rpms/selinux-policy/devel policy-20060207.patch, 1.48, 1.49 selinux-policy.spec, 1.150, 1.151

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Mar 14 20:13:33 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14980

Modified Files:
	policy-20060207.patch selinux-policy.spec 
Log Message:
* Mon Mar 13 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-17
- MLS Fixes
	dmidecode needs mls_file_read_up
- add ypxfr_t
- run init needs access to nscd
- udev needs setuid
- another xen log file
- Dontaudit mount getattr proc_kcore_t


policy-20060207.patch:
 Rules.modular                           |    2 
 policy/mcs                              |    4 
 policy/modules/admin/bootloader.te      |    2 
 policy/modules/admin/dmidecode.te       |    2 
 policy/modules/admin/readahead.te       |    2 
 policy/modules/admin/rpm.fc             |    2 
 policy/modules/admin/su.fc              |    1 
 policy/modules/admin/su.if              |    6 
 policy/modules/admin/updfstab.te        |    4 
 policy/modules/admin/vbetool.te         |    9 +
 policy/modules/kernel/corenetwork.te.in |    3 
 policy/modules/kernel/devices.fc        |    1 
 policy/modules/kernel/devices.if        |   21 ++-
 policy/modules/kernel/files.fc          |    8 -
 policy/modules/kernel/files.if          |   21 ++-
 policy/modules/kernel/filesystem.te     |    1 
 policy/modules/kernel/kernel.if         |  102 ++++++++++++++
 policy/modules/kernel/kernel.te         |    3 
 policy/modules/kernel/terminal.if       |    2 
 policy/modules/services/apache.fc       |    2 
 policy/modules/services/apache.if       |    5 
 policy/modules/services/apm.fc          |    2 
 policy/modules/services/apm.te          |    4 
 policy/modules/services/bluetooth.te    |   19 +-
 policy/modules/services/cron.te         |    3 
 policy/modules/services/cups.fc         |    2 
 policy/modules/services/cups.if         |   22 +++
 policy/modules/services/cups.te         |    7 -
 policy/modules/services/cvs.te          |    2 
 policy/modules/services/hal.if          |   41 +++++
 policy/modules/services/hal.te          |   13 +
 policy/modules/services/ktalk.fc        |    1 
 policy/modules/services/ktalk.te        |    6 
 policy/modules/services/mailman.if      |   25 +++
 policy/modules/services/nis.fc          |    1 
 policy/modules/services/nis.if          |   25 +++
 policy/modules/services/nis.te          |   28 ++++
 policy/modules/services/nscd.if         |    2 
 policy/modules/services/postfix.te      |    4 
 policy/modules/services/samba.te        |    2 
 policy/modules/system/fstools.if        |   18 ++
 policy/modules/system/fstools.te        |    3 
 policy/modules/system/init.te           |    5 
 policy/modules/system/libraries.fc      |    2 
 policy/modules/system/locallogin.te     |    1 
 policy/modules/system/lvm.fc            |    1 
 policy/modules/system/lvm.te            |    3 
 policy/modules/system/mount.te          |    3 
 policy/modules/system/selinuxutil.fc    |    6 
 policy/modules/system/selinuxutil.if    |    2 
 policy/modules/system/selinuxutil.te    |    9 +
 policy/modules/system/sysnetwork.te     |    7 +
 policy/modules/system/udev.te           |    2 
 policy/modules/system/unconfined.te     |    8 -
 policy/modules/system/xend.fc           |   23 +++
 policy/modules/system/xend.if           |   71 ++++++++++
 policy/modules/system/xend.te           |  219 ++++++++++++++++++++++++++++++++
 support/Makefile.devel                  |    5 
 58 files changed, 744 insertions(+), 56 deletions(-)

Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- policy-20060207.patch	9 Mar 2006 21:54:28 -0000	1.48
+++ policy-20060207.patch	14 Mar 2006 20:13:28 -0000	1.49
@@ -12,6 +12,30 @@
  
