rpms/selinux-policy/devel policy-20060608.patch, 1.35, 1.36 selinux-policy.spec, 1.232, 1.233
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jul 24 16:23:18 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1714
Modified Files:
policy-20060608.patch selinux-policy.spec
Log Message:
* Mon Jul 24 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-10
- Add policy for /var/run/ldapi
policy-20060608.patch:
global_booleans | 2
global_tunables | 89 ++++++++------
modules/admin/bootloader.te | 4
modules/admin/consoletype.te | 7 +
modules/admin/netutils.te | 10 -
modules/admin/prelink.te | 1
modules/admin/rpm.fc | 2
modules/admin/rpm.if | 4
modules/admin/usermanage.te | 2
modules/kernel/corenetwork.te.in | 5
modules/kernel/devices.fc | 3
modules/kernel/files.fc | 1
modules/kernel/filesystem.te | 2
modules/kernel/kernel.if | 38 ++++++
modules/kernel/storage.fc | 1
modules/services/amavis.te | 2
modules/services/automount.te | 8 +
modules/services/avahi.te | 1
modules/services/bind.fc | 3
modules/services/bluetooth.if | 23 +++
modules/services/bluetooth.te | 2
modules/services/clamav.fc | 3
modules/services/clamav.if | 22 +++
modules/services/clamav.te | 20 ---
modules/services/cups.te | 6 -
modules/services/cyrus.te | 1
modules/services/dovecot.fc | 1
modules/services/dovecot.te | 10 +
modules/services/ftp.te | 2
modules/services/hal.te | 10 +
modules/services/inetd.te | 12 +-
modules/services/ldap.fc | 1
modules/services/ldap.te | 2
modules/services/lpd.if | 20 +--
modules/services/mailman.te | 15 ++
modules/services/nscd.if | 20 +++
modules/services/openvpn.te | 8 +
modules/services/pegasus.if | 31 +++++
modules/services/pegasus.te | 5
modules/services/postfix.te | 6 -
modules/services/postgrey.fc | 2
modules/services/postgrey.if | 19 +++
modules/services/postgrey.te | 20 +++
modules/services/procmail.te | 5
modules/services/radius.fc | 1
modules/services/radius.te | 8 +
modules/services/remotelogin.te | 1
modules/services/samba.te | 6 -
modules/services/setroubleshoot.fc | 11 +
modules/services/setroubleshoot.if | 24 ++++
modules/services/setroubleshoot.te | 135 ++++++++++++++++++++++
modules/services/squid.te | 5
modules/services/ssh.if | 1
modules/services/tftp.te | 1
modules/services/xfs.te | 2
modules/services/xserver.if | 22 +++
modules/services/xserver.te | 3
modules/services/zebra.te | 7 +
modules/system/authlogin.if | 3
modules/system/authlogin.te | 1
modules/system/fstools.fc | 1
modules/system/getty.fc | 1
modules/system/getty.te | 3
modules/system/hostname.te | 5
modules/system/hotplug.te | 2
modules/system/init.if | 7 -
modules/system/libraries.fc | 2
modules/system/locallogin.te | 1
modules/system/logging.if | 2
modules/system/logging.te | 6 -
modules/system/lvm.te | 3
modules/system/selinuxutil.te | 23 +++
modules/system/setrans.te | 5
modules/system/sysnetwork.te | 1
modules/system/udev.te | 4
modules/system/unconfined.fc | 1
modules/system/unconfined.if | 8 -
modules/system/unconfined.te | 8 -
modules/system/userdomain.if | 221 ++++++++++++++++++++++++-------------
modules/system/userdomain.te | 40 +++---
modules/system/xen.te | 2
81 files changed, 800 insertions(+), 228 deletions(-)
Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- policy-20060608.patch 22 Jul 2006 19:00:43 -0000 1.35
+++ policy-20060608.patch 24 Jul 2006 16:23:16 -0000 1.36
@@ -785,7 +785,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.3/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.3/policy/modules/services/hal.te 2006-07-17 11:43:02.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/hal.te 2006-07-24 07:04:46.000000000 -0400
@@ -22,7 +22,7 @@
#
@@ -795,7 +795,18 @@
dontaudit hald_t self:capability sys_tty_config;
allow hald_t self:process signal_perms;
allow hald_t self:fifo_file rw_file_perms;
-@@ -163,6 +163,10 @@
+@@ -153,6 +153,10 @@
+ ')
+
+ optional_policy(`
++ bootloader_domtrans(hald_t)
++')
++
++optional_policy(`
+ # For /usr/libexec/hald-addon-acpi
+ # writes to /var/run/acpid.socket
+ apm_stream_connect(hald_t)
+@@ -163,6 +167,10 @@
')
optional_policy(`
@@ -832,6 +843,26 @@
+')
+
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-2.3.3/policy/modules/services/ldap.fc
+--- nsaserefpolicy/policy/modules/services/ldap.fc 2006-07-14 17:04:41.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/ldap.fc 2006-07-24 12:21:11.000000000 -0400
+@@ -9,3 +9,4 @@
+ /var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
+ /var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+ /var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
++/var/run/ldapi -s gen_context(system_u:object_r:slapd_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.3/policy/modules/services/ldap.te
+--- nsaserefpolicy/policy/modules/services/ldap.te 2006-07-14 17:04:40.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/ldap.te 2006-07-24 12:21:35.000000000 -0400
+@@ -72,7 +72,7 @@
+
+ allow slapd_t slapd_var_run_t:file create_file_perms;
+ allow slapd_t slapd_var_run_t:dir rw_dir_perms;
+-files_pid_filetrans(slapd_t,slapd_var_run_t,file)
++files_pid_filetrans(slapd_t,slapd_var_run_t,{ file socket })
+
+ kernel_read_system_state(slapd_t)
+ kernel_read_kernel_sysctls(slapd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.3.3/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.3/policy/modules/services/lpd.if 2006-07-18 10:41:23.000000000 -0400
@@ -1737,6 +1768,26 @@
seutil_sigchld_newrole(auditd_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.3.3/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te 2006-07-14 17:04:43.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/system/lvm.te 2006-07-23 12:48:10.000000000 -0400
+@@ -125,7 +125,7 @@
+
+ # DAC overrides and mknod for modifying /dev entries (vgmknodes)
+ # rawio needed for dmraid
+-allow lvm_t self:capability { dac_override ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio };
++allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio };
+ dontaudit lvm_t self:capability sys_tty_config;
+ allow lvm_t self:process { sigchld sigkill sigstop signull signal };
+ # LVM will complain a lot if it cannot set its priority.
+@@ -200,6 +200,7 @@
+
+ fs_getattr_xattr_fs(lvm_t)
+ fs_search_auto_mountpoints(lvm_t)
++fs_list_tmpfs(lvm_t)
+ fs_read_tmpfs_symlinks(lvm_t)
+ fs_dontaudit_read_removable_files(lvm_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.3/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.3/policy/modules/system/selinuxutil.te 2006-07-20 11:25:38.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- selinux-policy.spec 22 Jul 2006 19:00:47 -0000 1.232
+++ selinux-policy.spec 24 Jul 2006 16:23:16 -0000 1.233
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.3
-Release: 9
+Release: 10
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -341,6 +341,9 @@
%endif
%changelog
+* Mon Jul 24 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-10
+- Add policy for /var/run/ldapi
+
* Sat Jul 22 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-9
- Fix setroubleshoot policy
More information about the fedora-cvs-commits
mailing list