rpms/selinux-policy/FC-5 .cvsignore, 1.54, 1.55 modules-mls.conf, 1.15, 1.16 modules-strict.conf, 1.9, 1.10 modules-targeted.conf, 1.21, 1.22 policy-20060505.patch, 1.2, 1.3 policygentool, 1.4, 1.5 selinux-policy.spec, 1.168, 1.169 sources, 1.58, 1.59

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed May 24 03:19:54 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv22190

Modified Files:
	.cvsignore modules-mls.conf modules-strict.conf 
	modules-targeted.conf policy-20060505.patch policygentool 
	selinux-policy.spec sources 
Log Message:
* Tue May 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2.fc5
- Bump for fc5



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/.cvsignore,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- .cvsignore	17 May 2006 13:57:47 -0000	1.54
+++ .cvsignore	24 May 2006 03:19:52 -0000	1.55
@@ -66,3 +66,4 @@
 serefpolicy-2.2.38.tgz
 serefpolicy-2.2.39.tgz
 serefpolicy-2.2.40.tgz
+serefpolicy-2.2.42.tgz


Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-mls.conf,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- modules-mls.conf	8 May 2006 19:32:05 -0000	1.15
+++ modules-mls.conf	24 May 2006 03:19:52 -0000	1.16
@@ -986,3 +986,10 @@
 # Policy for setrans
 # 
 setrans = base
+
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+# 
+openvpn = base


Index: modules-strict.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-strict.conf,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- modules-strict.conf	8 May 2006 19:32:05 -0000	1.9
+++ modules-strict.conf	24 May 2006 03:19:52 -0000	1.10
@@ -1270,3 +1270,9 @@
 # 
 setrans = base
 
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+# 
+openvpn = base


Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-targeted.conf,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- modules-targeted.conf	8 May 2006 19:32:05 -0000	1.21
+++ modules-targeted.conf	24 May 2006 03:19:52 -0000	1.22
@@ -1048,14 +1048,14 @@
 #
 # Spam Blocker
 # 
-pyzor = base
+pyzor = module
 
 # Layer: services
 # Module: amavis
 #
 # Anti-virus
 # 
-amavis = base
+amavis = module
 
 # Layer: services
 # Module: clamav
@@ -1072,3 +1072,17 @@
 # 
 setrans = base
 
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+# 
+openvpn = base
+
+# Layer: apps
+# Module: unconfined_execmem
+#
+# unconfined_execmem executable
+# 
+unconfined_execmem = base
+

policy-20060505.patch:
 config/appconfig-strict-mls/default_type  |    1 
 policy/modules/admin/consoletype.te       |    9 +++-
 policy/modules/admin/rpm.te               |    9 ++++
 policy/modules/apps/unconfined_execmem.fc |    3 +
 policy/modules/apps/unconfined_execmem.if |   29 ++++++++++++++
 policy/modules/apps/unconfined_execmem.te |   21 ++++++++++
 policy/modules/kernel/files.if            |   15 +++++++
 policy/modules/kernel/filesystem.if       |   23 +++++++++++
 policy/modules/kernel/kernel.te           |    1 
 policy/modules/services/amavis.fc         |    2 
 policy/modules/services/amavis.if         |   62 ++++++++++++++++++++++++++++++
 policy/modules/services/amavis.te         |   10 ++++
 policy/modules/services/bluetooth.te      |    5 ++
 policy/modules/services/clamav.te         |   21 ++++++++++
 policy/modules/services/cvs.te            |    1 
 policy/modules/services/dovecot.te        |    1 
 policy/modules/services/mysql.te          |    1 
 policy/modules/services/networkmanager.fc |    1 
 policy/modules/services/nscd.te           |    5 ++
 policy/modules/services/pyzor.te          |   11 +++++
 policy/modules/services/rsync.te          |    1 
 policy/modules/services/samba.te          |    4 +
 policy/modules/services/xserver.if        |   43 ++++++++++++++++++++
 policy/modules/system/hostname.te         |    5 +-
 policy/modules/system/init.te             |    1 
 policy/modules/system/libraries.fc        |    3 -
 policy/modules/system/logging.te          |    8 +++
 policy/modules/system/unconfined.te       |    4 +
 policy/modules/system/userdomain.te       |   42 ++++++++++++++++++--
 policy/modules/system/xen.fc              |    1 
 policy/modules/system/xen.if              |    2 
 policy/modules/system/xen.te              |   27 ++++++++++++-
 policy/rolemap                            |    1 
 policy/support/misc_macros.spt            |    2 
 policy/users                              |    6 +-
 35 files changed, 365 insertions(+), 16 deletions(-)

