[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy/devel policy-20060608.patch, 1.9, 1.10 selinux-policy.spec, 1.212, 1.213



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12604

Modified Files:
	policy-20060608.patch selinux-policy.spec 
Log Message:
* Tue Jun 20 2006 Dan Walsh <dwalsh redhat com> 2.2.47-5
- Break out selinux-devel package


policy-20060608.patch:
 doc/example.if                            |    4 -
 policy/global_tunables                    |    7 ++
 policy/modules/admin/bootloader.te        |    9 +++
 policy/modules/admin/consoletype.te       |    7 ++
 policy/modules/admin/logwatch.te          |    3 -
 policy/modules/admin/netutils.te          |    1 
 policy/modules/admin/prelink.fc           |    3 -
 policy/modules/kernel/files.if            |   35 ++++++++++++++
 policy/modules/kernel/filesystem.te       |    5 ++
 policy/modules/kernel/kernel.if           |   38 +++++++++++++++
 policy/modules/services/apache.fc         |    1 
 policy/modules/services/apache.if         |   74 ++++++++++++++++++++++++++++++
 policy/modules/services/apache.te         |   46 +++++++++++++++---
 policy/modules/services/automount.te      |   13 ++++-
 policy/modules/services/clamav.if         |   20 ++++++++
 policy/modules/services/cups.fc           |    1 
 policy/modules/services/cups.if           |    2 
 policy/modules/services/cups.te           |    8 +++
 policy/modules/services/hal.if            |   20 ++++++++
 policy/modules/services/mta.te            |    5 --
 policy/modules/services/networkmanager.te |    1 
 policy/modules/services/ntp.te            |    1 
 policy/modules/services/openvpn.fc        |    1 
 policy/modules/services/openvpn.te        |   11 ++++
 policy/modules/services/pegasus.if        |   31 ++++++++++++
 policy/modules/services/pegasus.te        |    5 --
 policy/modules/services/postfix.if        |   25 ++++++++++
 policy/modules/services/postfix.te        |    1 
 policy/modules/services/ppp.te            |    1 
 policy/modules/services/procmail.te       |    1 
 policy/modules/services/tftp.te           |    1 
 policy/modules/services/tor.if            |    2 
 policy/modules/system/authlogin.if        |    1 
 policy/modules/system/hostname.te         |    5 +-
 policy/modules/system/init.if             |    7 --
 policy/modules/system/init.te             |    1 
 policy/modules/system/libraries.fc        |    2 
 policy/modules/system/mount.te            |    1 
 policy/modules/system/selinuxutil.te      |    2 
 policy/modules/system/unconfined.fc       |    2 
 policy/modules/system/userdomain.if       |    2 
 policy/modules/system/xen.if              |    4 -
 policy/modules/system/xen.te              |   12 ++++
 43 files changed, 382 insertions(+), 40 deletions(-)

Index: policy-20060608.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060608.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- policy-20060608.patch	16 Jun 2006 19:06:13 -0000	1.9
+++ policy-20060608.patch	20 Jun 2006 12:58:27 -0000	1.10
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/example.if serefpolicy-2.2.47/doc/example.if
 --- nsaserefpolicy/doc/example.if	2006-02-01 10:22:19.000000000 -0500
-+++ serefpolicy-2.2.47/doc/example.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/doc/example.if	2006-06-19 16:26:15.000000000 -0400
 @@ -25,7 +25,7 @@
  ## </param>
  #
@@ -21,7 +21,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.2.47/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2006-06-08 08:45:56.000000000 -0400
-+++ serefpolicy-2.2.47/policy/global_tunables	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/global_tunables	2006-06-19 16:26:15.000000000 -0400
 @@ -89,6 +89,13 @@
  
  ## <desc>
@@ -38,7 +38,7 @@
  ## </desc>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.2.47/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-05-02 18:59:59.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/admin/bootloader.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/admin/bootloader.te	2006-06-19 16:26:15.000000000 -0400
 @@ -49,7 +49,7 @@
  #
  
