rpms/selinux-policy/devel policy-20060207.patch, 1.31, 1.32 selinux-policy.spec, 1.133, 1.134
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sat Mar 4 05:11:01 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8204
Modified Files:
policy-20060207.patch selinux-policy.spec
Log Message:
* Tue Feb 28 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-1
- add policyhelp to point at policy html pages
policy-20060207.patch:
Rules.modular | 2 +-
policy/modules/admin/readahead.te | 2 +-
policy/modules/admin/su.fc | 1 +
policy/modules/admin/su.if | 6 +++---
policy/modules/kernel/corenetwork.te.in | 2 +-
policy/modules/kernel/devices.if | 2 +-
policy/modules/kernel/files.fc | 2 +-
policy/modules/kernel/files.if | 20 ++++++++++++++++++--
policy/modules/services/apache.fc | 2 ++
policy/modules/services/apache.if | 5 +++++
policy/modules/services/bluetooth.te | 5 +++++
policy/modules/services/cron.te | 3 +++
policy/modules/services/cups.fc | 2 +-
policy/modules/services/cups.te | 6 ++++--
policy/modules/services/cvs.te | 2 +-
policy/modules/services/ktalk.te | 2 ++
policy/modules/services/nscd.if | 2 +-
policy/modules/services/samba.te | 2 +-
policy/modules/system/init.te | 5 +++++
policy/modules/system/libraries.fc | 2 ++
policy/modules/system/locallogin.te | 1 +
policy/modules/system/lvm.fc | 1 +
policy/modules/system/selinuxutil.fc | 6 +++---
policy/modules/system/selinuxutil.te | 1 +
policy/modules/system/udev.te | 2 +-
support/Makefile.devel | 5 +----
26 files changed, 67 insertions(+), 24 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- policy-20060207.patch 27 Feb 2006 23:23:06 -0000 1.31
+++ policy-20060207.patch 4 Mar 2006 05:10:54 -0000 1.32
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.22/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2006-02-21 14:40:22.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/admin/readahead.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.23/policy/modules/admin/readahead.te
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-03-04 00:06:33.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/readahead.te 2006-03-04 00:08:36.000000000 -0500
@@ -18,7 +18,7 @@
# Local policy
#
@@ -10,17 +10,17 @@
allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.22/policy/modules/admin/su.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.23/policy/modules/admin/su.fc
--- nsaserefpolicy/policy/modules/admin/su.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/admin/su.fc 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/su.fc 2006-03-04 00:08:36.000000000 -0500
@@ -2,3 +2,4 @@
/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
+/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.22/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2006-02-23 09:25:07.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/admin/su.if 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.23/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if 2006-03-04 00:06:33.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/su.if 2006-03-04 00:08:36.000000000 -0500
@@ -141,10 +141,10 @@
# By default, revert to the calling domain when a shell is executed.
@@ -35,9 +35,9 @@
kernel_read_system_state($1_su_t)
kernel_read_kernel_sysctls($1_su_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.22/policy/modules/kernel/corenetwork.te.in
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-02-20 14:07:36.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/kernel/corenetwork.te.in 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in 2006-03-04 00:08:36.000000000 -0500
@@ -66,7 +66,7 @@
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
@@ -47,9 +47,9 @@
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,50000,s0, tcp,50002,s0)
network_port(i18n_input, tcp,9010,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.22/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.23/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-23 09:25:08.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/kernel/devices.if 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-04 00:08:36.000000000 -0500
@@ -2384,7 +2384,7 @@
')
@@ -59,10 +59,10 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.22/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2006-02-14 07:20:25.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/kernel/files.fc 2006-02-27 17:33:49.000000000 -0500
-@@ -89,7 +89,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.23/policy/modules/kernel/files.fc
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-03-04 00:06:34.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/files.fc 2006-03-04 00:08:36.000000000 -0500
+@@ -93,7 +93,7 @@
# HOME_ROOT
# expanded by genhomedircon
#
@@ -71,10 +71,10 @@
HOME_ROOT/\.journal <<none>>
HOME_ROOT/lost\+found -d gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
HOME_ROOT/lost\+found/.* <<none>>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.22/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2006-02-21 14:40:23.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/kernel/files.if 2006-02-27 17:33:49.000000000 -0500
-@@ -1416,6 +1416,21 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.23/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-03-04 00:06:34.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/files.if 2006-03-04 00:08:36.000000000 -0500
+@@ -1648,6 +1648,21 @@
')