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.2 -r 1.3 policy-20060505.patch
Index: policy-20060505.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policy-20060505.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20060505.patch	17 May 2006 13:57:47 -0000	1.2
+++ policy-20060505.patch	24 May 2006 03:19:52 -0000	1.3
@@ -1,47 +1,21 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.40/config/appconfig-strict-mls/default_type
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.42/config/appconfig-strict-mls/default_type
 --- nsaserefpolicy/config/appconfig-strict-mls/default_type	2006-01-06 17:55:17.000000000 -0500
-+++ serefpolicy-2.2.40/config/appconfig-strict-mls/default_type	2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/config/appconfig-strict-mls/default_type	2006-05-22 13:34:07.000000000 -0400
 @@ -2,3 +2,4 @@
  secadm_r:secadm_t
  staff_r:staff_t
  user_r:user_t
 +auditadm_r:auditadm_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.2.40/policy/global_booleans
---- nsaserefpolicy/policy/global_booleans	2006-02-10 17:05:17.000000000 -0500
-+++ serefpolicy-2.2.40/policy/global_booleans	2006-05-16 10:16:11.000000000 -0400
-@@ -28,3 +28,11 @@
- ## </p>
- ## </desc>
- gen_bool(secure_mode_policyload,false)
-+
-+## <desc>
-+## <p>
-+## Allow mount to mount any file
-+## </p>
-+## </desc>
-+gen_bool(allow_mount_anyfile,false)
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.2.40/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables	2006-04-18 22:49:58.000000000 -0400
-+++ serefpolicy-2.2.40/policy/global_tunables	2006-05-16 10:16:11.000000000 -0400
-@@ -73,6 +73,14 @@
- 
- ## <desc>
- ## <p>
-+## Allow nfs servers to modify public files
-+## used for public file transfer services.
-+## </p>
-+## </desc>
-+gen_tunable(allow_nfsd_anon_write,false)
-+
-+## <desc>
-+## <p>
- ## Allow java executable stack
- ## </p>
- ## </desc>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.2.40/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/consoletype.te	2006-05-16 10:16:11.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.2.42/policy/modules/admin/consoletype.te
+--- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/admin/consoletype.te	2006-05-22 13:34:07.000000000 -0400
+@@ -1,5 +1,5 @@
+ 
+-policy_module(consoletype,1.0.1)
++policy_module(consoletype,1.0.0)
+ 
+ ########################################
+ #
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -56,81 +30,35 @@
  mls_file_read_up(consoletype_t)
  mls_file_write_down(consoletype_t)
  role system_r types consoletype_t;
-@@ -107,3 +112,12 @@
- optional_policy(`
- 	userdom_use_unpriv_users_fds(consoletype_t)
- ')
-+
-+optional_policy(`
-+	xen_append_log(consoletype_t)
-+	xen_dontaudit_rw_unix_stream_sockets(consoletype_t)
-+	kernel_read_xen_state(consoletype_t)
-+	kernel_write_xen_state(consoletype_t)
-+
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.40/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te	2006-04-27 10:31:31.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/netutils.te	2006-05-16 10:16:11.000000000 -0400
-@@ -187,6 +187,7 @@
- # traceroute needs this but not tracepath
- corenet_raw_bind_all_nodes(traceroute_t)
- corenet_tcp_connect_all_ports(traceroute_t)
-+corenet_udp_bind_traceroute_port(traceroute_t)
- 
- fs_dontaudit_getattr_xattr_fs(traceroute_t)
- 
-@@ -195,6 +196,8 @@
- files_read_etc_files(traceroute_t)
- files_dontaudit_search_var(traceroute_t)
- 
-+init_use_fds(traceroute_t)
-+
- libs_use_ld_so(traceroute_t)
- libs_use_shared_libs(traceroute_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.40/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2006-04-20 08:17:35.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/prelink.te	2006-05-16 16:59:39.000000000 -0400
-@@ -46,6 +46,9 @@
- corecmd_manage_all_executables(prelink_t)
- corecmd_relabel_all_executables(prelink_t)
- corecmd_mmap_all_executables(prelink_t)
-+corecmd_read_sbin_symlinks(prelink_t)
-+
-+domain_obj_id_change_exemption(prelink_t)
- 
- dev_read_urand(prelink_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.40/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te	2006-05-03 16:26:07.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/apps/mono.te	2006-05-16 10:16:11.000000000 -0400
-@@ -22,6 +22,7 @@
- 	unconfined_domain_noaudit(mono_t)
- 	unconfined_dbus_chat(mono_t)
- 
-+	role system_r types mono_t;
- 	init_dbus_chat_script(mono_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.42/policy/modules/admin/rpm.te
+--- nsaserefpolicy/policy/modules/admin/rpm.te	2006-04-19 17:43:32.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/admin/rpm.te	2006-05-22 13:34:07.000000000 -0400
+@@ -334,6 +334,15 @@
  
