rpms/selinux-policy/devel policy-20060505.patch, 1.4, 1.5 selinux-policy.spec, 1.189, 1.190
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri May 12 18:59:28 UTC 2006
- Previous message (by thread): rpms/kdebase/FC-5 kdebase-3.5.2-krdb-xresource.patch, NONE, 1.1 kdebase.spec, 1.163, 1.164
- Next message (by thread): rpms/lvm2/devel LVM2.2.02.06.tgz.asc, NONE, 1.1 .cvsignore, 1.33, 1.34 lvm2.spec, 1.65, 1.66 sources, 1.34, 1.35 upstream, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1714
Modified Files:
policy-20060505.patch selinux-policy.spec
Log Message:
* Fri May 12 2006 Dan Walsh <dwalsh at redhat.com> 2.2.38-6
- Allow auditctl to search all directories
policy-20060505.patch:
config/appconfig-strict-mls/default_type | 1
policy/global_booleans | 8 +++
policy/modules/admin/netutils.te | 3 +
policy/modules/admin/prelink.te | 1
policy/modules/apps/mono.te | 5 ++
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corenetwork.te.in | 5 +-
policy/modules/kernel/domain.te | 3 +
policy/modules/kernel/files.if | 15 ++++++
policy/modules/kernel/files.te | 4 +
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 1
policy/modules/kernel/mls.te | 1
policy/modules/services/apache.te | 9 +---
policy/modules/services/bluetooth.te | 2
policy/modules/services/clamav.fc | 2
policy/modules/services/clamav.if | 24 +++++++++++
policy/modules/services/clamav.te | 45 ++++++++++++++++++++
policy/modules/services/cvs.if | 20 +++++++++
policy/modules/services/cvs.te | 1
policy/modules/services/dovecot.te | 5 ++
policy/modules/services/ftp.te | 1
policy/modules/services/hal.te | 10 ----
policy/modules/services/inn.if | 28 ++++++++++++
policy/modules/services/nis.te | 1
policy/modules/services/postgresql.te | 1
policy/modules/services/pyzor.if | 34 +++++++++++++++
policy/modules/services/rpc.te | 4 +
policy/modules/services/rsync.te | 1
policy/modules/services/ssh.te | 1
policy/modules/services/xserver.if | 38 +++++++++++++++++
policy/modules/system/hostname.te | 5 +-
policy/modules/system/init.if | 19 ++++++++
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 15 +++++-
policy/modules/system/logging.if | 42 +++++++++++++++++++
policy/modules/system/logging.te | 7 +++
policy/modules/system/mount.te | 4 +
policy/modules/system/selinuxutil.te | 8 +++
policy/modules/system/setrans.fc | 4 +
policy/modules/system/setrans.if | 24 +++++++++++
policy/modules/system/setrans.te | 67 +++++++++++++++++++++++++++++++
policy/modules/system/sysnetwork.te | 2
policy/modules/system/unconfined.if | 21 +++++++++
policy/modules/system/unconfined.te | 8 +++
policy/modules/system/userdomain.if | 23 ++++++++++
policy/modules/system/userdomain.te | 36 +++++++++++++++-
policy/rolemap | 1
policy/users | 6 +-
49 files changed, 541 insertions(+), 30 deletions(-)
Index: policy-20060505.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060505.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060505.patch 12 May 2006 02:39:30 -0000 1.4
+++ policy-20060505.patch 12 May 2006 18:59:26 -0000 1.5
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.38/config/appconfig-strict-mls/default_type
--- nsaserefpolicy/config/appconfig-strict-mls/default_type 2006-01-06 17:55:17.000000000 -0500
-+++ serefpolicy-2.2.38/config/appconfig-strict-mls/default_type 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/config/appconfig-strict-mls/default_type 2006-05-11 22:39:48.000000000 -0400
@@ -2,3 +2,4 @@
secadm_r:secadm_t
staff_r:staff_t
@@ -8,7 +8,7 @@
+auditadm_r:auditadm_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.2.38/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-02-10 17:05:17.000000000 -0500
-+++ serefpolicy-2.2.38/policy/global_booleans 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/global_booleans 2006-05-11 22:39:48.000000000 -0400
@@ -28,3 +28,11 @@
## </p>
## </desc>
@@ -23,7 +23,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.38/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-04-27 10:31:31.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/admin/netutils.te 2006-05-11 14:04:53.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/admin/netutils.te 2006-05-11 22:39:48.000000000 -0400
@@ -187,6 +187,7 @@
# traceroute needs this but not tracepath
corenet_raw_bind_all_nodes(traceroute_t)
@@ -43,7 +43,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.38/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-04-20 08:17:35.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/admin/prelink.te 2006-05-10 08:09:56.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/admin/prelink.te 2006-05-11 22:39:48.000000000 -0400
@@ -46,6 +46,7 @@
corecmd_manage_all_executables(prelink_t)
corecmd_relabel_all_executables(prelink_t)
@@ -54,7 +54,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.38/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-05-03 16:26:07.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/apps/mono.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/apps/mono.te 2006-05-11 23:13:08.000000000 -0400
@@ -22,6 +22,7 @@
unconfined_domain_noaudit(mono_t)
unconfined_dbus_chat(mono_t)
@@ -63,9 +63,18 @@
init_dbus_chat_script(mono_t)
optional_policy(`
+@@ -35,4 +36,8 @@
+ optional_policy(`
+ networkmanager_dbus_chat(mono_t)
+ ')
++
++ optional_policy(`
++ unconfined_dbus_connect_bus(mono_t)
++ ')
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.38/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-04-27 10:31:32.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/corecommands.fc 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/corecommands.fc 2006-05-11 22:39:48.000000000 -0400