########################################
@@ -96,7 +96,7 @@
## <summary>
## Read files in /etc that are dynamically
## created on boot, such as mtab.
-@@ -3356,12 +3371,13 @@
+@@ -3789,12 +3804,13 @@
# Need to give permission to create directories where applicable
allow $1 self:process setfscreate;
@@ -112,9 +112,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.22/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.23/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-27 17:17:23.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/apache.fc 2006-02-27 17:46:08.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/apache.fc 2006-03-04 00:08:36.000000000 -0500
@@ -15,6 +15,7 @@
/etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0)
@@ -123,9 +123,14 @@
/usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.22/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2006-02-27 17:17:23.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/apache.if 2006-02-27 17:33:49.000000000 -0500
+@@ -75,3 +76,4 @@
+ /var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+ /var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++/usr/share/selinux-policy([^/]*)?/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.23/policy/modules/services/apache.if
+--- nsaserefpolicy/policy/modules/services/apache.if 2006-03-04 00:06:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/apache.if 2006-03-04 00:08:36.000000000 -0500
@@ -12,6 +12,11 @@
## </param>
#
@@ -138,9 +143,38 @@
# allow write access to public file transfer
# services files.
gen_tunable(allow_httpd_$1_script_anon_write,false)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.22/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2006-02-27 17:17:24.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/cron.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.23/policy/modules/services/bluetooth.te
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-04 00:06:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-04 00:08:36.000000000 -0500
+@@ -115,6 +115,7 @@
+ corecmd_exec_shell(bluetooth_t)
+
+ domain_use_interactive_fds(bluetooth_t)
++domain_dontaudit_search_all_domains_state(bluetooth_t)
+
+ files_read_etc_files(bluetooth_t)
+ files_read_etc_runtime_files(bluetooth_t)
+@@ -170,6 +171,7 @@
+ allow bluetooth_helper_t self:fifo_file rw_file_perms;
+ allow bluetooth_helper_t self:shm create_shm_perms;
+ allow bluetooth_helper_t self:unix_stream_socket { create_stream_socket_perms connectto };
++allow bluetooth_helper_t self:tcp_socket create_socket_perms;
+
+ allow bluetooth_helper_t bluetooth_t:socket { read write };
+
+@@ -214,6 +216,9 @@
+ ifdef(`xserver.te', `
+ allow bluetooth_helper_t xserver_log_t:dir search;
+ allow bluetooth_helper_t xserver_log_t:file { getattr read };
++ optional_policy(`xserver', `
++ xserver_stream_connect_xdm(bluetooth_helper_t)
++ ');
+ ')
+
+ ifdef(`strict_policy',`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.23/policy/modules/services/cron.te
+--- nsaserefpolicy/policy/modules/services/cron.te 2006-03-04 00:06:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-04 00:08:36.000000000 -0500
@@ -166,6 +166,9 @@
allow crond_t unconfined_t:dbus send_msg;
@@ -151,9 +185,9 @@
',`
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.2.22/policy/modules/services/cups.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.2.23/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/cups.fc 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.fc 2006-03-04 00:08:36.000000000 -0500
@@ -43,7 +43,7 @@
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
/var/log/turboprint_cups\.log.* -- gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -163,9 +197,9 @@
/var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.22/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2006-02-23 09:25:09.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/cups.te 2006-02-27 18:19:19.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.23/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2006-03-04 00:06:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-04 00:09:52.000000000 -0500
@@ -77,7 +77,7 @@
dontaudit cupsd_t self:capability { sys_tty_config net_admin };
allow cupsd_t self:process { setsched signal_perms };
@@ -180,7 +214,7 @@
allow cupsd_t cupsd_var_run_t:file create_file_perms;
allow cupsd_t cupsd_var_run_t:dir rw_dir_perms;
+allow cupsd_t cupsd_var_run_t:sock_file create_file_perms;
- files_pid_filetrans(cupsd_t,cupsd_var_run_t)
+ files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
allow cupsd_t hplip_var_run_t:file { read getattr };
@@ -119,6 +120,7 @@
@@ -200,9 +234,21 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.2.22/policy/modules/services/ktalk.te
---- nsaserefpolicy/policy/modules/services/ktalk.te 2006-02-21 14:40:24.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/ktalk.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.2.23/policy/modules/services/cvs.te
+--- nsaserefpolicy/policy/modules/services/cvs.te 2006-03-04 00:06:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cvs.te 2006-03-04 00:08:36.000000000 -0500