  # new file labels must be dominated by the relabeling subject clearance
  mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.2.23/policy/modules/admin/bootloader.te
+--- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-03-02 18:45:54.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/bootloader.te	2006-03-13 12:23:12.000000000 -0500
+@@ -103,7 +103,7 @@
+ files_manage_boot_symlinks(bootloader_t)
+ files_read_etc_files(bootloader_t)
+ files_exec_etc_files(bootloader_t)
+-files_read_etc_runtime_files(bootloader_t)
++files_manage_etc_runtime_files(bootloader_t)
+ files_read_usr_src_files(bootloader_t)
+ files_read_usr_files(bootloader_t)
+ files_read_var_files(bootloader_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmidecode.te serefpolicy-2.2.23/policy/modules/admin/dmidecode.te
+--- nsaserefpolicy/policy/modules/admin/dmidecode.te	2006-03-04 00:06:33.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/dmidecode.te	2006-03-13 12:26:24.000000000 -0500
+@@ -32,6 +32,8 @@
+ 
+ locallogin_use_fds(dmidecode_t)
+ 
++mls_file_read_up(dmidecode_t)
++
+ ifdef(`targeted_policy',`
+ 	term_use_generic_ptys(dmidecode_t)
+ 	term_use_unallocated_ttys(dmidecode_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.23/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2006-03-04 00:06:33.000000000 -0500
 +++ serefpolicy-2.2.23/policy/modules/admin/readahead.te	2006-03-07 13:42:37.000000000 -0500
@@ -61,6 +85,18 @@
  
  	kernel_read_system_state($1_su_t)
  	kernel_read_kernel_sysctls($1_su_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/updfstab.te serefpolicy-2.2.23/policy/modules/admin/updfstab.te
+--- nsaserefpolicy/policy/modules/admin/updfstab.te	2006-03-04 00:06:33.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/updfstab.te	2006-03-14 11:34:03.000000000 -0500
+@@ -125,6 +125,6 @@
+ 	udev_read_db(updfstab_t)
+ ')
+ 
+-ifdef(`TODO',`
+-allow updfstab_t tmpfs_t:dir getattr;
++optional_policy(`fstools',`
++	fstools_getattr_swap_files(updfstab_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.2.23/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2006-02-01 08:23:27.000000000 -0500
 +++ serefpolicy-2.2.23/policy/modules/admin/vbetool.te	2006-03-09 16:31:49.000000000 -0500
@@ -382,6 +418,19 @@
  #
  # Sysctl types
  #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.23/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if	2006-02-14 07:20:25.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/terminal.if	2006-03-13 15:57:21.000000000 -0500
+@@ -588,8 +588,8 @@
+ 		type devpts_t;
+ 	')
+ 
+-	dev_list_all_dev_nodes($1)
+ 	allow $1 devpts_t:dir r_dir_perms;
++	dev_list_all_dev_nodes($1)
+ 	allow $1 ptynode:chr_file { rw_term_perms lock append };
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.23/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-02-27 17:17:23.000000000 -0500
 +++ serefpolicy-2.2.23/policy/modules/services/apache.fc	2006-03-07 13:42:37.000000000 -0500
@@ -785,6 +834,102 @@
 +	allow mailman_queue_t $1:process sigchld;
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-2.2.23/policy/modules/services/nis.fc
+--- nsaserefpolicy/policy/modules/services/nis.fc	2005-11-28 21:48:04.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/nis.fc	2006-03-10 16:47:00.000000000 -0500
+@@ -7,3 +7,4 @@
+ /usr/sbin/ypserv	--	gen_context(system_u:object_r:ypserv_exec_t,s0)
+ 
+ /var/yp(/.*)?			gen_context(system_u:object_r:var_yp_t,s0)
++/usr/sbin/rpc.ypxfr	--	gen_context(system_u:object_r:ypxfr_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.2.23/policy/modules/services/nis.if
+--- nsaserefpolicy/policy/modules/services/nis.if	2006-02-10 21:34:14.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/nis.if	2006-03-10 16:45:39.000000000 -0500
+@@ -277,3 +277,28 @@
+ 	files_search_etc($1)
+ 	allow $1 ypserv_conf_t:file { getattr read };
+ ')
++
++
++########################################
++## <summary>
++##	Execute ypxfr in the ypxfr domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`nis_domtrans_ypxfr',`
++	gen_require(`
++		type ypxfr_t, ypxfr_exec_t;
++	')
++
++	corecmd_search_bin($1)
++	domain_auto_trans($1,ypxfr_exec_t,ypxfr_t)
++
++	allow $1 ypxfr_t:fd use;
++	allow ypxfr_t $1:fd use;
++	allow ypxfr_t $1:fifo_file rw_file_perms;
++	allow ypxfr_t $1:process sigchld;
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.2.23/policy/modules/services/nis.te
+--- nsaserefpolicy/policy/modules/services/nis.te	2006-03-04 00:06:36.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/nis.te	2006-03-13 13:32:08.000000000 -0500
+@@ -31,6 +31,10 @@
+ type ypserv_exec_t;
+ init_daemon_domain(ypserv_t,ypserv_exec_t)
+ 
++type ypxfr_t;
++type ypxfr_exec_t;
++init_daemon_domain(ypxfr_t,ypxfr_exec_t)
++
+ type ypserv_conf_t;
+ files_type(ypserv_conf_t)
+ 
+@@ -245,6 +249,7 @@
+ allow ypserv_t self:fifo_file rw_file_perms;
+ allow ypserv_t self:process signal_perms;
+ allow ypserv_t self:unix_dgram_socket create_socket_perms;
++allow ypserv_t self:unix_stream_socket create_stream_socket_perms;
+ allow ypserv_t self:netlink_route_socket r_netlink_socket_perms;
+ allow ypserv_t self:tcp_socket connected_stream_socket_perms;
+ allow ypserv_t self:udp_socket create_socket_perms;
+@@ -306,6 +311,8 @@
+ 
+ miscfiles_read_localization(ypserv_t)
+ 
++nis_domtrans_ypxfr(ypserv_t)
++
+ sysnet_read_config(ypserv_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(ypserv_t)
+@@ -326,3 +333,24 @@
+ optional_policy(`udev',`
+ 	udev_read_db(ypserv_t)
+ ')
++
++corenet_tcp_sendrecv_all_if(ypxfr_t)
++corenet_udp_sendrecv_all_if(ypxfr_t)
++corenet_raw_sendrecv_all_if(ypxfr_t)
++corenet_tcp_sendrecv_all_nodes(ypxfr_t)
++corenet_udp_sendrecv_all_nodes(ypxfr_t)
++corenet_raw_sendrecv_all_nodes(ypxfr_t)
++corenet_tcp_sendrecv_all_ports(ypxfr_t)
++corenet_udp_sendrecv_all_ports(ypxfr_t)
++corenet_non_ipsec_sendrecv(ypxfr_t)
++corenet_tcp_bind_all_nodes(ypxfr_t)
++corenet_udp_bind_all_nodes(ypxfr_t)
++corenet_tcp_bind_reserved_port(ypxfr_t)
++corenet_udp_bind_reserved_port(ypxfr_t)
++corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
++corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
++corenet_tcp_connect_all_ports(ypxfr_t)
++allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
++
++allow ypxfr_t etc_t:file { getattr read };
++files_read_etc_files(ypxfr_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.23/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2006-02-10 21:34:14.000000000 -0500
 +++ serefpolicy-2.2.23/policy/modules/services/nscd.if	2006-03-07 13:42:37.000000000 -0500
@@ -824,9 +969,34 @@
  files_config_file(samba_share_t)
  
