-
 policy/modules/system/selinuxutil.te  |    5 +----
 policy/modules/system/unconfined.te   |    2 +-
 support/Makefile.devel                |    5 +----
 20 files changed, 59 insertions(+), 29 deletions(-)

Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20060207.patch	23 Feb 2006 18:56:16 -0000	1.21
+++ policy-20060207.patch	23 Feb 2006 21:02:28 -0000	1.22
@@ -34,6 +34,14 @@
  userdom_dontaudit_search_sysadm_home_dirs(logwatch_t)
  userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.21/policy/modules/admin/su.fc
+--- nsaserefpolicy/policy/modules/admin/su.fc	2005-11-14 18:24:06.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/admin/su.fc	2006-02-23 14:49:18.000000000 -0500
+@@ -2,3 +2,4 @@
+ /bin/su			--	gen_context(system_u:object_r:su_exec_t,s0)
+ 
+ /usr(/local)?/bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
++/usr/bin/kdesu		--	gen_context(system_u:object_r:su_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.21/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2006-02-21 14:40:23.000000000 -0500
 +++ serefpolicy-2.2.21/policy/modules/admin/vpn.te	2006-02-23 12:21:59.000000000 -0500
@@ -235,6 +243,18 @@
  
  mls_file_read_up(hald_t)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.2.21/policy/modules/services/xserver.te
+--- nsaserefpolicy/policy/modules/services/xserver.te	2006-02-21 14:40:25.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/services/xserver.te	2006-02-23 14:10:50.000000000 -0500
+@@ -425,7 +425,7 @@
+ ifdef(`targeted_policy',`
+ 	allow xdm_xserver_t self:process { execheap execmem };
+ 
+-	unconfined_domain(xdm_xserver_t)
++	unconfined_domain_noaudit(xdm_xserver_t)
+ 	unconfined_domtrans(xdm_xserver_t)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.21/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2006-02-21 14:40:25.000000000 -0500
 +++ serefpolicy-2.2.21/policy/modules/system/fstools.te	2006-02-23 09:41:46.000000000 -0500
@@ -281,6 +301,18 @@
  ########################################
  #
  # Restorecon local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.21/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te	2006-02-20 14:07:38.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/system/unconfined.te	2006-02-23 15:44:10.000000000 -0500
+@@ -90,7 +90,7 @@
+ 	')
+ 
+ 	optional_policy(`fstools',`
+-		fstools_domtrans(unconfined_t)
++		fstools_exec(unconfined_t)
+ 	')
+ 
+ 	optional_policy(`java',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-2.2.21/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2006-02-22 14:09:04.000000000 -0500
 +++ serefpolicy-2.2.21/support/Makefile.devel	2006-02-23 12:38:25.000000000 -0500


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- selinux-policy.spec	23 Feb 2006 18:56:17 -0000	1.123
+++ selinux-policy.spec	23 Feb 2006 21:02:49 -0000	1.124
@@ -9,7 +9,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.21
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -292,6 +292,9 @@
 
 %changelog
 
+* Thu Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.21-3
+- Don't transition from uncofined_t to fsadm_t
+
 * Thu Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.21-2
 - Fix policy update model.