+@@ -11,7 +11,7 @@
+ inetd_tcp_service_domain(cvs_t,cvs_exec_t)
+ role system_r types cvs_t;
+
+-type cvs_data_t; #, customizable;
++type cvs_data_t; # customizable
+ files_type(cvs_data_t)
+
+ type cvs_tmp_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.2.23/policy/modules/services/ktalk.te
+--- nsaserefpolicy/policy/modules/services/ktalk.te 2006-03-04 00:06:36.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-04 00:08:36.000000000 -0500
@@ -68,6 +68,8 @@
files_read_etc_files(ktalkd_t)
@@ -212,9 +258,9 @@
libs_use_ld_so(ktalkd_t)
libs_use_shared_libs(ktalkd_t)
logging_send_syslog_msg(ktalkd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.22/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.23/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-02-10 21:34:14.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/services/nscd.if 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/nscd.if 2006-03-04 00:08:36.000000000 -0500
@@ -49,8 +49,8 @@
dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
@@ -225,9 +271,21 @@
dontaudit $1 nscd_var_run_t:file { getattr read };
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.22/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/init.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.23/policy/modules/services/samba.te
+--- nsaserefpolicy/policy/modules/services/samba.te 2006-03-04 00:06:36.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/samba.te 2006-03-04 00:08:36.000000000 -0500
+@@ -32,7 +32,7 @@
+ type samba_secrets_t;
+ files_type(samba_secrets_t)
+
+-type samba_share_t;
++type samba_share_t; # customizable
+ files_config_file(samba_share_t)
+
+ type samba_var_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.23/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/init.te 2006-03-04 00:08:36.000000000 -0500
@@ -349,6 +349,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
@@ -236,7 +294,7 @@
libs_rw_ld_so_cache(initrc_t)
libs_use_ld_so(initrc_t)
-@@ -480,6 +481,10 @@
+@@ -482,6 +483,10 @@
ifdef(`targeted_policy',`
domain_subj_id_change_exemption(initrc_t)
unconfined_domain(initrc_t)
@@ -247,9 +305,9 @@
',`
# cjp: require doesnt work in optionals :\
# this also would result in a type transition
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.22/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.23/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-02-20 14:07:38.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/libraries.fc 2006-02-27 18:10:56.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/libraries.fc 2006-03-04 00:08:36.000000000 -0500
@@ -65,6 +65,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -266,9 +324,9 @@
ifdef(`distro_redhat',`
/usr/lib(64)?/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.22/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/locallogin.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.23/policy/modules/system/locallogin.te
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/locallogin.te 2006-03-04 00:08:36.000000000 -0500
@@ -20,6 +20,7 @@
type local_login_tmp_t;
@@ -277,9 +335,9 @@
type sulogin_t;
type sulogin_exec_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.2.22/policy/modules/system/lvm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.2.23/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/lvm.fc 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/lvm.fc 2006-03-04 00:08:36.000000000 -0500
@@ -25,6 +25,7 @@
# /sbin
#
@@ -288,9 +346,9 @@
/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.22/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-02-23 09:25:09.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/selinuxutil.fc 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc 2006-03-04 00:08:36.000000000 -0500
@@ -8,9 +8,9 @@
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
@@ -304,9 +362,9 @@
/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.22/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-02-27 17:17:27.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/selinuxutil.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.23/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te 2006-03-04 00:08:36.000000000 -0500
@@ -263,6 +263,7 @@
selinux_compute_relabel_context(newrole_t)
selinux_compute_user_contexts(newrole_t)
@@ -315,9 +373,9 @@
term_use_all_user_ttys(newrole_t)
term_use_all_user_ptys(newrole_t)
term_relabel_all_user_ttys(newrole_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.22/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2006-02-21 14:40:25.000000000 -0500
-+++ serefpolicy-2.2.22/policy/modules/system/udev.te 2006-02-27 17:33:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.23/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/udev.te 2006-03-04 00:08:36.000000000 -0500
@@ -39,7 +39,7 @@
# Local policy
#
@@ -327,9 +385,21 @@
dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow udev_t self:process { execmem setfscreate };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-2.2.22/support/Makefile.devel
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.23/Rules.modular