@@ -48,9 +48,34 @@
  allow bootloader_t self:fifo_file rw_file_perms;
  
  allow bootloader_t bootloader_etc_t:file r_file_perms;
+@@ -111,6 +111,7 @@
+ # for blkid.tab
+ files_manage_etc_runtime_files(bootloader_t)
+ files_etc_filetrans_etc_runtime(bootloader_t,file)
++files_dontaudit_search_home(bootloader_t)
+ 
+ init_getattr_initctl(bootloader_t)
+ init_use_script_ptys(bootloader_t)
+@@ -127,6 +128,8 @@
+ 
+ miscfiles_read_localization(bootloader_t)
+ 
++modutils_domtrans_insmod_uncond(bootloader_t)
++
+ seutil_read_bin_policy(bootloader_t)
+ seutil_read_loadpolicy(bootloader_t)
+ seutil_dontaudit_search_config(bootloader_t)
+@@ -207,3 +210,7 @@
+ 	userdom_dontaudit_search_staff_home_dirs(bootloader_t)
+ 	userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
+ ')
++
++optional_policy(`
++	kudzu_domtrans(bootloader_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.2.47/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-05-19 10:07:51.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/admin/consoletype.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/admin/consoletype.te	2006-06-19 16:26:15.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -67,7 +92,7 @@
  role system_r types consoletype_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.2.47/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/admin/logwatch.te	2006-06-16 15:01:01.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/admin/logwatch.te	2006-06-19 16:26:15.000000000 -0400
 @@ -22,8 +22,7 @@
  #
  # Local policy
@@ -80,7 +105,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.47/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2006-06-06 22:21:51.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/admin/netutils.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/admin/netutils.te	2006-06-19 16:26:15.000000000 -0400
 @@ -54,6 +54,7 @@
  corenet_udp_sendrecv_all_ports(netutils_t)
  corenet_tcp_connect_all_ports(netutils_t)
@@ -91,7 +116,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-2.2.47/policy/modules/admin/prelink.fc
 --- nsaserefpolicy/policy/modules/admin/prelink.fc	2006-06-13 07:03:39.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/admin/prelink.fc	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/admin/prelink.fc	2006-06-19 16:26:15.000000000 -0400
 @@ -3,6 +3,5 @@
  
  /usr/sbin/prelink(\.bin)?	--	gen_context(system_u:object_r:prelink_exec_t,s0)
@@ -102,7 +127,7 @@
 +/var/log/prelink(/.*)?			gen_context(system_u:object_r:prelink_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.47/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2006-06-08 23:00:29.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/kernel/files.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/kernel/files.if	2006-06-19 16:26:15.000000000 -0400
 @@ -1931,6 +1931,21 @@
  ')
  
@@ -151,7 +176,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.2.47/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2006-06-13 07:03:42.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/kernel/filesystem.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/kernel/filesystem.te	2006-06-19 16:26:15.000000000 -0400
 @@ -48,6 +48,11 @@
  files_mountpoint(binfmt_misc_fs_t)
  genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
@@ -166,7 +191,7 @@
  genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.47/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2006-05-26 14:02:27.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/kernel/kernel.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/kernel/kernel.if	2006-06-19 16:26:15.000000000 -0400
 @@ -2096,3 +2096,41 @@
  
