rpms/selinux-policy/devel .cvsignore, 1.24, 1.25 policy-20060104.patch, 1.13, 1.14 selinux-policy.spec, 1.84, 1.85 sources, 1.26, 1.27
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 17 19:40:19 UTC 2006
- Previous message (by thread): rpms/libsetrans/devel .cvsignore, 1.18, 1.19 libsetrans.spec, 1.26, 1.27 sources, 1.23, 1.24
- Next message (by thread): rpms/selinux-policy/devel policy-20060104.patch, 1.14, 1.15 selinux-policy.spec, 1.85, 1.86
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1745
Modified Files:
.cvsignore policy-20060104.patch selinux-policy.spec sources
Log Message:
* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.12-1
- Update to upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- .cvsignore 17 Jan 2006 03:55:13 -0000 1.24
+++ .cvsignore 17 Jan 2006 19:40:15 -0000 1.25
@@ -25,3 +25,4 @@
serefpolicy-2.1.9.tgz
serefpolicy-2.1.10.tgz
serefpolicy-2.1.11.tgz
+serefpolicy-2.1.12.tgz
policy-20060104.patch:
Makefile | 2 +-
policy/modules/apps/wine.fc | 2 ++
policy/modules/apps/wine.if | 23 +++++++++++++++++++++++
policy/modules/apps/wine.te | 27 +++++++++++++++++++++++++++
policy/modules/kernel/kernel.if | 1 +
policy/modules/kernel/mls.te | 1 +
policy/modules/services/dovecot.te | 1 +
policy/modules/services/hal.te | 3 +++
policy/modules/system/selinuxutil.te | 1 +
policy/users | 8 +++++---
10 files changed, 65 insertions(+), 4 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20060104.patch 17 Jan 2006 03:55:13 -0000 1.13
+++ policy-20060104.patch 17 Jan 2006 19:40:15 -0000 1.14
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.11/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.12/Makefile
--- nsaserefpolicy/Makefile 2006-01-13 09:48:25.000000000 -0500
-+++ serefpolicy-2.1.11/Makefile 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/Makefile 2006-01-17 14:23:22.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -10,69 +10,15 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.1.11/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 2006-01-06 17:55:17.000000000 -0500
-+++ serefpolicy-2.1.11/man/man8/ftpd_selinux.8 2006-01-16 22:32:53.000000000 -0500
-@@ -16,9 +16,9 @@
- .TP
- chcon -t public_content_rw_t /var/ftp/incoming
- .TP
--You must also turn on the boolean allow_ftp_anon_write.
-+You must also turn on the boolean allow_ftpd_anon_write.
- .TP
--setsebool -P allow_ftp_anon_write=1
-+setsebool -P allow_ftpd_anon_write=1
- .TP
- If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
- .TP
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.1.11/policy/modules/admin/kudzu.te
---- nsaserefpolicy/policy/modules/admin/kudzu.te 2006-01-13 17:06:02.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/admin/kudzu.te 2006-01-16 22:32:53.000000000 -0500
-@@ -63,6 +63,7 @@
- fs_write_ramfs_socket(kudzu_t)
-
- mls_file_read_up(kudzu_t)
-+mls_file_write_down(kudzu_t)
-
- modutils_read_mods_deps(kudzu_t)
- modutils_read_module_conf(kudzu_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.1.11/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2006-01-13 17:06:02.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/admin/readahead.te 2006-01-16 22:32:53.000000000 -0500
-@@ -35,6 +35,7 @@
- dev_getattr_all_chr_files(readahead_t)
- dev_getattr_all_blk_files(readahead_t)
- dev_dontaudit_read_all_blk_files(readahead_t)
-+dev_dontaudit_getattr_memory_device(readahead_t)
-
- domain_use_wide_inherit_fd(readahead_t)
-
-@@ -46,6 +47,7 @@
- fs_search_auto_mountpoints(readahead_t)
- fs_getattr_all_pipes(readahead_t)
- fs_getattr_all_files(readahead_t)
-+fs_search_ramfs(readahead_t)
-
- term_dontaudit_use_console(readahead_t)
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.11/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2006-01-12 18:28:45.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/apps/java.fc 2006-01-16 22:32:53.000000000 -0500
-@@ -2,3 +2,5 @@
- # /usr
- #
- /usr(/.*)?/bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
-+/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.11/policy/modules/apps/wine.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.12/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/apps/wine.fc 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/apps/wine.fc 2006-01-17 14:23:22.000000000 -0500