- 	optional_policy(`
-@@ -35,4 +36,8 @@
- 	optional_policy(`
- 		networkmanager_dbus_chat(mono_t)
- 	')
-+
+ ifdef(`targeted_policy',`
+ 	unconfined_domain(rpm_script_t)
 +	optional_policy(`
-+		unconfined_dbus_connect_bus(mono_t)
++		java_domtrans(rpm_script_t)
 +	')
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.fc
++	optional_policy(`
++		mono_domtrans(rpm_script_t)
++	')
++	optional_policy(`
++		unconfined_execmem_domtrans(rpm_script_t)
++	')
+ ',`
+ 	optional_policy(`
+ 		bootloader_domtrans(rpm_script_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.fc
 --- nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.fc	2006-05-16 17:24:40.000000000 -0400
-@@ -0,0 +1,2 @@
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.fc	2006-05-22 13:34:08.000000000 -0400
+@@ -0,0 +1,3 @@
 +/usr/lib/openoffice.org.*/program/.*\.bin	-- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +/usr/bin/valgrind 	-- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.if serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.if
++/usr/bin/mplayer 	-- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.if serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.if
 --- nsaserefpolicy/policy/modules/apps/unconfined_execmem.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.if	2006-05-16 17:10:38.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.if	2006-05-22 13:34:08.000000000 -0400
 @@ -0,0 +1,29 @@
 +## <summary>Unconfined domain with execmem/execstack privs</summary>
 +
@@ -161,10 +89,10 @@
 +		errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
 +	')
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.te serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.te serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.te
 --- nsaserefpolicy/policy/modules/apps/unconfined_execmem.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.te	2006-05-16 17:05:11.000000000 -0400
-@@ -0,0 +1,22 @@
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.te	2006-05-22 13:34:08.000000000 -0400
+@@ -0,0 +1,21 @@
 +
 +policy_module(unconfined_execmem,1.1.2)
 +
@@ -185,66 +113,10 @@
 +ifdef(`targeted_policy',`
 +	allow unconfined_execmem_t self:process { execstack execmem };
 +	unconfined_domain_noaudit(unconfined_execmem_t)
-+	role system_r types unconfined_execmem_t;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.40/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-04-27 10:31:32.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/kernel/corecommands.fc	2006-05-16 10:16:11.000000000 -0400
-@@ -76,7 +76,7 @@
- #
- 
- /lib/udev/[^/]*			--	gen_context(system_u:object_r:bin_t,s0)
--
[...1734 lines suppressed...]
  		')
  	')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.2.40/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc	2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.fc	2006-05-16 10:16:11.000000000 -0400
-@@ -13,5 +13,6 @@
+@@ -428,6 +461,7 @@
+ 	optional_policy(`
+ 		sysnet_run_ifconfig(sysadm_t,sysadm_r,admin_terminal)
+ 		sysnet_run_dhcpc(sysadm_t,sysadm_r,admin_terminal)
++		consoletype_run(sysadm_t,sysadm_r,admin_terminal)
+ 	')
  
