rpms/selinux-policy/devel policy-20060207.patch, 1.30, 1.31 selinux-policy.spec, 1.132, 1.133
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Feb 27 23:23:08 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.45, 1.46 policy-20060207.patch, 1.29, 1.30 policygentool, 1.3, 1.4 selinux-policy.spec, 1.131, 1.132 sources, 1.49, 1.50
- Next message (by thread): rpms/booty/devel .cvsignore, 1.38, 1.39 booty.spec, 1.42, 1.43 sources, 1.41, 1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9044
Modified Files:
policy-20060207.patch selinux-policy.spec
Log Message:
* Mon Feb 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.22-2
- Additional fixes for nvidia and cups
policy-20060207.patch:
policy/modules/admin/readahead.te | 2 +-
policy/modules/admin/su.fc | 1 +
policy/modules/admin/su.if | 6 +++---
policy/modules/kernel/corenetwork.te.in | 2 +-
policy/modules/kernel/devices.if | 2 +-
policy/modules/kernel/files.fc | 2 +-
policy/modules/kernel/files.if | 20 ++++++++++++++++++--
policy/modules/services/apache.fc | 1 +
policy/modules/services/apache.if | 5 +++++
policy/modules/services/cron.te | 3 +++
policy/modules/services/cups.fc | 2 +-
policy/modules/services/cups.te | 6 ++++--
policy/modules/services/ktalk.te | 2 ++
policy/modules/services/nscd.if | 2 +-
policy/modules/system/init.te | 5 +++++
policy/modules/system/libraries.fc | 2 ++
policy/modules/system/locallogin.te | 1 +
policy/modules/system/lvm.fc | 1 +
policy/modules/system/selinuxutil.fc | 6 +++---
policy/modules/system/selinuxutil.te | 1 +
policy/modules/system/udev.te | 2 +-
support/Makefile.devel | 5 +----
22 files changed, 58 insertions(+), 21 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policy-20060207.patch 27 Feb 2006 23:00:38 -0000 1.30
+++ policy-20060207.patch 27 Feb 2006 23:23:06 -0000 1.31
@@ -112,6 +112,17 @@
')
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.22/policy/modules/services/apache.fc
+--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-27 17:17:23.000000000 -0500
++++ serefpolicy-2.2.22/policy/modules/services/apache.fc 2006-02-27 17:46:08.000000000 -0500
+@@ -15,6 +15,7 @@
+ /etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0)
+
+ /srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
++/srv/gallery2(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+
+ /usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.22/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2006-02-27 17:17:23.000000000 -0500
+++ serefpolicy-2.2.22/policy/modules/services/apache.if 2006-02-27 17:33:49.000000000 -0500
@@ -154,7 +165,7 @@
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.22/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-02-23 09:25:09.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/cups.te 2006-02-27 17:35:43.000000000 -0500
++++ serefpolicy-2.2.22/policy/modules/services/cups.te 2006-02-27 18:19:19.000000000 -0500
@@ -77,7 +77,7 @@
dontaudit cupsd_t self:capability { sys_tty_config net_admin };
allow cupsd_t self:process { setsched signal_perms };
@@ -180,6 +191,15 @@
kernel_read_all_sysctls(cupsd_t)
kernel_tcp_recvfrom(cupsd_t)
+@@ -649,7 +651,7 @@
+ ifdef(`targeted_policy',`
+ term_use_generic_ptys(cupsd_config_t)
+
+- unconfined_read_pipes(cupsd_config_t)
++ unconfined_rw_pipes(cupsd_config_t)
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.2.22/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2006-02-21 14:40:24.000000000 -0500
+++ serefpolicy-2.2.22/policy/modules/services/ktalk.te 2006-02-27 17:33:49.000000000 -0500
@@ -227,6 +247,25 @@
',`
# cjp: require doesnt work in optionals :\
# this also would result in a type transition
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.22/policy/modules/system/libraries.fc
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-02-20 14:07:38.000000000 -0500
++++ serefpolicy-2.2.22/policy/modules/system/libraries.fc 2006-02-27 18:10:56.000000000 -0500
+@@ -65,6 +65,7 @@
+ /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ /usr/(local/)?lib/wine/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -74,6 +75,7 @@
+ /usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ /usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ ifdef(`distro_redhat',`
+ /usr/lib(64)?/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.22/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-02-21 14:40:25.000000000 -0500
+++ serefpolicy-2.2.22/policy/modules/system/locallogin.te 2006-02-27 17:33:49.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- selinux-policy.spec 27 Feb 2006 23:00:40 -0000 1.132
+++ selinux-policy.spec 27 Feb 2006 23:23:06 -0000 1.133
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.22
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -293,6 +293,9 @@
%fileList strict
%changelog
+* Mon Feb 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.22-2
+- Additional fixes for nvidia and cups
+
* Mon Feb 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.22-1
- Update to upstream
- Merged my latest fixes
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.45, 1.46 policy-20060207.patch, 1.29, 1.30 policygentool, 1.3, 1.4 selinux-policy.spec, 1.131, 1.132 sources, 1.49, 1.50
- Next message (by thread): rpms/booty/devel .cvsignore, 1.38, 1.39 booty.spec, 1.42, 1.43 sources, 1.41, 1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list