  type samba_var_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-2.2.23/policy/modules/system/fstools.if
+--- nsaserefpolicy/policy/modules/system/fstools.if	2006-02-10 21:34:15.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/fstools.if	2006-03-14 11:33:20.000000000 -0500
+@@ -110,3 +110,21 @@
+ 
+ 	allow $1 fsadm_exec_t:file create_file_perms;
+ ')
++
++########################################
++## <summary>
++##	Getattr swapfile
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`fstools_getattr_swap_files',`
++	gen_require(`
++		type swapfile_t;
++	')
++
++	allow $1 swapfile_t:file getattr;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.23/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/fstools.te	2006-03-09 16:38:01.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/fstools.te	2006-03-14 11:32:08.000000000 -0500
 @@ -53,6 +53,7 @@
  kernel_change_ring_buffer_level(fsadm_t)
  # mkreiserfs needs this
@@ -936,8 +1106,16 @@
  fs_search_auto_mountpoints(lvm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.23/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/mount.te	2006-03-09 16:54:17.000000000 -0500
-@@ -33,6 +33,7 @@
++++ serefpolicy-2.2.23/policy/modules/system/mount.te	2006-03-14 14:40:50.000000000 -0500
+@@ -26,6 +26,7 @@
+ files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
+ 
+ kernel_read_system_state(mount_t)
++kernel_dontaudit_getattr_core_if(mount_t)
+ 
+ corenet_dontaudit_tcp_bind_all_reserved_ports(mount_t)
+ corenet_dontaudit_udp_bind_all_reserved_ports(mount_t)
+@@ -33,6 +34,7 @@
  dev_getattr_all_blk_files(mount_t)
  dev_list_all_dev_nodes(mount_t)
  dev_rw_lvm_control(mount_t)
@@ -945,7 +1123,7 @@
  dev_dontaudit_getattr_memory_dev(mount_t)
  dev_getattr_sound_dev(mount_t)
  
-@@ -73,6 +74,7 @@
+@@ -73,6 +75,7 @@
  
  init_use_fds(mount_t)
  init_use_script_ptys(mount_t)
@@ -969,9 +1147,21 @@
  /etc/selinux/([^/]*/)?users(/.*)?	--	gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
  