+--- nsaserefpolicy/Rules.modular 2006-02-17 14:46:10.000000000 -0500
++++ serefpolicy-2.2.23/Rules.modular 2006-03-04 00:08:36.000000000 -0500
+@@ -204,7 +204,7 @@
+ #
+ $(APPDIR)/customizable_types: $(BASE_CONF)
+ @mkdir -p $(APPDIR)
+- $(verbose) grep "^type .*customizable" $< | cut -d',' -f1 | cut -d' ' -f2 > $(TMPDIR)/customizable_types
++ $(verbose) grep '^[^[:print:]]*type .*customizable' $< | cut -d',' -f1 | cut -d' ' -f2 | sort -u > $(TMPDIR)/customizable_types
+ $(verbose) install -m 644 $(TMPDIR)/customizable_types $@
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-2.2.23/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2006-02-22 14:09:04.000000000 -0500
-+++ serefpolicy-2.2.22/support/Makefile.devel 2006-02-27 17:33:49.000000000 -0500
++++ serefpolicy-2.2.23/support/Makefile.devel 2006-03-04 00:08:36.000000000 -0500
@@ -6,10 +6,7 @@
SED ?= sed
EINFO ?= echo
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.133
retrieving revision 1.134
diff -u -r1.133 -r1.134
--- selinux-policy.spec 27 Feb 2006 23:23:06 -0000 1.133
+++ selinux-policy.spec 4 Mar 2006 05:10:54 -0000 1.134
@@ -9,8 +9,8 @@
%define CHECKPOLICYVER 1.29.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.22
-Release: 2
+Version: 2.2.23
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -51,27 +51,27 @@
%{_usr}/share/selinux/devel/Makefile
%{_usr}/share/selinux/devel/policygentool
%{_usr}/share/selinux/devel/example.*
-
+%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
%define setupCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} bare \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} conf \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 conf \
cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
%define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} base.pp \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} modules \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT POLY=%{polyinstatiate} install \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT POLY=%{polyinstatiate} install-appconfig \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT POLY=%3 install \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT POLY=%3 install-appconfig \
#%{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/policy \
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/active \
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/contexts/files \
touch $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
touch $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} enableaudit \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 enableaudit \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp \
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
@@ -98,7 +98,7 @@
%dir %{_sysconfdir}/selinux/%1/policy/ \
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
%dir %{_sysconfdir}/selinux/%1/contexts \
-%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/customizable_types \
+%config %{_sysconfdir}/selinux/%1/contexts/customizable_types \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
%config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
@@ -157,28 +157,31 @@
# Install devel
make clean
-make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} POLY=%{polyinstatiate} install-headers install-docs
+make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
mkdir ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
mv ${RPM_BUILD_ROOT}%{_usr}/share/selinux/targeted/include ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/include
rm -f ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/include/include
install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
install -m 644 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/Makefile
install -m 644 doc/example.* ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
+echo "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"
+> ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp
+chmod +x ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-%setupCmds targeted targeted-mcs y
-%installCmds targeted targeted-mcs y
+%setupCmds targeted targeted-mcs y n
+%installCmds targeted targeted-mcs y n
# Build strict policy
# Commented out because only targeted ref policy currently builds
-make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} bare
-make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=%{polyinstatiate} conf
-%installCmds strict strict-mcs y
+make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n bare
+make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n conf
+%installCmds strict strict-mcs y n
# Build mls policy
-%setupCmds mls strict-mls n
-%installCmds mls strict-mls n
+%setupCmds mls strict-mls n y
+%installCmds mls strict-mls n y
%clean
%{__rm} -fR $RPM_BUILD_ROOT
@@ -293,6 +296,9 @@
%fileList strict
%changelog
+* Tue Feb 28 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-1
+- add policyhelp to point at policy html pages
+
* Mon Feb 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.22-2
- Additional fixes for nvidia and cups
More information about the fedora-cvs-commits
mailing list