- /var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
+ 	optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.2.42/policy/modules/system/xen.fc
+--- nsaserefpolicy/policy/modules/system/xen.fc	2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.fc	2006-05-23 14:35:38.000000000 -0400
+@@ -16,3 +16,4 @@
  /var/run/xend\.pid	--      gen_context(system_u:object_r:xend_var_run_t,s0)
-+/var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
  /var/run/xenstore\.pid	--	gen_context(system_u:object_r:xenstored_var_run_t,s0)
  /var/run/xenstored(/.*)?	gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.40/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if	2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.if	2006-05-16 10:16:11.000000000 -0400
-@@ -127,3 +127,4 @@
- 	allow xm_t:$1:fifo_file rw_file_perms;
++/xen(/.*)?			gen_context(system_u:object_r:xen_image_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.42/policy/modules/system/xen.if
+--- nsaserefpolicy/policy/modules/system/xen.if	2006-05-03 16:01:26.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.if	2006-05-23 15:34:07.000000000 -0400
+@@ -124,6 +124,6 @@
+ 
+ 	domain_auto_trans($1,xm_exec_t,xm_t)
+ 	allow xm_t $1:fd use;
+-	allow xm_t:$1:fifo_file rw_file_perms;
++	allow xm_t $1:fifo_file rw_file_perms;
  	allow xm_t $1:process sigchld;
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.42/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te	2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.te	2006-05-23 15:40:21.000000000 -0400
+@@ -50,6 +50,10 @@
+ domain_entry_file(xenconsoled_t,xenconsoled_exec_t)
+ role system_r types xenconsoled_t;
+ 
++# Xen Image files
++type xen_image_t; # customizable
++files_type(xen_image_t)
++
+ # pid files
+ type xenconsoled_var_run_t;
+ files_pid_file(xenconsoled_var_run_t)
+@@ -74,6 +78,11 @@
+ allow xend_t self:tcp_socket create_stream_socket_perms;
+ allow xend_t self:packet_socket create_socket_perms;
+ 
++files_etc_filetrans_etc_runtime(xend_t,file)
++
++allow xend_t xen_image_t:dir r_dir_perms;
++allow xend_t xen_image_t:file r_file_perms;
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.40/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.te	2006-05-16 10:16:11.000000000 -0400
-@@ -77,7 +77,7 @@
  # pid file
  allow xend_t xend_var_run_t:file manage_file_perms;
  allow xend_t xend_var_run_t:sock_file manage_file_perms;
--allow xend_t xend_var_run_t:dir rw_dir_perms;
-+allow xend_t xend_var_run_t:dir { setattr rw_dir_perms };
- files_pid_filetrans(xend_t,xend_var_run_t, { file sock_file })
- 
- # log files
-@@ -92,6 +92,10 @@
+@@ -89,8 +98,9 @@
+ # var/lib files for xend
+ allow xend_t xend_var_lib_t:file create_file_perms;
+ allow xend_t xend_var_lib_t:sock_file create_file_perms;
++allow xend_t xend_var_lib_t:fifo_file create_file_perms;
  allow xend_t xend_var_lib_t:dir create_dir_perms;
- files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir sock_file })
+-files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir sock_file })
++files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
  
-+optional_policy(`
-+	consoletype_domtrans(xend_t)
-+')
-+
  # transition to store
  domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
- allow xenstored_t xend_t:fd use;
-@@ -153,8 +157,6 @@
- sysnet_delete_dhcpc_pid(xend_t)
- sysnet_read_dhcpc_pid(xend_t)
- 
--consoletype_exec(xend_t)
--
- xen_stream_connect_xenstore(xend_t)
- 
- ########################################
-@@ -180,6 +182,7 @@
- 
- term_create_pty(xenconsoled_t,xen_devpts_t);
- term_dontaudit_use_generic_ptys(xenconsoled_t)
-+term_use_console(xenconsoled_t)
- 
- init_use_fds(xenconsoled_t)
- 
-@@ -198,6 +201,7 @@
- 
- allow xenstored_t self:capability { dac_override mknod ipc_lock };
- allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
-+allow xenstored_t self:unix_dgram_socket create_socket_perms;
- 
- # pid file
- allow xenstored_t xenstored_var_run_t:file manage_file_perms;
-@@ -220,12 +224,15 @@
- dev_rw_xen(xenstored_t)
- 
- term_dontaudit_use_generic_ptys(xenstored_t)
-+term_dontaudit_use_console(xenconsoled_t)
- 
- init_use_fds(xenstored_t)
- 
- libs_use_ld_so(xenstored_t)
- libs_use_shared_libs(xenstored_t)
- 
-+logging_send_syslog_msg(xenstored_t)
-+
- miscfiles_read_localization(xenstored_t)
+@@ -113,6 +123,7 @@
+ corecmd_exec_bin(xend_t)
+ corecmd_exec_shell(xend_t)
+ 
++corenet_tcp_bind_all_nodes(xend_t)
+ corenet_tcp_sendrecv_all_if(xend_t)
+ corenet_tcp_sendrecv_all_nodes(xend_t)
+ corenet_tcp_sendrecv_all_ports(xend_t)
+@@ -242,7 +253,7 @@
+ # xm local policy
+ #
  
