rpms/selinux-policy/devel policy-20060608.patch, 1.39, 1.40 selinux-policy.spec, 1.235, 1.236
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jul 26 20:17:19 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17912
Modified Files:
policy-20060608.patch selinux-policy.spec
Log Message:
* Wed Jul 26 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-12
- fixes for setroubleshoot
policy-20060608.patch:
global_booleans | 2
global_tunables | 89 ++++++++------
mcs | 3
modules/admin/bootloader.te | 6 -
modules/admin/consoletype.te | 7 +
modules/admin/firstboot.te | 5
modules/admin/netutils.te | 10 -
modules/admin/prelink.te | 1
modules/admin/rpm.fc | 2
modules/admin/rpm.if | 4
modules/admin/usermanage.te | 2
modules/kernel/corenetwork.te.in | 5
modules/kernel/devices.fc | 3
modules/kernel/files.fc | 1
modules/kernel/filesystem.if | 21 +++
modules/kernel/filesystem.te | 2
modules/kernel/kernel.if | 38 ++++++
modules/kernel/selinux.if | 18 ++-
modules/kernel/selinux.te | 4
modules/kernel/storage.fc | 1
modules/services/amavis.te | 2
modules/services/automount.te | 8 +
modules/services/avahi.te | 1
modules/services/bind.fc | 3
modules/services/bluetooth.if | 23 +++
modules/services/bluetooth.te | 7 +
modules/services/clamav.fc | 3
modules/services/clamav.if | 22 +++
modules/services/clamav.te | 20 ---
modules/services/cups.te | 6 -
modules/services/cyrus.te | 5
modules/services/dovecot.fc | 1
modules/services/dovecot.te | 10 +
modules/services/ftp.te | 2
modules/services/hal.te | 10 +
modules/services/inetd.te | 12 +-
modules/services/ldap.fc | 1
modules/services/ldap.if | 21 +++
modules/services/ldap.te | 2
modules/services/lpd.if | 20 +--
modules/services/mailman.te | 15 ++
modules/services/nis.te | 1
modules/services/nscd.if | 20 +++
modules/services/ntp.te | 2
modules/services/openvpn.te | 8 +
modules/services/pegasus.if | 31 +++++
modules/services/pegasus.te | 5
modules/services/postfix.te | 6 -
modules/services/postgrey.fc | 2
modules/services/postgrey.if | 19 +++
modules/services/postgrey.te | 20 +++
modules/services/procmail.te | 5
modules/services/radius.fc | 1
modules/services/radius.te | 8 +
modules/services/remotelogin.te | 1
modules/services/samba.te | 6 -
modules/services/setroubleshoot.fc | 11 +
modules/services/setroubleshoot.if | 24 ++++
modules/services/setroubleshoot.te | 135 ++++++++++++++++++++++
modules/services/squid.te | 5
modules/services/ssh.if | 1
modules/services/tftp.te | 1
modules/services/xfs.te | 2
modules/services/xserver.if | 22 +++
modules/services/xserver.te | 3
modules/services/zebra.te | 7 +
modules/system/authlogin.if | 3
modules/system/authlogin.te | 1
modules/system/fstools.fc | 1
modules/system/getty.fc | 1
modules/system/getty.te | 3
modules/system/hostname.te | 5
modules/system/hotplug.te | 2
modules/system/init.if | 7 -
modules/system/libraries.fc | 2
modules/system/locallogin.te | 1
modules/system/logging.if | 6 -
modules/system/logging.te | 6 -
modules/system/lvm.te | 3
modules/system/selinuxutil.te | 29 ++++
modules/system/setrans.te | 5
modules/system/sysnetwork.te | 1
modules/system/udev.te | 4
modules/system/unconfined.fc | 1
modules/system/unconfined.if | 8 -
modules/system/unconfined.te | 8 -
modules/system/userdomain.if | 221 ++++++++++++++++++++++++-------------
modules/system/userdomain.te | 40 +++---
modules/system/xen.te | 2
89 files changed, 884 insertions(+), 240 deletions(-)
Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- policy-20060608.patch 26 Jul 2006 17:58:28 -0000 1.39
+++ policy-20060608.patch 26 Jul 2006 20:17:15 -0000 1.40
@@ -680,7 +680,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.3/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.3/policy/modules/services/bluetooth.te 2006-07-17 11:43:02.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/bluetooth.te 2006-07-26 15:13:57.000000000 -0400
@@ -173,6 +173,7 @@
allow bluetooth_helper_t self:shm create_shm_perms;
allow bluetooth_helper_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -697,6 +697,15 @@
')
')
+@@ -244,3 +246,8 @@
+ optional_policy(`
