rpms/selinux-policy/FC-5 policy-20060207.patch,1.53,1.54
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 29 21:27:56 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv7973
Modified Files:
policy-20060207.patch
Log Message:
* Wed Mar 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.25-3.fc5
- Fixes for hplip and klogd
policy-20060207.patch:
Rules.modular | 2
policy/mcs | 4
policy/modules/admin/bootloader.te | 2
policy/modules/admin/dmidecode.te | 2
policy/modules/admin/logwatch.te | 1
policy/modules/admin/readahead.te | 2
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 3
policy/modules/admin/rpm.te | 1
policy/modules/admin/su.fc | 1
policy/modules/admin/su.if | 6
policy/modules/admin/updfstab.te | 4
policy/modules/admin/usermanage.te | 2
policy/modules/admin/vbetool.te | 9 +
policy/modules/kernel/corenetwork.te.in | 5
policy/modules/kernel/devices.fc | 1
policy/modules/kernel/devices.if | 59 ++++++++
policy/modules/kernel/files.fc | 8 -
policy/modules/kernel/files.if | 33 ++++
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 102 ++++++++++++++
policy/modules/kernel/kernel.te | 3
policy/modules/services/apache.fc | 2
policy/modules/services/apache.if | 5
policy/modules/services/apm.fc | 2
policy/modules/services/apm.te | 4
policy/modules/services/bluetooth.te | 38 ++---
policy/modules/services/cron.te | 3
policy/modules/services/cups.fc | 2
policy/modules/services/cups.if | 22 +++
policy/modules/services/cups.te | 10 +
policy/modules/services/cvs.te | 2
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.if | 41 +++++
policy/modules/services/hal.te | 17 ++
policy/modules/services/ktalk.fc | 1
policy/modules/services/ktalk.te | 8 +
policy/modules/services/mailman.if | 25 +++
policy/modules/services/nis.fc | 1
policy/modules/services/nis.if | 25 +++
policy/modules/services/nis.te | 32 ++++
policy/modules/services/nscd.if | 2
policy/modules/services/pegasus.te | 1
policy/modules/services/postfix.te | 4
policy/modules/services/privoxy.te | 5
policy/modules/services/samba.te | 2
policy/modules/services/sendmail.te | 1
policy/modules/services/xserver.if | 20 ++
policy/modules/system/authlogin.te | 2
policy/modules/system/fstools.if | 18 ++
policy/modules/system/fstools.te | 7 +
policy/modules/system/init.te | 5
policy/modules/system/libraries.fc | 2
policy/modules/system/locallogin.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 3
policy/modules/system/mount.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.if | 23 ++-
policy/modules/system/selinuxutil.te | 16 ++
policy/modules/system/sysnetwork.te | 7 +
policy/modules/system/udev.te | 2
policy/modules/system/unconfined.if | 16 +-
policy/modules/system/unconfined.te | 8 -
policy/modules/system/userdomain.te | 1
policy/modules/system/xend.fc | 23 +++
policy/modules/system/xend.if | 71 ++++++++++
policy/modules/system/xend.te | 219 ++++++++++++++++++++++++++++++++
68 files changed, 892 insertions(+), 73 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policy-20060207.patch,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- policy-20060207.patch 28 Mar 2006 15:17:34 -0000 1.53
+++ policy-20060207.patch 29 Mar 2006 21:27:52 -0000 1.54
@@ -140,6 +140,25 @@
+optional_policy(`fstools',`
+ fstools_getattr_swap_files(updfstab_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.25/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-03-21 14:33:50.000000000 -0500
++++ serefpolicy-2.2.25/policy/modules/admin/usermanage.te 2006-03-28 14:35:31.000000000 -0500
+@@ -225,6 +225,7 @@
+
+ files_manage_etc_files(groupadd_t)
+ files_relabel_etc_files(groupadd_t)
++files_read_etc_runtime_files(groupadd_t)
+
+ libs_use_ld_so(groupadd_t)
+ libs_use_shared_libs(groupadd_t)
+@@ -490,6 +491,7 @@
+ domain_use_interactive_fds(useradd_t)
+
+ files_manage_etc_files(useradd_t)
++files_read_etc_runtime_files(useradd_t)
+ files_search_var_lib(useradd_t)
+ files_relabel_etc_files(useradd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.2.25/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-03-21 14:33:50.000000000 -0500
+++ serefpolicy-2.2.25/policy/modules/admin/vbetool.te 2006-03-28 09:47:09.000000000 -0500
@@ -1557,6 +1576,39 @@
dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow udev_t self:process { execmem setfscreate };
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.25/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-03-21 14:33:50.000000000 -0500
++++ serefpolicy-2.2.25/policy/modules/system/unconfined.if 2006-03-28 14:38:37.000000000 -0500
+@@ -55,7 +55,7 @@
+ tunable_policy(`allow_execmem && allow_execstack',`
+ # Allow making the stack executable via mprotect.
+ allow $1 self:process execstack;
+- auditallow $1 self:process execstack;
++# auditallow $1 self:process execstack;
+ ', `
+ # These are fairly common but seem to be harmless
+ # caused by using shared libraries built with old tool chains
+@@ -114,13 +114,13 @@
+ interface(`unconfined_domain',`
+ unconfined_domain_noaudit($1)
+
+- tunable_policy(`allow_execheap',`
+- auditallow $1 self:process execheap;
+- ')
+-
+- tunable_policy(`allow_execmem',`
+- auditallow $1 self:process execmem;
+- ')
++# tunable_policy(`allow_execheap',`
++# auditallow $1 self:process execheap;
++# ')
++
++# tunable_policy(`allow_execmem',`
++# auditallow $1 self:process execmem;
++# ')
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.25/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-03-21 14:33:50.000000000 -0500
+++ serefpolicy-2.2.25/policy/modules/system/unconfined.te 2006-03-28 09:47:09.000000000 -0500
More information about the fedora-cvs-commits
mailing list