  	typeattribute $1 kern_unconfined;
@@ -211,7 +236,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.47/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-05-02 18:59:59.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/apache.fc	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/apache.fc	2006-06-19 16:26:15.000000000 -0400
 @@ -78,3 +78,4 @@
  /var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/www/perl(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -219,8 +244,20 @@
 +/usr/sbin/rotatelogs		--	gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.47/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2006-06-08 08:45:57.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/apache.if	2006-06-16 14:42:34.000000000 -0400
-@@ -515,6 +515,28 @@
++++ serefpolicy-2.2.47/policy/modules/services/apache.if	2006-06-19 16:26:15.000000000 -0400
+@@ -470,6 +470,11 @@
+ 	allow $1 httpdcontent:dir manage_dir_perms;
+ 	allow $1 httpdcontent:file manage_file_perms;
+ 	allow $1 httpdcontent:lnk_file create_lnk_perms;
++
++	allow $1 httpd_sys_script_exec_t:dir manage_dir_perms;
++	allow $1 httpd_sys_script_exec_t:file manage_file_perms;
++	allow $1 httpd_sys_script_exec_t:lnk_file create_lnk_perms;
++
+ ')
+ 
+ ########################################
+@@ -515,6 +520,28 @@
  
  ########################################
  ## <summary>
@@ -249,7 +286,7 @@
  ##	Execute the Apache helper program with
  ##	a domain transition.
  ## </summary>
-@@ -594,6 +616,28 @@
+@@ -594,6 +621,28 @@
  