@@ -76,7 +76,7 @@
#
@@ -77,7 +86,7 @@
/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.38/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-05-03 16:26:07.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/corenetwork.te.in 2006-05-09 17:26:28.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/corenetwork.te.in 2006-05-12 11:00:03.000000000 -0400
@@ -69,9 +69,9 @@
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
@@ -86,7 +95,7 @@
+network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
-network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,9100,s0)
-+network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,1782,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
++network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,1782,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
@@ -100,7 +109,7 @@
network_port(uucpd, tcp,540,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.38/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-04-20 08:17:36.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/domain.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/domain.te 2006-05-11 22:39:48.000000000 -0400
@@ -87,6 +87,8 @@
# list the root directory
files_list_root(domain)
@@ -120,7 +129,7 @@
role staff_r types domain;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.38/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-05-03 11:38:52.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/files.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/files.if 2006-05-11 22:39:48.000000000 -0400
@@ -1712,6 +1712,21 @@
')
@@ -145,7 +154,7 @@
## created on boot, such as mtab.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.2.38/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2006-04-28 22:50:56.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/files.te 2006-05-09 16:45:27.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/files.te 2006-05-11 22:39:48.000000000 -0400
@@ -181,6 +181,10 @@
fs_associate(file_type)
fs_associate_noxattr(file_type)
@@ -159,7 +168,7 @@
# Rules for all tmp file types
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.38/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-05-01 14:39:05.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/kernel.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/kernel.if 2006-05-11 22:39:48.000000000 -0400
@@ -1413,7 +1413,7 @@
type proc_t, sysctl_t, sysctl_kernel_t;
')
@@ -171,7 +180,7 @@
allow $1 sysctl_kernel_t:file r_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.2.38/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-05-01 14:39:06.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/kernel/kernel.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/kernel.te 2006-05-11 22:39:48.000000000 -0400
@@ -28,6 +28,7 @@
ifdef(`enable_mls',`
@@ -182,7 +191,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.38/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-03-07 10:31:09.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/kernel/mls.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/kernel/mls.te 2006-05-11 22:39:48.000000000 -0400
@@ -62,4 +62,5 @@
range_transition initrc_t auditd_exec_t s15:c0.c255;
range_transition kernel_t init_exec_t s0 - s15:c0.c255;
@@ -191,7 +200,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.2.38/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-05-03 11:38:52.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/apache.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/apache.te 2006-05-11 22:39:48.000000000 -0400
@@ -454,11 +454,6 @@
yam_read_content(httpd_t)
')
@@ -217,7 +226,7 @@
# Apache unconfined script local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.38/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/bluetooth.te 2006-05-11 22:34:40.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/bluetooth.te 2006-05-11 22:39:48.000000000 -0400
@@ -222,6 +222,8 @@
optional_policy(`
@@ -229,7 +238,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-2.2.38/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2006-03-07 16:19:28.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/clamav.fc 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/clamav.fc 2006-05-11 22:39:48.000000000 -0400
@@ -1,6 +1,8 @@
/etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0)
@@ -241,7 +250,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-2.2.38/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2006-03-07 16:19:28.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/clamav.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/clamav.if 2006-05-11 22:39:48.000000000 -0400
@@ -61,3 +61,27 @@
files_search_etc($1)
allow $1 clamd_etc_t:file r_file_perms;
@@ -272,7 +281,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.2.38/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/clamav.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/clamav.te 2006-05-11 22:39:48.000000000 -0400
@@ -39,6 +39,10 @@
type freshclam_exec_t;
init_daemon_domain(freshclam_t, freshclam_exec_t)
@@ -331,7 +340,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-2.2.38/policy/modules/services/cvs.if
--- nsaserefpolicy/policy/modules/services/cvs.if 2006-02-10 17:05:19.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/cvs.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/cvs.if 2006-05-11 22:39:48.000000000 -0400
@@ -17,3 +17,23 @@
allow $1 cvs_data_t:file { getattr read };
@@ -358,7 +367,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.2.38/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/cvs.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/cvs.te 2006-05-11 22:39:48.000000000 -0400