  #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.23/policy/modules/system/selinuxutil.if
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-02-23 09:25:09.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.if	2006-03-13 12:46:45.000000000 -0500
+@@ -853,7 +853,7 @@
+ 	')
+ 
+ 	files_search_etc($1)
+-	allow $1 selinux_config_t:dir rw_dir_perms;
++	allow $1 selinux_config_t:dir create_dir_perms;
+ 	type_transition $1 selinux_config_t:dir semanage_store_t;
+ 
+ 	allow $1 semanage_store_t:dir create_dir_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.23/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te	2006-03-07 13:42:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te	2006-03-13 13:21:24.000000000 -0500
 @@ -192,6 +192,9 @@
  selinux_load_policy(load_policy_t)
  selinux_set_boolean(load_policy_t)
@@ -990,6 +1180,18 @@
  term_use_all_user_ttys(newrole_t)
  term_use_all_user_ptys(newrole_t)
  term_relabel_all_user_ttys(newrole_t)
+@@ -476,6 +480,11 @@
+ 	optional_policy(`daemontools',`
+ 		daemontools_domtrans_start(run_init_t)
+ 	')
++
++	optional_policy(`nscd',`
++		nscd_socket_use(run_init_t)
++	')	
++
+ ') dnl end ifdef targeted policy
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.23/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2006-03-04 00:06:37.000000000 -0500
 +++ serefpolicy-2.2.23/policy/modules/system/sysnetwork.te	2006-03-09 11:15:56.000000000 -0500
@@ -1016,13 +1218,13 @@
  	term_use_generic_ptys(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.23/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/udev.te	2006-03-07 13:42:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/udev.te	2006-03-13 12:21:29.000000000 -0500
 @@ -39,7 +39,7 @@
  # Local policy
  #
  
 -allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource sys_nice };
-+allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource setgid sys_nice };
++allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource setuid setgid sys_nice };
  dontaudit udev_t self:capability sys_tty_config;
  allow udev_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow udev_t self:process { execmem setfscreate };
@@ -1053,8 +1255,8 @@
  	')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xend.fc serefpolicy-2.2.23/policy/modules/system/xend.fc
 --- nsaserefpolicy/policy/modules/system/xend.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/xend.fc	2006-03-09 10:11:00.000000000 -0500
-@@ -0,0 +1,22 @@
++++ serefpolicy-2.2.23/policy/modules/system/xend.fc	2006-03-10 16:48:34.000000000 -0500
+@@ -0,0 +1,23 @@
 +# xend executable will have:
 +# label: system_u:object_r:xend_exec_t
 +# MLS sensitivity: s0
@@ -1065,6 +1267,7 @@
 +
 +/var/log/xend\.log              -- system_u:object_r:xend_var_log_t:s0
 +/var/log/xend-debug\.log        -- system_u:object_r:xend_var_log_t:s0
++/var/log/xen-hotplug\.log        -- system_u:object_r:xend_var_log_t:s0
 +/var/lib/xen(/.*)?              system_u:object_r:xend_var_lib_t:s0
 +/var/lib/xend(/.*)?             system_u:object_r:xend_var_lib_t:s0
 +/var/lib/xenstored(/.*)?        system_u:object_r:xenstored_var_lib_t:s0
@@ -1154,8 +1357,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xend.te serefpolicy-2.2.23/policy/modules/system/xend.te
 --- nsaserefpolicy/policy/modules/system/xend.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/xend.te	2006-03-09 13:10:10.000000000 -0500
-@@ -0,0 +1,217 @@
++++ serefpolicy-2.2.23/policy/modules/system/xend.te	2006-03-13 16:17:27.000000000 -0500
+@@ -0,0 +1,219 @@
 +policy_module(xend,1.0.0)
 +
 +########################################
@@ -1294,6 +1497,8 @@
 +term_dontaudit_getattr_all_user_ptys(xend_t)
 +term_dontaudit_use_generic_ptys(xend_t)
 +
++storage_raw_read_fixed_disk(xend_t)
++
 +xend_store_stream_connect(xend_t)
 +
 +################################   xenconsoled_t ##############################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.150
retrieving revision 1.151
diff -u -r1.150 -r1.151
--- selinux-policy.spec	14 Mar 2006 10:37:14 -0000	1.150
+++ selinux-policy.spec	14 Mar 2006 20:13:28 -0000	1.151
@@ -10,7 +10,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.23
-Release: 16
+Release: 17
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -298,6 +298,15 @@
 %fileList strict
 
 %changelog
+* Mon Mar 13 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-17
+- MLS Fixes
+	dmidecode needs mls_file_read_up
+- add ypxfr_t
+- run init needs access to nscd
+- udev needs setuid
+- another xen log file
+- Dontaudit mount getattr proc_kcore_t
+
 * Tue Mar 14 2006 Karsten Hopp <karsten at redhat.de> 2.2.23-16
 - fix buildroot usage (#185391)

More information about the fedora-cvs-commits mailing list