  ########################################
  ## <summary>
@@ -278,7 +315,7 @@
  ##	Allow the specified domain to append
  ##	to apache log files.
  ## </summary>
-@@ -955,3 +999,28 @@
+@@ -955,3 +1004,28 @@
  	allow $2 httpd_$1_content_t:file r_file_perms;
  	allow $2 httpd_$1_content_t:lnk_file { getattr read };
  ')
@@ -309,7 +346,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.2.47/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2006-06-08 08:45:57.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/apache.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/apache.te	2006-06-19 16:26:15.000000000 -0400
 @@ -109,13 +109,10 @@
  type squirrelmail_spool_t;
  files_tmp_file(squirrelmail_spool_t)
@@ -344,7 +381,7 @@
  tunable_policy(`httpd_can_network_connect',`
  	corenet_tcp_connect_all_ports(httpd_t)
  ')
-@@ -692,3 +698,28 @@
+@@ -692,3 +698,29 @@
  optional_policy(`
  	nscd_socket_use(httpd_unconfined_script_t)
  ')
@@ -373,9 +410,10 @@
 +#
 +apache_domtrans_rotatelogs(httpd_sys_script_t)
 +
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.47/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-06-13 07:03:42.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/automount.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/automount.te	2006-06-19 16:26:15.000000000 -0400
 @@ -28,7 +28,7 @@
  # Local policy
  #
@@ -408,7 +446,7 @@
  corecmd_exec_shell(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-2.2.47/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2006-05-17 10:54:31.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/clamav.if	2006-06-16 15:04:59.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/clamav.if	2006-06-19 16:26:15.000000000 -0400
 @@ -84,3 +84,23 @@
  	allow clamscan_t $1:process sigchld;
  ')
@@ -433,9 +471,112 @@
 +	allow $1 clamd_var_lib_t:dir search_dir_perms;
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.2.47/policy/modules/services/cups.fc
+--- nsaserefpolicy/policy/modules/services/cups.fc	2006-04-19 11:26:51.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/cups.fc	2006-06-19 16:26:15.000000000 -0400
+@@ -24,6 +24,7 @@
+ 
+ /usr/sbin/cupsd		--	gen_context(system_u:object_r:cupsd_exec_t,s0)
+ /usr/sbin/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
++/usr/libexec/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+ /usr/sbin/hpiod		--	gen_context(system_u:object_r:hplip_exec_t,s0)
+ /usr/sbin/printconf-backend --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+ /usr/sbin/ptal-printd	--	gen_context(system_u:object_r:ptal_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.47/policy/modules/services/cups.if
+--- nsaserefpolicy/policy/modules/services/cups.if	2006-03-23 14:33:30.000000000 -0500
++++ serefpolicy-2.2.47/policy/modules/services/cups.if	2006-06-19 16:26:15.000000000 -0400
+@@ -40,7 +40,7 @@
+ 
+ 	files_search_pids($1)
+ 	allow $1 cupsd_var_run_t:dir search;
+-	allow $1 cupsd_var_run_t:sock_file write;
++	allow $1 cupsd_var_run_t:sock_file { getattr write };
+ 	allow $1 cupsd_t:unix_stream_socket connectto;
+ ')
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.47/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te	2006-06-13 22:41:52.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/cups.te	2006-06-19 16:26:15.000000000 -0400
+@@ -298,6 +298,7 @@
+ allow cupsd_config_t self:unix_stream_socket create_socket_perms;
+ allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
+ allow cupsd_config_t self:tcp_socket create_stream_socket_perms;
++allow cupsd_config_t self:netlink_route_socket r_netlink_socket_perms;
+ 
+ allow cupsd_config_t cupsd_t:tcp_socket { connectto recvfrom };
+ allow cupsd_t cupsd_config_t:tcp_socket { acceptfrom recvfrom };
+@@ -332,6 +333,7 @@
+ allow cupsd_config_t cupsd_rw_etc_t:lnk_file create_lnk_perms;
+ files_var_filetrans(cupsd_config_t,cupsd_rw_etc_t,file)
+ 
++cups_stream_connect(cupsd_config_t)
+ allow cupsd_config_t cupsd_var_run_t:file { getattr read };
+ 
+ kernel_read_system_state(cupsd_config_t)
+@@ -349,6 +351,7 @@
+ 
+ dev_read_sysfs(cupsd_config_t)
+ dev_read_urand(cupsd_config_t)
++dev_read_rand(cupsd_config_t)
+ 
+ fs_getattr_all_fs(cupsd_config_t)
+ fs_search_auto_mountpoints(cupsd_config_t)
+@@ -387,6 +390,9 @@
+ userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
+ userdom_dontaudit_search_sysadm_home_dirs(cupsd_config_t)
+ 
++allow cupsd_config_t cupsd_tmp_t:file create_file_perms;
++files_tmp_filetrans(cupsd_config_t, cupsd_tmp_t, { file dir })
++
+ lpd_read_config(cupsd_config_t)
+ 
+ ifdef(`distro_redhat',`
+@@ -422,6 +428,7 @@
+ 
+ optional_policy(`
+ 	hal_domtrans(cupsd_config_t)
++	hal_read_tmp_files(cupsd_config_t)
+ ')
+ 
+ optional_policy(`
+@@ -588,6 +595,7 @@
+ dev_read_sysfs(hplip_t)
+ dev_rw_printer(hplip_t)
+ dev_read_urand(hplip_t)
++dev_read_rand(hplip_t)
+ dev_rw_generic_usb_dev(hplip_t)
+ 
+ fs_getattr_all_fs(hplip_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.2.47/policy/modules/services/hal.if
+--- nsaserefpolicy/policy/modules/services/hal.if	2006-03-23 14:33:30.000000000 -0500
++++ serefpolicy-2.2.47/policy/modules/services/hal.if	2006-06-19 16:26:15.000000000 -0400
+@@ -140,3 +140,23 @@
+ 	files_search_pids($1)
+ 	allow $1 hald_var_run_t:file rw_file_perms;
+ ')
++
++
++########################################
++## <summary>
++##	Read hald tmp files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`hal_read_tmp_files',`
++	gen_require(`
++		type hald_tmp_t;
++	')
++
++	allow $1 hald_tmp_t:file r_file_perms;
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.2.47/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2006-06-06 22:21:54.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/mta.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/mta.te	2006-06-19 16:26:15.000000000 -0400
 @@ -195,8 +195,3 @@
  	')
  ')
@@ -445,9 +586,20 @@
 -allow initrc_t etc_mail_t:dir rw_dir_perms;
 -allow initrc_t etc_mail_t:file create_file_perms;
 -')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.47/policy/modules/services/networkmanager.te
+--- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-06-13 07:03:44.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/networkmanager.te	2006-06-19 16:26:15.000000000 -0400
+@@ -92,6 +92,7 @@
+ logging_send_syslog_msg(NetworkManager_t)
+ 
+ miscfiles_read_localization(NetworkManager_t)
++miscfiles_read_certs(NetworkManager_t)
+ 
+ modutils_domtrans_insmod(NetworkManager_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.2.47/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2006-06-13 07:03:44.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/ntp.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/ntp.te	2006-06-19 16:26:15.000000000 -0400
 @@ -62,6 +62,7 @@
  
