rpms/selinux-policy/devel policy-20060608.patch, 1.19, 1.20 selinux-policy.spec, 1.221, 1.222
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 13 14:24:08 UTC 2006
- Previous message (by thread): rpms/gnopernicus/devel .cvsignore, 1.30, 1.31 gnopernicus.spec, 1.44, 1.45 sources, 1.31, 1.32
- Next message (by thread): rpms/control-center/devel .cvsignore, 1.42, 1.43 control-center.spec, 1.149, 1.150 sources, 1.45, 1.46
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28018
Modified Files:
policy-20060608.patch selinux-policy.spec
Log Message:
* Fri Jul 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.2-3
- Turn off auditallow on setting booleans
policy-20060608.patch:
global_tunables | 7 +
modules/admin/bootloader.te | 3
modules/admin/consoletype.te | 7 +
modules/admin/usermanage.te | 4
modules/bgp.mod |binary
modules/bgp.pp |binary
modules/bgp.te | 12 ++
modules/kernel/corenetwork.te.in | 4
modules/kernel/files.fc | 1
modules/kernel/kernel.if | 38 +++++++
modules/kernel/selinux.if | 1
modules/services/automount.te | 8 +
modules/services/avahi.te | 1
modules/services/bluetooth.if | 23 ++++
modules/services/bluetooth.te | 2
modules/services/cups.te | 1
modules/services/cyrus.te | 1
modules/services/hal.fc | 1
modules/services/hal.te | 5
modules/services/pegasus.if | 31 ++++++
modules/services/pegasus.te | 5
modules/services/squid.te | 2
modules/services/tftp.te | 1
modules/services/xserver.if | 22 ++++
modules/services/zebra.te | 2
modules/system/getty.fc | 1
modules/system/getty.te | 3
modules/system/hostname.te | 5
modules/system/init.if | 7 -
modules/system/selinuxutil.te | 11 ++
modules/system/setrans.te | 5
modules/system/unconfined.fc | 1
modules/system/unconfined.te | 8 -
modules/system/userdomain.if | 201 ++++++++++++++++++++++++---------------
modules/system/userdomain.te | 32 ++----
35 files changed, 337 insertions(+), 119 deletions(-)
Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- policy-20060608.patch 12 Jul 2006 03:25:36 -0000 1.19
+++ policy-20060608.patch 13 Jul 2006 14:24:05 -0000 1.20
@@ -52,6 +52,27 @@
mls_file_read_up(consoletype_t)
mls_file_write_down(consoletype_t)
role system_r types consoletype_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.2/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-06-20 09:54:00.000000000 -0400
++++ serefpolicy-2.3.2/policy/modules/admin/usermanage.te 2006-07-12 17:28:02.000000000 -0400
+@@ -187,7 +187,7 @@
+ # Groupadd local policy
+ #
+
+-allow groupadd_t self:capability { dac_override chown kill setuid sys_resource };
++allow groupadd_t self:capability { audit_write dac_override chown kill setuid sys_resource };
+ dontaudit groupadd_t self:capability fsetid;
+ allow groupadd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
+ allow groupadd_t self:process { setrlimit setfscreate };
+@@ -450,7 +450,7 @@
+ # Useradd local policy
+ #
+
+-allow useradd_t self:capability { dac_override chown kill fowner fsetid setuid sys_resource };
++allow useradd_t self:capability { audit_write dac_override chown kill fowner fsetid setuid sys_resource };
+ allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ allow useradd_t self:process setfscreate;
+ allow useradd_t self:fd use;
Binary files nsaserefpolicy/policy/modules/bgp.mod and serefpolicy-2.3.2/policy/modules/bgp.mod differ
Binary files nsaserefpolicy/policy/modules/bgp.pp and serefpolicy-2.3.2/policy/modules/bgp.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/bgp.te serefpolicy-2.3.2/policy/modules/bgp.te
@@ -147,6 +168,17 @@
+ dontaudit $1 proc_type:dir list_dir_perms;
+ dontaudit $1 proc_type:file getattr;
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.3.2/policy/modules/kernel/selinux.if
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2006-05-19 13:46:37.000000000 -0400
++++ serefpolicy-2.3.2/policy/modules/kernel/selinux.if 2006-07-13 08:46:28.000000000 -0400
+@@ -214,7 +214,6 @@
+
+ if(!secure_mode_policyload) {
+ allow $1 security_t:security setbool;
+- auditallow $1 security_t:security setbool;
+ }
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.2/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-06-21 16:21:02.000000000 -0400
+++ serefpolicy-2.3.2/policy/modules/services/automount.te 2006-07-10 09:06:39.000000000 -0400
@@ -233,6 +265,17 @@
')
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.2/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2006-06-21 16:21:02.000000000 -0400
++++ serefpolicy-2.3.2/policy/modules/services/cups.te 2006-07-12 16:45:19.000000000 -0400
+@@ -81,6 +81,7 @@
+ allow cupsd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow cupsd_t self:unix_dgram_socket create_socket_perms;
+ allow cupsd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
++allow cupsd_t self:netlink_selinux_socket create_socket_perms;
+ allow cupsd_t self:netlink_route_socket r_netlink_socket_perms;
+ allow cupsd_t self:tcp_socket { create_stream_socket_perms connectto acceptfrom recvfrom };
+ allow cupsd_t self:udp_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.3.2/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2006-07-07 07:35:31.000000000 -0400
+++ serefpolicy-2.3.2/policy/modules/services/cyrus.te 2006-07-09 05:52:17.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- selinux-policy.spec 12 Jul 2006 02:50:30 -0000 1.221
+++ selinux-policy.spec 13 Jul 2006 14:24:05 -0000 1.222
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.2
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -341,6 +341,9 @@
%endif
%changelog
+* Fri Jul 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.2-3
+- Turn off auditallow on setting booleans
+
* Fri Jul 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.2-2
- Multiple fixes
- Previous message (by thread): rpms/gnopernicus/devel .cvsignore, 1.30, 1.31 gnopernicus.spec, 1.44, 1.45 sources, 1.31, 1.32
- Next message (by thread): rpms/control-center/devel .cvsignore, 1.42, 1.43 control-center.spec, 1.149, 1.150 sources, 1.45, 1.46
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list