rpms/selinux-policy/devel policy-20060207.patch, 1.21, 1.22 selinux-policy.spec, 1.123, 1.124
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Feb 23 21:03:10 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5440
Modified Files:
policy-20060207.patch selinux-policy.spec
Log Message:
policy-20060207.patch:
Makefile | 12 ++++++------
policy/modules/admin/logwatch.te | 2 ++
policy/modules/admin/su.fc | 1 +
policy/modules/admin/vpn.te | 6 ++++++
policy/modules/apps/java.if | 8 ++------
policy/modules/kernel/corecommands.fc | 1 +
policy/modules/kernel/devices.fc | 1 +
policy/modules/kernel/files.if | 3 ++-
policy/modules/kernel/files.te | 1 +
policy/modules/services/apache.fc | 2 +-
policy/modules/services/apache.if | 21 +++++++++++++++++++++
policy/modules/services/automount.te | 7 +++++--
policy/modules/services/cron.te | 3 +++
policy/modules/services/hal.te | 2 +-
policy/modules/services/xserver.te | 2 +-
policy/modules/system/fstools.te | 2 +-
policy/modules/system/mount.te | 2 +-
policy/modules/system/selinuxutil.te | 5 +----
policy/modules/system/unconfined.te | 2 +-
support/Makefile.devel | 5 +----
20 files changed, 59 insertions(+), 29 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20060207.patch 23 Feb 2006 18:56:16 -0000 1.21
+++ policy-20060207.patch 23 Feb 2006 21:02:28 -0000 1.22
@@ -34,6 +34,14 @@
userdom_dontaudit_search_sysadm_home_dirs(logwatch_t)
userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.21/policy/modules/admin/su.fc
+--- nsaserefpolicy/policy/modules/admin/su.fc 2005-11-14 18:24:06.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/admin/su.fc 2006-02-23 14:49:18.000000000 -0500
+@@ -2,3 +2,4 @@
+ /bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
+
+ /usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
++/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.2.21/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2006-02-21 14:40:23.000000000 -0500
+++ serefpolicy-2.2.21/policy/modules/admin/vpn.te 2006-02-23 12:21:59.000000000 -0500
@@ -235,6 +243,18 @@
mls_file_read_up(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.2.21/policy/modules/services/xserver.te
+--- nsaserefpolicy/policy/modules/services/xserver.te 2006-02-21 14:40:25.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/services/xserver.te 2006-02-23 14:10:50.000000000 -0500
+@@ -425,7 +425,7 @@
+ ifdef(`targeted_policy',`
+ allow xdm_xserver_t self:process { execheap execmem };
+
+- unconfined_domain(xdm_xserver_t)
++ unconfined_domain_noaudit(xdm_xserver_t)
+ unconfined_domtrans(xdm_xserver_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.21/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-02-21 14:40:25.000000000 -0500
+++ serefpolicy-2.2.21/policy/modules/system/fstools.te 2006-02-23 09:41:46.000000000 -0500
@@ -281,6 +301,18 @@
########################################
#
# Restorecon local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.21/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-02-20 14:07:38.000000000 -0500
++++ serefpolicy-2.2.21/policy/modules/system/unconfined.te 2006-02-23 15:44:10.000000000 -0500
+@@ -90,7 +90,7 @@
+ ')
+
+ optional_policy(`fstools',`
+- fstools_domtrans(unconfined_t)
++ fstools_exec(unconfined_t)
+ ')
+
+ optional_policy(`java',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-2.2.21/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2006-02-22 14:09:04.000000000 -0500
+++ serefpolicy-2.2.21/support/Makefile.devel 2006-02-23 12:38:25.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- selinux-policy.spec 23 Feb 2006 18:56:17 -0000 1.123
+++ selinux-policy.spec 23 Feb 2006 21:02:49 -0000 1.124
@@ -9,7 +9,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.21
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -292,6 +292,9 @@
%changelog
+* Thu Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.21-3
+- Don't transition from uncofined_t to fsadm_t
+
* Thu Feb 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.21-2
- Fix policy update model.
More information about the fedora-cvs-commits
mailing list