  kernel_read_kernel_sysctls(ntpd_t)
@@ -456,9 +608,61 @@
  
  corenet_non_ipsec_sendrecv(ntpd_t)
  corenet_tcp_sendrecv_all_if(ntpd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-2.2.47/policy/modules/services/openvpn.fc
+--- nsaserefpolicy/policy/modules/services/openvpn.fc	2006-04-14 16:09:08.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/openvpn.fc	2006-06-19 16:26:15.000000000 -0400
+@@ -2,6 +2,7 @@
+ # /etc
+ #
+ /etc/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_etc_t,s0)
++/etc/openvpn/openvpn-status.log	-- gen_context(system_u:object_r:openvpn_etc_rw_t,s0)
+ 
+ #
+ # /usr
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.2.47/policy/modules/services/openvpn.te
+--- nsaserefpolicy/policy/modules/services/openvpn.te	2006-06-06 22:21:55.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/openvpn.te	2006-06-19 16:26:15.000000000 -0400
+@@ -15,6 +15,10 @@
+ type openvpn_etc_t;
+ files_type(openvpn_etc_t)
+ 
++# configuration files
++type openvpn_etc_rw_t;
++files_type(openvpn_etc_rw_t)
++
+ # log files
+ type openvpn_var_log_t;
+ logging_log_file(openvpn_var_log_t)
+@@ -38,12 +42,17 @@
+ allow openvpn_t openvpn_etc_t:file r_file_perms;
+ allow openvpn_t openvpn_etc_t:lnk_file { getattr read };
+ 
++allow openvpn_t openvpn_etc_rw_t:file create_file_perms;
++# Automatically label newly created files under /etc/openvpn with this type
++type_transition openvpn_t openvpn_etc_t:file openvpn_etc_rw_t;
++
+ allow openvpn_t openvpn_var_log_t:file create_file_perms;
+ logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
+ 
+ allow openvpn_t openvpn_var_run_t:file create_file_perms;
+ files_pid_filetrans(openvpn_t, openvpn_var_run_t, file)
+ 
++kernel_read_kernel_sysctls(openvpn_t)
+ kernel_read_net_sysctls(openvpn_t)
+ kernel_read_network_state(openvpn_t)
+ kernel_read_system_state(openvpn_t)
+@@ -81,6 +90,8 @@
+ 
+ sysnet_exec_ifconfig(openvpn_t)
+ 
++term_dontaudit_use_generic_ptys(openvpn_t)
++
+ optional_policy(`
+ 	daemontools_service_domain(openvpn_t,openvpn_exec_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.2.47/policy/modules/services/pegasus.if
 --- nsaserefpolicy/policy/modules/services/pegasus.if	2005-10-25 13:40:18.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/pegasus.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/pegasus.if	2006-06-19 16:26:15.000000000 -0400
 @@ -1 +1,32 @@
  ## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
 +
@@ -494,7 +698,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.2.47/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/pegasus.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/pegasus.te	2006-06-19 16:26:15.000000000 -0400
 @@ -100,13 +100,12 @@
  
  auth_use_nsswitch(pegasus_t)
@@ -511,9 +715,41 @@
  files_read_var_lib_symlinks(pegasus_t)
  