@@ -8,6 +8,7 @@
type cvs_t;
@@ -367,9 +376,24 @@
inetd_tcp_service_domain(cvs_t,cvs_exec_t)
role system_r types cvs_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.2.38/policy/modules/services/dovecot.te
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/dovecot.te 2006-05-12 13:26:57.000000000 -0400
+@@ -95,6 +95,11 @@
+ domain_use_interactive_fds(dovecot_t)
+
+ files_read_etc_files(dovecot_t)
++
++# Dovecot now has quota support and it uses getmntent() to find the mountpoints.
++files_read_etc_runtime_files(dovecot_t)
++files_getattr_all_mountpoints(dovecot_t)
++
+ files_search_spool(dovecot_t)
+ files_search_tmp(dovecot_t)
+ files_dontaudit_list_default(dovecot_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.38/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2006-04-19 12:23:07.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/ftp.te 2006-05-11 13:04:26.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/ftp.te 2006-05-11 22:39:48.000000000 -0400
@@ -149,6 +149,7 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
@@ -380,7 +404,7 @@
userdom_generic_user_home_dir_filetrans_generic_user_home_content(ftpd_t,{ dir file lnk_file sock_file fifo_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.38/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-04-20 08:17:39.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/hal.te 2006-05-11 14:02:52.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/hal.te 2006-05-11 22:39:48.000000000 -0400
@@ -51,9 +51,6 @@
kernel_rw_vm_sysctls(hald_t)
kernel_write_proc_files(hald_t)
@@ -421,7 +445,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-2.2.38/policy/modules/services/inn.if
--- nsaserefpolicy/policy/modules/services/inn.if 2006-02-10 17:05:19.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/inn.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/inn.if 2006-05-11 22:39:48.000000000 -0400
@@ -16,7 +16,7 @@
type innd_t;
')
@@ -463,7 +487,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.2.38/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2006-05-04 12:51:36.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/nis.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/nis.te 2006-05-11 22:39:48.000000000 -0400
@@ -87,6 +87,7 @@
corenet_udp_bind_generic_port(ypbind_t)
corenet_tcp_bind_reserved_port(ypbind_t)
@@ -474,7 +498,7 @@
corenet_dontaudit_udp_bind_all_reserved_ports(ypbind_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-2.2.38/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/services/postgresql.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/postgresql.te 2006-05-11 22:39:48.000000000 -0400
@@ -41,6 +41,7 @@
allow postgresql_t self:udp_socket create_stream_socket_perms;
allow postgresql_t self:unix_dgram_socket create_socket_perms;
@@ -485,7 +509,7 @@
allow postgresql_t postgresql_db_t:dir create_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-2.2.38/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2006-05-03 16:01:26.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/pyzor.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/pyzor.if 2006-05-11 22:39:48.000000000 -0400
@@ -44,3 +44,37 @@
corecmd_search_bin($1)
can_exec($1,pyzor_exec_t)
@@ -526,7 +550,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.2.38/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/rpc.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/rpc.te 2006-05-12 14:19:20.000000000 -0400
@@ -65,6 +65,8 @@
files_manage_mounttab(rpcd_t)
@@ -536,9 +560,18 @@
seutil_dontaudit_search_config(rpcd_t)
+@@ -83,7 +85,7 @@
+ # NFSD local policy
+ #
+
+-allow nfsd_t self:capability { sys_admin sys_resource };
++allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
+
+ allow nfsd_t exports_t:file { getattr read };
+ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.2.38/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2006-04-28 22:50:57.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/rsync.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/rsync.te 2006-05-11 22:39:48.000000000 -0400
@@ -8,6 +8,7 @@
type rsync_t;
@@ -549,7 +582,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.2.38/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-05-08 09:53:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/ssh.te 2006-05-10 15:31:24.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/ssh.te 2006-05-11 22:39:48.000000000 -0400
@@ -17,6 +17,7 @@
type ssh_keysign_exec_t;
@@ -560,7 +593,7 @@
# range_transition works in loadable modules
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.38/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-05-03 11:38:54.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/services/xserver.if 2006-05-11 22:34:22.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/services/xserver.if 2006-05-11 22:39:48.000000000 -0400
@@ -1073,3 +1073,41 @@
dontaudit $1 xdm_xserver_t:tcp_socket { read write };
@@ -605,7 +638,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.2.38/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-03-02 18:45:56.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/system/hostname.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/hostname.te 2006-05-11 22:39:48.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -620,7 +653,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.2.38/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2006-04-05 17:08:56.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/init.if 2006-05-11 16:45:30.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/init.if 2006-05-11 22:39:48.000000000 -0400