- xen_append_log(xenstored_t)
-@@ -263,3 +270,4 @@
+-allow xm_t self:capability dac_override;
++allow xm_t self:capability { dac_override ipc_lock };
+ # internal communication is often done using fifo and unix sockets.
+ allow xm_t self:fifo_file { read write };
+ allow xm_t self:unix_stream_socket create_stream_socket_perms;
+@@ -270,3 +281,15 @@
  xen_append_log(xm_t)
  xen_stream_connect(xm_t)
  xen_stream_connect_xenstore(xm_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.40/policy/rolemap
++files_list_mnt(xm_t)
++
++init_rw_script_stream_sockets(xm_t)
++
++files_read_etc_runtime_files(xm_t)
++files_read_usr_files(xm_t)
++
++files_search_var_lib(xm_t)
++allow xm_t xend_var_lib_t:dir rw_dir_perms;
++allow xm_t xend_var_lib_t:fifo_file create_file_perms;
++allow xm_t xend_var_lib_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.42/policy/rolemap
 --- nsaserefpolicy/policy/rolemap	2006-01-26 15:38:41.000000000 -0500
-+++ serefpolicy-2.2.40/policy/rolemap	2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/policy/rolemap	2006-05-22 13:34:08.000000000 -0400
 @@ -15,5 +15,6 @@
  
  	ifdef(`enable_mls',`
@@ -1739,9 +863,21 @@
 +		auditadm_r auditadm auditadm_t
  	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.40/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_macros.spt serefpolicy-2.2.42/policy/support/misc_macros.spt
+--- nsaserefpolicy/policy/support/misc_macros.spt	2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/support/misc_macros.spt	2006-05-22 13:34:08.000000000 -0400
+@@ -37,7 +37,7 @@
+ #
+ # gen_context(context,mls_sensitivity,[mcs_categories])
+ #
+-define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')')dnl
++define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl
+ 
+ ########################################
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.42/policy/users
 --- nsaserefpolicy/policy/users	2006-02-15 17:02:30.000000000 -0500
-+++ serefpolicy-2.2.40/policy/users	2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/policy/users	2006-05-22 13:34:08.000000000 -0400
 @@ -29,7 +29,7 @@
  gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
  ',`


Index: policygentool
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policygentool,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policygentool	27 Feb 2006 23:00:40 -0000	1.4
+++ policygentool	24 May 2006 03:19:52 -0000	1.5
@@ -32,7 +32,9 @@
 ##	Execute a domain transition to run TEMPLATETYPE.
 ## </summary>
 ## <param name=\"domain\">
+## <summary>
 ##	Domain allowed to transition.
+## </summary>
 ## </param>
 #
 interface(`TEMPLATETYPE_domtrans',`
@@ -113,8 +115,7 @@
 allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms;
 allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms;
 allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms;
-files_var_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t,{ file dir sock_file })
-files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t)
+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file })
 """
 te_network2="""
 ## Networking basics (adjust to your needs!)
@@ -132,7 +133,7 @@
 """
 te_initsc2="""
 # Init script handling
-init_use_fd(TEMPLATETYPE_t)
+init_use_fds(TEMPLATETYPE_t)
 init_use_script_ptys(TEMPLATETYPE_t)
 domain_use_interactive_fds(TEMPLATETYPE_t)
 """


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/selinux-policy.spec,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- selinux-policy.spec	17 May 2006 13:57:47 -0000	1.168
+++ selinux-policy.spec	24 May 2006 03:19:52 -0000	1.169
@@ -12,11 +12,11 @@
 %endif
 %define POLICYVER 20
 %define POLICYCOREUTILSVER 1.30-1
-%define CHECKPOLICYVER 1.30.3-1
+%define CHECKPOLICYVER 1.30.4-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.2.40
-Release: 1.fc5
+Version: 2.2.42
+Release: 2.fc5
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -326,6 +326,22 @@
 %endif
 
 %changelog
+* Tue May 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2.fc5
+- Bump for fc5
+
+* Mon May 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2
+- Xen fixes
+
+* Thu May 18 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-1
+- Upgrade to upstream
+
+* Thu May 18 2006 Dan Walsh <dwalsh at redhat.com> 2.2.41-1
+- allow hal to read boot_t files
+- Upgrade to upstream
+
+* Wed May 17 2006 Dan Walsh <dwalsh at redhat.com> 2.2.40-2
+- allow hal to read boot_t files
+
 * Wed May 17 2006 Dan Walsh <dwalsh at redhat.com> 2.2.40-1.fc5
 - Bump for fc5
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/sources,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- sources	17 May 2006 13:57:47 -0000	1.58
+++ sources	24 May 2006 03:19:52 -0000	1.59
@@ -1 +1 @@
-d2a0babbbb7cbf1d8bcb051d5972bb50  serefpolicy-2.2.40.tgz
+2790acad9ae17a8b00b93c2adfebffd4  serefpolicy-2.2.42.tgz

More information about the fedora-cvs-commits mailing list