rpms/selinux-policy/devel policy-20060608.patch, 1.33, 1.34 selinux-policy.spec, 1.230, 1.231

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Sat Jul 22 03:11:35 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8023

Modified Files:
	policy-20060608.patch selinux-policy.spec 
Log Message:
* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-8
- Fixes for mls use of ssh
- named  has a new conf file


policy-20060608.patch:
 global_booleans                    |    2 
 global_tunables                    |   89 ++++++++------
 modules/admin/bootloader.te        |    4 
 modules/admin/consoletype.te       |    7 +
 modules/admin/netutils.te          |   10 -
 modules/admin/prelink.te           |    1 
 modules/admin/rpm.fc               |    2 
 modules/admin/rpm.if               |    4 
 modules/admin/usermanage.te        |    2 
 modules/kernel/corenetwork.te.in   |    5 
 modules/kernel/devices.fc          |    3 
 modules/kernel/files.fc            |    1 
 modules/kernel/filesystem.te       |    2 
 modules/kernel/kernel.if           |   38 ++++++
 modules/kernel/storage.fc          |    1 
 modules/services/amavis.te         |    2 
 modules/services/automount.te      |    8 +
 modules/services/avahi.te          |    1 
 modules/services/bind.fc           |    3 
 modules/services/bluetooth.if      |   23 +++
 modules/services/bluetooth.te      |    2 
 modules/services/clamav.fc         |    3 
 modules/services/clamav.if         |   22 +++
 modules/services/clamav.te         |   20 ---
 modules/services/cups.te           |    6 -
 modules/services/cyrus.te          |    1 
 modules/services/dovecot.fc        |    1 
 modules/services/dovecot.te        |   10 +
 modules/services/ftp.te            |    2 
 modules/services/hal.te            |    6 -
 modules/services/inetd.te          |   12 +-
 modules/services/lpd.if            |   20 +--
 modules/services/mailman.te        |   15 ++
 modules/services/nscd.if           |   20 +++
 modules/services/openvpn.te        |    8 +
 modules/services/pegasus.if        |   31 +++++
 modules/services/pegasus.te        |    5 
 modules/services/postfix.te        |    6 -
 modules/services/postgrey.fc       |    2 
 modules/services/postgrey.if       |   19 +++
 modules/services/postgrey.te       |   20 +++
 modules/services/procmail.te       |    5 
 modules/services/radius.fc         |    1 
 modules/services/radius.te         |    8 +
 modules/services/remotelogin.te    |    1 
 modules/services/samba.te          |    6 -
 modules/services/setroubleshoot.fc |   11 +
 modules/services/setroubleshoot.if |   24 ++++
 modules/services/setroubleshoot.te |  135 ++++++++++++++++++++++
 modules/services/squid.te          |    5 
 modules/services/ssh.if            |    1 
 modules/services/tftp.te           |    1 
 modules/services/xfs.te            |    2 
 modules/services/xserver.if        |   22 +++
 modules/services/xserver.te        |    3 
 modules/services/zebra.te          |    7 +
 modules/system/authlogin.if        |    3 
 modules/system/authlogin.te        |    1 
 modules/system/fstools.fc          |    1 
 modules/system/getty.fc            |    1 
 modules/system/getty.te            |    3 
 modules/system/hostname.te         |    5 
 modules/system/hotplug.te          |    2 
 modules/system/init.if             |    7 -
 modules/system/libraries.fc        |    2 
 modules/system/locallogin.te       |    1 
 modules/system/logging.if          |    2 
 modules/system/logging.te          |    6 -
 modules/system/selinuxutil.te      |   23 +++
 modules/system/setrans.te          |    5 
 modules/system/sysnetwork.te       |    1 
 modules/system/udev.te             |    4 
 modules/system/unconfined.fc       |    1 
 modules/system/unconfined.if       |    8 -
 modules/system/unconfined.te       |    8 -
 modules/system/userdomain.if       |  221 ++++++++++++++++++++++++-------------
 modules/system/userdomain.te       |   40 +++---
 modules/system/xen.te              |    2 
 78 files changed, 792 insertions(+), 226 deletions(-)

Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- policy-20060608.patch	21 Jul 2006 13:28:12 -0000	1.33
+++ policy-20060608.patch	22 Jul 2006 03:11:32 -0000	1.34
@@ -489,6 +489,19 @@
  
  userdom_dontaudit_use_unpriv_user_fds(avahi_t)
  userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.3.3/policy/modules/services/bind.fc
+--- nsaserefpolicy/policy/modules/services/bind.fc	2006-07-14 17:04:40.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/bind.fc	2006-07-21 11:20:26.000000000 -0400
+@@ -28,7 +28,8 @@
+ ')
+ 
+ ifdef(`distro_redhat',`
+-/etc/named\.conf	--	gen_context(system_u:object_r:named_conf_t,s0)
++/etc/named\.rfc1912.zones  --	gen_context(system_u:object_r:named_conf_t,s0)
++/etc/named\.conf	   --	gen_context(system_u:object_r:named_conf_t,s0)
+ /etc/named\.caching-nameserver\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
+ /var/named(/.*)?		gen_context(system_u:object_r:named_zone_t,s0)
+ /var/named/slaves(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-2.3.3/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2006-07-14 17:04:41.000000000 -0400
 +++ serefpolicy-2.3.3/policy/modules/services/bluetooth.if	2006-07-17 11:43:02.000000000 -0400
@@ -1438,6 +1451,17 @@
  #squid requires the following when run in diskd mode, the recommended setting
  allow squid_t tmpfs_t:file { read write };
  ') dnl end TODO
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.3/policy/modules/services/ssh.if
+--- nsaserefpolicy/policy/modules/services/ssh.if	2006-07-14 17:04:41.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/ssh.if	2006-07-21 09:52:20.000000000 -0400
+@@ -71,6 +71,7 @@
+ 	allow $1_ssh_t self:msgq create_msgq_perms;
+ 	allow $1_ssh_t self:msg { send receive };
+ 	allow $1_ssh_t self:tcp_socket create_socket_perms;
++	allow $1_ssh_t self:netlink_route_socket r_netlink_socket_perms;
+ 
+ 	# for rsync
+ 	allow $1_ssh_t $2:unix_stream_socket rw_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.3.3/policy/modules/services/tftp.te
 --- nsaserefpolicy/policy/modules/services/tftp.te	2006-07-14 17:04:41.000000000 -0400
 +++ serefpolicy-2.3.3/policy/modules/services/tftp.te	2006-07-17 11:43:02.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- selinux-policy.spec	21 Jul 2006 13:28:12 -0000	1.230
+++ selinux-policy.spec	22 Jul 2006 03:11:32 -0000	1.231
@@ -16,7 +16,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.3.3
-Release: 7
+Release: 8
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -341,6 +341,10 @@
 %endif
 
 %changelog
+* Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-8
+- Fixes for mls use of ssh
+- named  has a new conf file
+
 * Fri Jul 21 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-7
 - Fixes to make setroubleshoot work

More information about the fedora-cvs-commits mailing list