@@ -690,6 +690,25 @@
########################################
@@ -649,7 +682,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.38/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-05-05 09:51:43.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/init.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/init.te 2006-05-11 22:39:48.000000000 -0400
@@ -350,6 +350,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
@@ -660,7 +693,7 @@
libs_use_ld_so(initrc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.38/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/libraries.fc 2006-05-10 15:47:52.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/libraries.fc 2006-05-11 22:39:48.000000000 -0400
@@ -40,6 +40,8 @@
/opt/(.*/)?lib64/.*\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0)
/opt/(.*/)?jre.*/libdeploy.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -729,7 +762,7 @@
/usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.2.38/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/logging.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/logging.if 2006-05-11 22:39:48.000000000 -0400
@@ -399,3 +399,45 @@
allow $1 var_log_t:dir rw_dir_perms;
allow $1 var_log_t:file create_file_perms;
@@ -778,7 +811,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.38/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-04-27 10:31:33.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/logging.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/logging.te 2006-05-12 13:44:38.000000000 -0400
@@ -14,10 +14,14 @@
role system_r types auditctl_t;
@@ -794,9 +827,19 @@
type auditd_t;
# real declaration moved to mls until
+@@ -72,6 +76,9 @@
+
+ allow auditctl_t auditd_etc_t:file r_file_perms;
+
++# Needed for adding watches
++files_getattr_all_dirs(auditctl_t)
++
+ kernel_read_kernel_sysctls(auditctl_t)
+ kernel_read_proc_symlinks(auditctl_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.38/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/mount.te 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/mount.te 2006-05-11 22:39:48.000000000 -0400
@@ -169,4 +169,8 @@
ifdef(`targeted_policy',`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
@@ -808,7 +851,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.38/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/selinuxutil.te 2006-05-09 16:42:07.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/selinuxutil.te 2006-05-11 22:39:48.000000000 -0400
@@ -546,6 +546,8 @@
files_read_usr_files(semanage_t)
files_list_pids(semanage_t)
@@ -833,7 +876,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.2.38/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/system/setrans.fc 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/setrans.fc 2006-05-11 22:39:48.000000000 -0400
@@ -0,0 +1,4 @@
+
+/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
@@ -841,7 +884,7 @@
+/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,s15:c0.c255)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-2.2.38/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/system/setrans.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/setrans.if 2006-05-11 22:39:48.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>Policy for setrans.</summary>
+
@@ -869,7 +912,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.2.38/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.38/policy/modules/system/setrans.te 2006-05-11 16:40:23.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/setrans.te 2006-05-11 22:39:48.000000000 -0400
@@ -0,0 +1,67 @@
+
+policy_module(setrans,1.0.0)
@@ -940,7 +983,7 @@
+logging_send_syslog_msg(setrans_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.38/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/sysnetwork.te 2006-05-11 14:05:45.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/sysnetwork.te 2006-05-11 22:39:48.000000000 -0400
@@ -86,6 +86,8 @@
allow ifconfig_t dhcpc_t:fifo_file rw_file_perms;
allow ifconfig_t dhcpc_t:process sigchld;
@@ -952,7 +995,7 @@
kernel_read_kernel_sysctls(dhcpc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.38/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/unconfined.if 2006-05-11 22:38:21.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/unconfined.if 2006-05-11 22:39:48.000000000 -0400
@@ -431,3 +431,24 @@
errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
')
@@ -980,7 +1023,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.38/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/unconfined.te 2006-05-10 08:24:47.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/unconfined.te 2006-05-11 22:39:48.000000000 -0400
@@ -65,6 +65,10 @@
')
@@ -1005,7 +1048,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.38/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-05-03 11:38:54.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/userdomain.if 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/modules/system/userdomain.if 2006-05-11 22:39:48.000000000 -0400
@@ -4794,3 +4794,26 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
@@ -1035,8 +1078,16 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.38/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-05-05 09:51:43.000000000 -0400
-+++ serefpolicy-2.2.38/policy/modules/system/userdomain.te 2006-05-09 16:24:46.000000000 -0400
-@@ -67,6 +67,7 @@
++++ serefpolicy-2.2.38/policy/modules/system/userdomain.te 2006-05-12 14:27:41.000000000 -0400
+@@ -6,6 +6,7 @@
+
+ ifdef(`enable_mls',`
+ role secadm_r;
++ role auditadm_r;
+ ')
+ ')