  hostname_exec(pegasus_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.2.47/policy/modules/services/postfix.if
+--- nsaserefpolicy/policy/modules/services/postfix.if	2006-06-06 22:21:55.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/postfix.if	2006-06-19 16:26:15.000000000 -0400
+@@ -459,3 +459,28 @@
+ 
+ 	typeattribute $1 postfix_user_domtrans;
+ ')
++
++
++########################################
++## <summary>
++##	Execute the master postfix program in the
++##	postfix_master domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`postfix_domtrans_smtp',`
++	gen_require(`
++		type postfix_smtp_t, postfix_smtp_exec_t;
++	')
++
++	domain_auto_trans($1,postfix_smtp_exec_t,postfix_smtp_t)
++
++	allow $1 postfix_smtp_t:fd use;
++	allow postfix_smtp_t $1:fd use;
++	allow postfix_smtp_t $1:fifo_file rw_file_perms;
++	allow postfix_smtp_t $1:process sigchld;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.47/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/postfix.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/postfix.te	2006-06-19 16:26:15.000000000 -0400
 @@ -456,6 +456,7 @@
  ')
  
@@ -524,7 +760,7 @@
  	cron_use_system_job_fds(postfix_postdrop_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.2.47/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2006-06-06 22:21:55.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/ppp.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/ppp.te	2006-06-19 16:26:15.000000000 -0400
 @@ -68,6 +68,7 @@
  allow pppd_t self:tcp_socket create_stream_socket_perms;
  allow pppd_t self:udp_socket { connect connected_socket_perms };
@@ -535,7 +771,7 @@
  allow pppd_t pptp_t:fd use;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.47/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2006-06-13 07:03:44.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/services/procmail.te	2006-06-16 15:05:10.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/procmail.te	2006-06-19 16:26:15.000000000 -0400
 @@ -78,6 +78,7 @@
  
  optional_policy(`
@@ -544,9 +780,20 @@
  ')
  
  optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.2.47/policy/modules/services/tftp.te
+--- nsaserefpolicy/policy/modules/services/tftp.te	2006-06-06 22:21:56.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/tftp.te	2006-06-20 07:50:40.000000000 -0400
+@@ -78,6 +78,7 @@
+ miscfiles_read_localization(tftpd_t)
+ 
+ sysnet_read_config(tftpd_t)
++sysnet_use_ldap(tftpd_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(tftpd_t)
+ userdom_dontaudit_use_sysadm_ttys(tftpd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-2.2.47/policy/modules/services/tor.if
 --- nsaserefpolicy/policy/modules/services/tor.if	2006-03-07 13:08:46.000000000 -0500
-+++ serefpolicy-2.2.47/policy/modules/services/tor.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/services/tor.if	2006-06-19 16:26:15.000000000 -0400
 @@ -11,7 +11,7 @@
  ## </param>
  #
@@ -558,7 +805,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.2.47/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2006-06-13 07:03:45.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/authlogin.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/authlogin.if	2006-06-19 16:26:15.000000000 -0400
 @@ -1292,6 +1292,7 @@
  
  	sysnet_dns_name_resolve($1)
@@ -569,7 +816,7 @@
  		nis_use_ypbind($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.2.47/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2006-03-02 18:45:56.000000000 -0500
-+++ serefpolicy-2.2.47/policy/modules/system/hostname.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/hostname.te	2006-06-19 16:26:16.000000000 -0400
 @@ -8,7 +8,10 @@
  
  type hostname_t;
@@ -582,9 +829,26 @@
  role system_r types hostname_t;
  
  ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.2.47/policy/modules/system/init.if
+--- nsaserefpolicy/policy/modules/system/init.if	2006-06-06 22:21:56.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/init.if	2006-06-19 16:26:16.000000000 -0400
+@@ -158,13 +158,6 @@
+ 	allow $1 initrc_t:fifo_file rw_file_perms;
+ 	allow $1 initrc_t:process sigchld;
+ 
+-	ifdef(`hide_broken_symptoms',`
+-		# RHEL4 systems seem to have a stray
+-		# fds open from the initrd
+-		ifdef(`distro_rhel4',`
+-			kernel_dontaudit_use_fds($1)
+-		')
+-	')
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.47/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2006-06-08 23:00:33.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/init.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/init.te	2006-06-19 16:26:16.000000000 -0400
 @@ -345,6 +345,7 @@
  files_mounton_isid_type_dirs(initrc_t)
  files_list_default(initrc_t)
@@ -595,7 +859,7 @@
  libs_use_ld_so(initrc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.47/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/libraries.fc	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/libraries.fc	2006-06-19 16:26:16.000000000 -0400
 @@ -121,7 +121,7 @@
  
  /usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -607,7 +871,7 @@
  ifdef(`distro_redhat',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.47/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2006-06-06 22:21:56.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/mount.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/mount.te	2006-06-19 16:26:16.000000000 -0400
 @@ -111,6 +111,7 @@
  	tunable_policy(`allow_mount_anyfile',`
  		auth_read_all_dirs_except_shadow(mount_t)
@@ -618,7 +882,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.47/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-06-13 07:03:48.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/selinuxutil.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/selinuxutil.te	2006-06-19 16:26:16.000000000 -0400
 @@ -352,6 +352,8 @@
  kernel_relabelfrom_unlabeled_symlinks(restorecon_t)
  kernel_relabelfrom_unlabeled_pipes(restorecon_t)
@@ -630,7 +894,7 @@
  # cjp: why is this needed?
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.2.47/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/unconfined.fc	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/unconfined.fc	2006-06-19 16:26:16.000000000 -0400
 @@ -7,4 +7,6 @@
  ifdef(`targeted_policy',`
  /usr/lib/openoffice.org.*/program/.*\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -640,7 +904,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.47/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-06-13 07:03:49.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/userdomain.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/userdomain.if	2006-06-19 16:26:16.000000000 -0400
 @@ -4145,7 +4145,7 @@
  	gen_require(`
  		type user_home_dir_t;
@@ -652,7 +916,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.47/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/xen.if	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/xen.if	2006-06-19 16:26:16.000000000 -0400
 @@ -11,7 +11,7 @@
  ## </param>
  #
@@ -673,7 +937,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.47/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2006-06-08 08:45:58.000000000 -0400
-+++ serefpolicy-2.2.47/policy/modules/system/xen.te	2006-06-16 14:42:34.000000000 -0400
++++ serefpolicy-2.2.47/policy/modules/system/xen.te	2006-06-19 16:26:16.000000000 -0400
 @@ -68,7 +68,8 @@
  # xend local policy
  #


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.212
retrieving revision 1.213
diff -u -r1.212 -r1.213
--- selinux-policy.spec	16 Jun 2006 17:54:35 -0000	1.212
+++ selinux-policy.spec	20 Jun 2006 12:58:27 -0000	1.213
@@ -16,7 +16,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.47
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -51,6 +51,16 @@
 %dir %{_sysconfdir}/selinux
 %ghost %config(noreplace) %{_sysconfdir}/selinux/config
 %ghost %{_sysconfdir}/sysconfig/selinux
+
+%package devel
+Summary: SELinux policy development
+Group: System Environment/Base
+Requires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
+
+%description devel
+SELinux Policy development package
+
+%files devel
 %dir %{_usr}/share/selinux/devel
 %dir %{_usr}/share/selinux/devel/include
 %{_usr}/share/selinux/devel/include/*
@@ -333,6 +343,9 @@
 %endif
 
 %changelog
+* Tue Jun 20 2006 Dan Walsh <dwalsh redhat com> 2.2.47-5
+- Break out selinux-devel package
+
 * Fri Jun 16 2006 Dan Walsh <dwalsh redhat com> 2.2.47-4
 - Add ibmasmfs
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]