@@ -0,0 +1,2 @@
+/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.11/policy/modules/apps/wine.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.12/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/apps/wine.if 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/apps/wine.if 2006-01-17 14:23:22.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>Load keyboard mappings.</summary>
+
@@ -97,9 +43,9 @@
+ allow wine_t $1:fifo_file rw_file_perms;
+ allow wine_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.11/policy/modules/apps/wine.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.12/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/apps/wine.te 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/apps/wine.te 2006-01-17 14:23:22.000000000 -0500
@@ -0,0 +1,27 @@
+policy_module(wine,1.0.0)
+
@@ -128,63 +74,21 @@
+ allow wine_t file_type:file execmod;
+
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.1.11/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2006-01-13 17:06:03.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/kernel/devices.if 2006-01-16 22:32:53.000000000 -0500
-@@ -2248,3 +2248,19 @@
- typeattribute $1 memory_raw_write, memory_raw_read;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.1.12/policy/modules/kernel/kernel.if
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-01-13 17:06:04.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/kernel/kernel.if 2006-01-17 14:27:12.000000000 -0500
+@@ -1666,6 +1666,7 @@
+ typeattribute $1 kern_unconfined;
+
+ kernel_rw_all_sysctl($1)
++ kernel_sendrecv_unlabeled_association($1)
')
-+########################################
-+## <summary>
-+## dontaudit getattr raw memory devices (e.g. /dev/mem).
-+## </summary>
-+## <param name="domain">
-+## Domain allowed access.
-+## </param>
-+#
-+interface(`dev_dontaudit_getattr_memory_device',`
-+ gen_require(`
-+ type memory_device_t;
-+ ')
-+
-+ dontaudit $1 memory_device_t:chr_file getattr;
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.1.11/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/kernel/filesystem.if 2006-01-16 22:32:53.000000000 -0500
-@@ -2282,6 +2282,26 @@
-
- ########################################
- ## <summary>
-+## dontaudit Read and write character nodes on tmpfs filesystems.
-+## </summary>
-+## <param name="domain">
-+## The type of the process performing this action.
-+## </param>
-+#
-+interface(`fs_dontaudit_use_tmpfs_chr_dev',`
-+ gen_require(`
-+ type tmpfs_t;
-+ class dir r_dir_perms;
-+ class chr_file rw_file_perms;
-+ ')
-+
-+ dontaudit $1 tmpfs_t:dir r_dir_perms;
-+ dontaudit $1 tmpfs_t:chr_file rw_file_perms;
-+')
-+
-+
-+########################################
-+## <summary>
- ## Relabel character nodes on tmpfs filesystems.
- ## </summary>
- ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.11/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te 2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/kernel/mls.te 2006-01-16 22:32:53.000000000 -0500
-@@ -82,9 +82,11 @@
+ ################################################################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.12/policy/modules/kernel/mls.te
+--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-01-17 13:22:13.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/kernel/mls.te 2006-01-17 14:23:22.000000000 -0500
+@@ -83,6 +83,7 @@
# these might be targeted_policy only
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
range_transition unconfined_t initrc_exec_t s0;
@@ -192,82 +96,9 @@
')
ifdef(`enable_mls',`
- # run init with maximum MLS range
- range_transition kernel_t init_exec_t s0 - s15:c0.c255;
-+range_transition initrc_t auditd_exec_t s15:c0.c255;
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.1.11/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/apache.te 2006-01-16 22:32:53.000000000 -0500
-@@ -693,3 +693,8 @@
- optional_policy(`nscd',`
- nscd_use_socket(httpd_unconfined_script_t)
- ')
-+
-+optional_policy(`crond',`
-+ cron_system_entry(httpd_t, httpd_exec_t)
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-2.1.11/policy/modules/services/apm.te