+
+@@ -67,6 +68,7 @@
# Define some type aliases to help with compatibility with
# macros and domains from the "strict" policy.
unconfined_alias_domain(secadm_t)
@@ -1044,7 +1095,7 @@
unconfined_alias_domain(sysadm_t)
# User home directory type.
-@@ -82,6 +83,7 @@
+@@ -82,6 +84,7 @@
# compatibility for switching from strict
# dominance { role secadm_r { role system_r; }}
@@ -1052,7 +1103,7 @@
# dominance { role sysadm_r { role system_r; }}
# dominance { role user_r { role system_r; }}
# dominance { role staff_r { role system_r; }}
-@@ -105,9 +107,10 @@
+@@ -105,9 +108,10 @@
ifdef(`enable_mls',`
allow secadm_r system_r;
@@ -1064,7 +1115,7 @@
')
optional_policy(`
-@@ -128,8 +131,19 @@
+@@ -128,8 +132,19 @@
ifdef(`enable_mls',`
admin_user_template(secadm)
@@ -1084,7 +1135,7 @@
')
# this should be tunable_policy, but
-@@ -179,12 +193,17 @@
+@@ -179,12 +194,17 @@
mls_file_downgrade(secadm_t)
init_exec(secadm_t)
logging_read_audit_log(secadm_t)
@@ -1104,7 +1155,7 @@
logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -236,10 +255,19 @@
+@@ -236,10 +256,19 @@
')
optional_policy(`
@@ -1124,7 +1175,7 @@
')
')
-@@ -258,6 +286,7 @@
+@@ -258,6 +287,7 @@
ifdef(`enable_mls',`
dmesg_exec(secadm_t)
@@ -1134,17 +1185,17 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.38/policy/rolemap
--- nsaserefpolicy/policy/rolemap 2006-01-26 15:38:41.000000000 -0500
-+++ serefpolicy-2.2.38/policy/rolemap 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/rolemap 2006-05-12 14:58:36.000000000 -0400
@@ -15,5 +15,6 @@
ifdef(`enable_mls',`
secadm_r secadm secadm_t
-+ auditadm_t auditadm auditadm_t
++ auditadm_r auditadm auditadm_t
')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.38/policy/users
--- nsaserefpolicy/policy/users 2006-02-15 17:02:30.000000000 -0500
-+++ serefpolicy-2.2.38/policy/users 2006-05-09 16:24:46.000000000 -0400
++++ serefpolicy-2.2.38/policy/users 2006-05-11 22:39:48.000000000 -0400
@@ -29,7 +29,7 @@
gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -r1.189 -r1.190
--- selinux-policy.spec 12 May 2006 03:12:32 -0000 1.189
+++ selinux-policy.spec 12 May 2006 18:59:26 -0000 1.190
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.38
-Release: 5
+Release: 6
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -335,6 +335,9 @@
%endif
%changelog
+* Fri May 12 2006 Dan Walsh <dwalsh at redhat.com> 2.2.38-6
+- Allow auditctl to search all directories
+
* Thu May 11 2006 Dan Walsh <dwalsh at redhat.com> 2.2.38-5
- Add acquire service for mono.
- Previous message (by thread): rpms/kdebase/FC-5 kdebase-3.5.2-krdb-xresource.patch, NONE, 1.1 kdebase.spec, 1.163, 1.164
- Next message (by thread): rpms/lvm2/devel LVM2.2.02.06.tgz.asc, NONE, 1.1 .cvsignore, 1.33, 1.34 lvm2.spec, 1.65, 1.66 sources, 1.34, 1.35 upstream, 1.26, 1.27
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list