+ xserver_stream_connect_xdm(bluetooth_helper_t)
+ ')
++
++optional_policy(`
++ nis_use_ypbind(bluetooth_helper_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-2.3.3/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.3/policy/modules/services/clamav.fc 2006-07-17 12:08:12.000000000 -0400
@@ -1526,7 +1535,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.3/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.3/policy/modules/services/setroubleshoot.te 2006-07-25 09:09:41.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/setroubleshoot.te 2006-07-26 15:21:01.000000000 -0400
@@ -0,0 +1,135 @@
+policy_module(setroubleshoot,1.0.0)
+
@@ -1646,12 +1655,12 @@
+
+# log files
+logging_search_logs(setroubleshoot_t)
++allow setroubleshoot_t setroubleshoot_var_log_t:dir rw_dir_perms;
+allow setroubleshoot_t setroubleshoot_var_log_t:file create_file_perms;
+allow setroubleshoot_t setroubleshoot_var_log_t:sock_file rw_file_perms;
-+allow setroubleshoot_t setroubleshoot_var_log_t:dir r_dir_perms;
+
+files_search_pids(setroubleshoot_t)
-+allow setroubleshoot_t setroubleshoot_var_run_t:dir r_dir_perms;
++allow setroubleshoot_t setroubleshoot_var_run_t:dir rw_dir_perms;
+allow setroubleshoot_t setroubleshoot_var_run_t:sock_file rw_file_perms;
+
+
@@ -1762,7 +1771,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.3/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.3/policy/modules/services/xserver.te 2006-07-17 11:43:02.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/services/xserver.te 2006-07-26 15:58:46.000000000 -0400
@@ -88,6 +88,7 @@
allow xdm_t self:unix_dgram_socket create_socket_perms;
allow xdm_t self:tcp_socket create_stream_socket_perms;
@@ -2013,7 +2022,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.3/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.3/policy/modules/system/selinuxutil.te 2006-07-25 15:18:08.000000000 -0400
++++ serefpolicy-2.3.3/policy/modules/system/selinuxutil.te 2006-07-26 15:14:33.000000000 -0400
@@ -258,6 +258,8 @@
allow newrole_t { selinux_config_t default_context_t }:file r_file_perms;
allow newrole_t { selinux_config_t default_context_t }:lnk_file r_file_perms;
@@ -2032,15 +2041,17 @@
dev_relabel_all_dev_nodes(restorecon_t)
# cjp: why is this needed?
-@@ -423,6 +427,7 @@
+@@ -423,6 +427,9 @@
allow restorecond_t self:capability { dac_override dac_read_search fowner };
allow restorecond_t self:fifo_file rw_file_perms;
+allow restorecond_t self:netlink_route_socket r_netlink_socket_perms;
++allow restorecond_t self:tcp_socket create_socket_perms;
++allow restorecond_t self:udp_socket create_socket_perms;
allow restorecond_t restorecond_var_run_t:file create_file_perms;
files_pid_filetrans(restorecond_t,restorecond_var_run_t, file)
-@@ -430,6 +435,9 @@
+@@ -430,6 +437,9 @@
auth_relabel_all_files_except_shadow(restorecond_t )
auth_read_all_files_except_shadow(restorecond_t)
fs_relabelfrom_noxattr_fs(restorecond_t)
@@ -2050,7 +2061,7 @@
kernel_use_fds(restorecond_t)
kernel_rw_pipes(restorecond_t)
-@@ -456,6 +464,10 @@
+@@ -456,6 +466,10 @@
miscfiles_read_localization(restorecond_t)
@@ -2061,7 +2072,7 @@
#################################
#
# Run_init local policy
-@@ -534,20 +546,27 @@
+@@ -534,20 +548,27 @@
# semodule local policy
#
@@ -2090,7 +2101,7 @@
corecmd_exec_bin(semanage_t)
corecmd_exec_sbin(semanage_t)
-@@ -590,11 +609,15 @@
+@@ -590,11 +611,15 @@
userdom_search_sysadm_home_dirs(semanage_t)
ifdef(`targeted_policy',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- selinux-policy.spec 26 Jul 2006 17:58:28 -0000 1.235
+++ selinux-policy.spec 26 Jul 2006 20:17:15 -0000 1.236
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.3
-Release: 11
+Release: 12
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -348,6 +348,9 @@
%endif
%changelog
+* Wed Jul 26 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-12
+- fixes for setroubleshoot
+
* Wed Jul 26 2006 Dan Walsh <dwalsh at redhat.com> 2.3.3-11
- Added Paul Howorth patch to only load policy packages shipped
with this package
More information about the fedora-cvs-commits
mailing list