rpms/selinux-policy/devel policy-20060207.patch, 1.39, 1.40 selinux-policy.spec, 1.140, 1.141
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 8 17:02:20 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24374
Modified Files:
policy-20060207.patch selinux-policy.spec
Log Message:
* Wed Mar 8 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-7
- Allow lvm tools to create drevice dir
policy-20060207.patch:
Rules.modular | 2
policy/modules/admin/readahead.te | 2
policy/modules/admin/rpm.fc | 2
policy/modules/admin/su.fc | 1
policy/modules/admin/su.if | 6
policy/modules/admin/vbetool.te | 5
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/devices.if | 20 +++
policy/modules/kernel/files.fc | 2
policy/modules/kernel/files.if | 20 ++-
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 102 ++++++++++++++++
policy/modules/kernel/kernel.te | 3
policy/modules/services/apache.fc | 2
policy/modules/services/apache.if | 5
policy/modules/services/apm.fc | 2
policy/modules/services/bluetooth.te | 19 +--
policy/modules/services/cron.te | 3
policy/modules/services/cups.fc | 2
policy/modules/services/cups.if | 22 +++
policy/modules/services/cups.te | 7 -
policy/modules/services/cvs.te | 2
policy/modules/services/hal.if | 41 ++++++
policy/modules/services/hal.te | 6
policy/modules/services/ktalk.fc | 1
policy/modules/services/ktalk.te | 6
policy/modules/services/nscd.if | 2
policy/modules/services/samba.te | 2
policy/modules/system/fstools.te | 1
policy/modules/system/init.te | 5
policy/modules/system/libraries.fc | 2
policy/modules/system/locallogin.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 4
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 2
policy/modules/system/xend.fc | 19 +++
policy/modules/system/xend.if | 71 +++++++++++
policy/modules/system/xend.te | 196 ++++++++++++++++++++++++++++++++
support/Makefile.devel | 5
42 files changed, 576 insertions(+), 34 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- policy-20060207.patch 7 Mar 2006 22:22:14 -0000 1.39
+++ policy-20060207.patch 8 Mar 2006 17:01:59 -0000 1.40
@@ -88,7 +88,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.23/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-23 09:25:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-07 16:50:04.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-08 10:58:05.000000000 -0500
@@ -2384,7 +2384,7 @@
')
@@ -173,6 +173,14 @@
')
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.2.23/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-02-14 07:20:25.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/filesystem.te 2006-03-08 11:55:28.000000000 -0500
+@@ -167,3 +167,4 @@
+ genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.23/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-03-04 00:06:34.000000000 -0500
+++ serefpolicy-2.2.23/policy/modules/kernel/kernel.if 2006-03-07 14:00:35.000000000 -0500
@@ -354,7 +362,7 @@
/var/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.23/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-07 13:42:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-08 11:35:36.000000000 -0500
@@ -115,6 +115,7 @@
corecmd_exec_shell(bluetooth_t)
@@ -363,7 +371,17 @@
files_read_etc_files(bluetooth_t)
files_read_etc_runtime_files(bluetooth_t)
-@@ -170,6 +171,7 @@
+@@ -146,6 +147,9 @@
+ optional_policy(`dbus',`
+ dbus_system_bus_client_template(bluetooth,bluetooth_t)
+ dbus_send_system_bus(bluetooth_t)
++ dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
++ dbus_connect_system_bus(bluetooth_helper_t)
++ dbus_send_system_bus(bluetooth_helper_t)
+ ')
+
+ optional_policy(`nis',`
+@@ -170,6 +174,7 @@
allow bluetooth_helper_t self:fifo_file rw_file_perms;
allow bluetooth_helper_t self:shm create_shm_perms;
allow bluetooth_helper_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -371,7 +389,13 @@
allow bluetooth_helper_t bluetooth_t:socket { read write };
-@@ -208,14 +210,13 @@
+@@ -202,20 +207,17 @@
+ miscfiles_read_localization(bluetooth_helper_t)
+ miscfiles_read_fonts(bluetooth_helper_t)
+
+-userdom_search_all_users_home_content(bluetooth_helper_t)
+-
+ optional_policy(`nscd',`
nscd_socket_use(bluetooth_helper_t)
')
@@ -390,6 +414,14 @@
ifdef(`strict_policy',`
ifdef(`xdm.te',`
allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
+@@ -227,4 +229,7 @@
+ files_rw_generic_tmp_sockets(bluetooth_helper_t)
+ allow bluetooth_helper_t tmpfs_t:file { read write };
+ allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
++ userdom_read_all_users_home_content_files(bluetooth_helper_t)
++
++ xserver_stream_connect_xdm(bluetooth_helper_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.23/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-03-04 00:06:35.000000000 -0500
+++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-07 13:42:37.000000000 -0500
@@ -714,7 +746,7 @@
/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.2.23/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/lvm.te 2006-03-07 17:10:36.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/lvm.te 2006-03-08 10:58:24.000000000 -0500
@@ -129,6 +129,8 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
@@ -724,6 +756,14 @@
dontaudit lvm_t self:capability sys_tty_config;
allow lvm_t self:process { sigchld sigkill sigstop signull signal };
# LVM will complain a lot if it cannot set its priority.
+@@ -199,6 +201,7 @@
+ dev_dontaudit_getattr_generic_chr_files(lvm_t)
+ dev_dontaudit_getattr_generic_blk_files(lvm_t)
+ dev_dontaudit_getattr_generic_pipes(lvm_t)
++dev_create_generic_dirs(lvm_t)
+
+ fs_getattr_xattr_fs(lvm_t)
+ fs_search_auto_mountpoints(lvm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-02-23 09:25:09.000000000 -0500
+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc 2006-03-07 13:42:37.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- selinux-policy.spec 7 Mar 2006 22:22:14 -0000 1.140
+++ selinux-policy.spec 8 Mar 2006 17:02:01 -0000 1.141
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.23
-Release: 6
+Release: 7
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -296,6 +296,9 @@
%fileList strict
%changelog
+* Wed Mar 8 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-7
+- Allow lvm tools to create drevice dir
+
* Tue Mar 7 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-5
- Add Xen support
More information about the fedora-cvs-commits
mailing list