---- nsaserefpolicy/policy/modules/services/apm.te 2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/apm.te 2006-01-16 22:32:53.000000000 -0500
-@@ -196,6 +196,7 @@
- ')
-
- optional_policy(`cron',`
-+ cron_system_entry(apmd_t, apmd_exec_t)
- cron_domtrans_anacron_system_job(apmd_t)
- ')
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.1.11/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/automount.te 2006-01-16 22:32:53.000000000 -0500
-@@ -108,6 +108,7 @@
- fs_manage_auto_mountpoints(automount_t)
-
- term_dontaudit_use_console(automount_t)
-+term_dontaudit_getattr_pty_dir(automount_t)
-
- init_use_fd(automount_t)
- init_use_script_pty(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.1.11/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/cron.te 2006-01-16 22:32:53.000000000 -0500
-@@ -120,7 +120,7 @@
-
- init_use_fd(crond_t)
- init_use_script_pty(crond_t)
--init_read_script_pid(crond_t)
-+init_rw_script_pid(crond_t)
-
- libs_use_ld_so(crond_t)
- libs_use_shared_libs(crond_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.1.11/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/cups.te 2006-01-16 22:32:53.000000000 -0500
-@@ -201,8 +201,7 @@
- ')
-
- optional_policy(`cron',`
-- cron_use_fd(cupsd_t)
-- cron_read_pipe(cupsd_t)
-+ cron_system_entry(cupsd_t, cupsd_exec_t)
- ')
-
- optional_policy(`dbus',`
-@@ -580,8 +579,7 @@
- ')
-
- optional_policy(`cron',`
-- cron_use_system_job_fd(cupsd_config_t)
-- cron_read_pipe(cupsd_config_t)
-+ cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
- ')
-
- optional_policy(`dbus',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.11/policy/modules/services/dovecot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.12/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-01-13 17:06:05.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/dovecot.te 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/services/dovecot.te 2006-01-17 14:23:22.000000000 -0500
@@ -95,6 +95,7 @@
files_read_etc_files(dovecot_t)
files_search_spool(dovecot_t)
@@ -276,10 +107,10 @@
files_dontaudit_list_default(dovecot_t)
init_use_fd(dovecot_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.11/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2006-01-13 17:06:05.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/hal.te 2006-01-16 22:39:09.000000000 -0500
-@@ -48,8 +48,13 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.12/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te 2006-01-17 13:22:13.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/services/hal.te 2006-01-17 14:23:22.000000000 -0500
+@@ -48,8 +48,11 @@
kernel_read_network_state(hald_t)
kernel_read_kernel_sysctl(hald_t)
kernel_read_fs_sysctl(hald_t)
@@ -288,242 +119,13 @@
+mls_file_read_up(hald_t)
+
-+bootloader_getattr_boot_dir(hald_t)
-+
- corecmd_exec_bin(hald_t)
- corecmd_exec_sbin(hald_t)
-
-@@ -82,8 +87,8 @@
- files_exec_etc_files(hald_t)
- files_read_etc_files(hald_t)
- files_rw_etc_runtime_files(hald_t)
--files_search_mnt(hald_t)
- files_manage_mnt_dirs(hald_t)
-+files_manage_mnt_files(hald_t)
- files_search_var_lib(hald_t)
- files_read_usr_files(hald_t)
- # hal is now execing pm-suspend
-@@ -158,6 +163,7 @@
- dbus_system_bus_client_template(hald,hald_t)
- dbus_send_system_bus_msg(hald_t)
- dbus_connect_system_bus(hald_t)
-+ allow hald_t self:dbus send_msg;
-
- init_dbus_chat_script(hald_t)
-
-@@ -212,3 +218,7 @@
- optional_policy(`vbetool',`
- vbetool_domtrans(hald_t)
- ')
-+
-+optional_policy(`bind',`
-+ bind_search_cache(hald_t)
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.1.11/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/mta.te 2006-01-16 22:32:53.000000000 -0500
-@@ -46,6 +46,7 @@
-
- allow system_mail_t etc_mail_t:dir { getattr search };
- allow system_mail_t etc_mail_t:file r_file_perms;
-+allow system_mail_t eventpollfs_t:file r_file_perms;
-
- kernel_read_system_state(system_mail_t)
- kernel_read_network_state(system_mail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.1.11/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/services/sendmail.te 2006-01-16 22:32:53.000000000 -0500
-@@ -17,6 +17,7 @@
-
- type sendmail_t;
- mta_sendmail_mailserver(sendmail_t)
-+mta_read_config(sendmail_t)
- mta_mailserver_delivery(sendmail_t)
- mta_mailserver_sender(sendmail_t)
-
-@@ -53,6 +54,7 @@
- corenet_udp_bind_all_nodes(sendmail_t)
- corenet_tcp_bind_smtp_port(sendmail_t)
- corenet_tcp_connect_all_ports(sendmail_t)
-+allow sendmail_t self:udp_socket create_socket_perms;
-
- dev_read_urand(sendmail_t)
- dev_read_sysfs(sendmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.11/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/authlogin.if 2006-01-16 22:32:53.000000000 -0500
-@@ -1075,3 +1075,16 @@
- typeattribute $1 can_write_shadow_passwords;
- typeattribute $1 can_relabelto_shadow_passwords;
- ')
-+#######################################
-+#
-+# auth_setattr_login_records(domain)
-+#
-+interface(`auth_setattr_login_records',`
-+ gen_require(`
-+ type wtmp_t;
-+ class file setattr;
-+ ')
-+
-+ allow $1 wtmp_t:file setattr;
-+ logging_search_logs($1)
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.1.11/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/authlogin.te 2006-01-16 22:32:53.000000000 -0500
-@@ -129,14 +129,6 @@
- nscd_use_socket(pam_t)
- ')
-
--ifdef(`TODO',`
--ifdef(`gnome-pty-helper.te', `allow pam_t gphdomain:fd use;')
--# Supress xdm denial
--ifdef(`xdm.te', `
--dontaudit pam_t xdm_t:fd use;
--') dnl ifdef
--') dnl endif TODO
--
- ########################################
- #
- # PAM console local policy
-@@ -223,6 +215,10 @@
- userdom_dontaudit_use_sysadm_terms(pam_console_t)
- ')
+ bootloader_getattr_boot_dir(hald_t)
-+optional_policy(`alsa',`
-+ alsa_domtrans(pam_console_t)
-+')
-+
- ifdef(`targeted_policy', `
- term_dontaudit_use_unallocated_tty(pam_console_t)
- term_dontaudit_use_generic_pty(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.1.11/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/hostname.te 2006-01-16 22:32:53.000000000 -0500
-@@ -29,6 +29,7 @@
-
- fs_getattr_xattr_fs(hostname_t)
- fs_search_auto_mountpoints(hostname_t)
-+fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
-
- term_dontaudit_use_console(hostname_t)
- term_use_all_user_ttys(hostname_t)
-@@ -55,35 +56,6 @@
- sysnet_read_config(hostname_t)
- sysnet_dns_name_resolve(hostname_t)
-
--userdom_use_all_user_fd(hostname_t)
-
--ifdef(`distro_redhat', `
-- fs_use_tmpfs_chr_dev(hostname_t)
--')
--
--ifdef(`targeted_policy', `
-- term_dontaudit_use_unallocated_tty(hostname_t)
-- term_dontaudit_use_generic_pty(hostname_t)
-- files_dontaudit_read_root_file(hostname_t)
--')
--
--optional_policy(`firstboot',`
-- firstboot_use_fd(hostname_t)
--')
--
--optional_policy(`hotplug',`
-- hotplug_dontaudit_use_fd(hostname_t)
--')
--
--optional_policy(`nscd',`
-- nscd_use_socket(hostname_t)
--')
--
--optional_policy(`selinuxutil',`
-- seutil_sigchld_newrole(hostname_t)
--')
--
--optional_policy(`udev',`
-- udev_dontaudit_use_fd(hostname_t)
-- udev_read_db(hostname_t)
--')
-+
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.1.11/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/init.te 2006-01-16 22:32:53.000000000 -0500
-@@ -298,6 +298,7 @@
- term_reset_tty_labels(initrc_t)
-
- auth_rw_login_records(initrc_t)
-+auth_setattr_login_records(initrc_t)
- auth_rw_lastlog(initrc_t)
- auth_read_pam_pid(initrc_t)
- auth_delete_pam_pid(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.11/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2006-01-13 09:48:27.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/libraries.fc 2006-01-16 22:32:53.000000000 -0500
-@@ -158,7 +158,7 @@
-
- # Flash plugin, Macromedia
- HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr/lib(64)?/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
- # Jai, Sun Microsystems (Jpackage SPRM)
- /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.1.11/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te 2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/lvm.te 2006-01-16 22:32:53.000000000 -0500
-@@ -209,6 +209,7 @@
- storage_manage_fixed_disk(lvm_t)
-
- term_dontaudit_getattr_all_user_ttys(lvm_t)
-+term_dontaudit_getattr_pty_dir(lvm_t)
-
- corecmd_search_sbin(lvm_t)
- corecmd_dontaudit_getattr_sbin_file(lvm_t)
-@@ -260,10 +261,3 @@
- udev_read_db(lvm_t)
- ')
-
--ifdef(`TODO',`
--# it has no reason to need this
--allow lvm_t var_t:dir { search getattr };
--allow lvm_t ramfs_t:filesystem unmount;
--
--dontaudit lvm_t xconsole_device_t:fifo_file getattr;
--') dnl end TODO
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.11/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/mount.te 2006-01-16 22:32:53.000000000 -0500
-@@ -32,6 +32,7 @@
-
- dev_getattr_all_blk_files(mount_t)
- dev_list_all_dev_nodes(mount_t)
-+dev_rw_lvm_control(mount_t)
-
- storage_raw_read_fixed_disk(mount_t)
- storage_raw_write_fixed_disk(mount_t)
-@@ -46,7 +47,7 @@
- fs_search_auto_mountpoints(mount_t)
- fs_use_tmpfs_chr_dev(mount_t)
-
--term_use_console(mount_t)
-+term_use_all_terms(mount_t)
-
- # required for mount.smbfs
- corecmd_exec_sbin(mount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.11/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/selinuxutil.te 2006-01-16 22:32:53.000000000 -0500
-@@ -316,6 +316,7 @@
- #
-
- allow restorecon_t self:capability { dac_override dac_read_search fowner };
-+allow restorecon_t self:fifo_file rw_file_perms;
-
- allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:dir r_dir_perms;
- allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:file r_file_perms;
-@@ -414,6 +415,7 @@
+ corecmd_exec_bin(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.12/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-01-17 13:22:14.000000000 -0500
++++ serefpolicy-2.1.12/policy/modules/system/selinuxutil.te 2006-01-17 14:23:22.000000000 -0500
+@@ -415,6 +415,7 @@
allow run_init_t self:capability setuid;
allow run_init_t self:fifo_file rw_file_perms;
allow run_init_t self:netlink_audit_socket { create bind write nlmsg_read read };
@@ -531,39 +133,9 @@
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
-@@ -469,6 +471,7 @@
- #
-
- allow setfiles_t self:capability { dac_override dac_read_search fowner };
-+allow setfiles_t self:fifo_file rw_file_perms;
-
- allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:dir r_dir_perms;
- allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:file r_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.1.11/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/unconfined.if 2006-01-16 22:32:53.000000000 -0500
-@@ -33,6 +33,7 @@
- corenet_unconfined($1)
- dev_unconfined($1)
- domain_unconfined($1)
-+ domain_dontaudit_read_all_domains_state($1)
- files_unconfined($1)
- fs_unconfined($1)
- selinux_unconfined($1)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.11/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-16 22:19:19.000000000 -0500
-+++ serefpolicy-2.1.11/policy/modules/system/userdomain.if 2006-01-16 22:32:53.000000000 -0500
-@@ -103,6 +103,7 @@
- # execute files in the home directory
- can_exec($1_t,$1_home_t)
-
-+ allow $1_t home_root_t:dir { getattr search };
- # full control of the home directory
- allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
- allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.11/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.12/policy/users
--- nsaserefpolicy/policy/users 2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.11/policy/users 2006-01-16 22:32:53.000000000 -0500
++++ serefpolicy-2.1.12/policy/users 2006-01-17 14:23:22.000000000 -0500
@@ -26,7 +26,9 @@
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- selinux-policy.spec 17 Jan 2006 03:55:13 -0000 1.84
+++ selinux-policy.spec 17 Jan 2006 19:40:15 -0000 1.85
@@ -6,7 +6,7 @@
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.1.11
+Version: 2.1.12
Release: 1
License: GPL
Group: System Environment/Base
@@ -262,6 +262,9 @@
%endif
%changelog
+* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.12-1
+- Update to upstream
+
* Sat Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 2.1.11-1
- Update to upstream
- Fix ftp Man page
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- sources 17 Jan 2006 03:55:13 -0000 1.26
+++ sources 17 Jan 2006 19:40:15 -0000 1.27
@@ -1 +1 @@
-297377c6b7b728b7f2a91bbe9afab297 serefpolicy-2.1.11.tgz
+77f907adaeff94135c3d410cd26dcb8f serefpolicy-2.1.12.tgz
- Previous message (by thread): rpms/libsetrans/devel .cvsignore, 1.18, 1.19 libsetrans.spec, 1.26, 1.27 sources, 1.23, 1.24
- Next message (by thread): rpms/selinux-policy/devel policy-20060104.patch, 1.14, 1.15 selinux-policy.spec, 1.85, 1.86
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list