rpms/selinux-policy/FC-5 .cvsignore, 1.54, 1.55 modules-mls.conf, 1.15, 1.16 modules-strict.conf, 1.9, 1.10 modules-targeted.conf, 1.21, 1.22 policy-20060505.patch, 1.2, 1.3 policygentool, 1.4, 1.5 selinux-policy.spec, 1.168, 1.169 sources, 1.58, 1.59
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed May 24 03:19:54 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv22190
Modified Files:
.cvsignore modules-mls.conf modules-strict.conf
modules-targeted.conf policy-20060505.patch policygentool
selinux-policy.spec sources
Log Message:
* Tue May 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2.fc5
- Bump for fc5
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/.cvsignore,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- .cvsignore 17 May 2006 13:57:47 -0000 1.54
+++ .cvsignore 24 May 2006 03:19:52 -0000 1.55
@@ -66,3 +66,4 @@
serefpolicy-2.2.38.tgz
serefpolicy-2.2.39.tgz
serefpolicy-2.2.40.tgz
+serefpolicy-2.2.42.tgz
Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-mls.conf,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- modules-mls.conf 8 May 2006 19:32:05 -0000 1.15
+++ modules-mls.conf 24 May 2006 03:19:52 -0000 1.16
@@ -986,3 +986,10 @@
# Policy for setrans
#
setrans = base
+
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+#
+openvpn = base
Index: modules-strict.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-strict.conf,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- modules-strict.conf 8 May 2006 19:32:05 -0000 1.9
+++ modules-strict.conf 24 May 2006 03:19:52 -0000 1.10
@@ -1270,3 +1270,9 @@
#
setrans = base
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+#
+openvpn = base
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-targeted.conf,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- modules-targeted.conf 8 May 2006 19:32:05 -0000 1.21
+++ modules-targeted.conf 24 May 2006 03:19:52 -0000 1.22
@@ -1048,14 +1048,14 @@
#
# Spam Blocker
#
-pyzor = base
+pyzor = module
# Layer: services
# Module: amavis
#
# Anti-virus
#
-amavis = base
+amavis = module
# Layer: services
# Module: clamav
@@ -1072,3 +1072,17 @@
#
setrans = base
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+#
+openvpn = base
+
+# Layer: apps
+# Module: unconfined_execmem
+#
+# unconfined_execmem executable
+#
+unconfined_execmem = base
+
policy-20060505.patch:
config/appconfig-strict-mls/default_type | 1
policy/modules/admin/consoletype.te | 9 +++-
policy/modules/admin/rpm.te | 9 ++++
policy/modules/apps/unconfined_execmem.fc | 3 +
policy/modules/apps/unconfined_execmem.if | 29 ++++++++++++++
policy/modules/apps/unconfined_execmem.te | 21 ++++++++++
policy/modules/kernel/files.if | 15 +++++++
policy/modules/kernel/filesystem.if | 23 +++++++++++
policy/modules/kernel/kernel.te | 1
policy/modules/services/amavis.fc | 2
policy/modules/services/amavis.if | 62 ++++++++++++++++++++++++++++++
policy/modules/services/amavis.te | 10 ++++
policy/modules/services/bluetooth.te | 5 ++
policy/modules/services/clamav.te | 21 ++++++++++
policy/modules/services/cvs.te | 1
policy/modules/services/dovecot.te | 1
policy/modules/services/mysql.te | 1
policy/modules/services/networkmanager.fc | 1
policy/modules/services/nscd.te | 5 ++
policy/modules/services/pyzor.te | 11 +++++
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 4 +
policy/modules/services/xserver.if | 43 ++++++++++++++++++++
policy/modules/system/hostname.te | 5 +-
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 3 -
policy/modules/system/logging.te | 8 +++
policy/modules/system/unconfined.te | 4 +
policy/modules/system/userdomain.te | 42 ++++++++++++++++++--
policy/modules/system/xen.fc | 1
policy/modules/system/xen.if | 2
policy/modules/system/xen.te | 27 ++++++++++++-
policy/rolemap | 1
policy/support/misc_macros.spt | 2
policy/users | 6 +-
35 files changed, 365 insertions(+), 16 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 policy-20060505.patch
Index: policy-20060505.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policy-20060505.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20060505.patch 17 May 2006 13:57:47 -0000 1.2
+++ policy-20060505.patch 24 May 2006 03:19:52 -0000 1.3
@@ -1,47 +1,21 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.40/config/appconfig-strict-mls/default_type
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.42/config/appconfig-strict-mls/default_type
--- nsaserefpolicy/config/appconfig-strict-mls/default_type 2006-01-06 17:55:17.000000000 -0500
-+++ serefpolicy-2.2.40/config/appconfig-strict-mls/default_type 2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/config/appconfig-strict-mls/default_type 2006-05-22 13:34:07.000000000 -0400
@@ -2,3 +2,4 @@
secadm_r:secadm_t
staff_r:staff_t
user_r:user_t
+auditadm_r:auditadm_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.2.40/policy/global_booleans
---- nsaserefpolicy/policy/global_booleans 2006-02-10 17:05:17.000000000 -0500
-+++ serefpolicy-2.2.40/policy/global_booleans 2006-05-16 10:16:11.000000000 -0400
-@@ -28,3 +28,11 @@
- ## </p>
- ## </desc>
- gen_bool(secure_mode_policyload,false)
-+
-+## <desc>
-+## <p>
-+## Allow mount to mount any file
-+## </p>
-+## </desc>
-+gen_bool(allow_mount_anyfile,false)
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.2.40/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2006-04-18 22:49:58.000000000 -0400
-+++ serefpolicy-2.2.40/policy/global_tunables 2006-05-16 10:16:11.000000000 -0400
-@@ -73,6 +73,14 @@
-
- ## <desc>
- ## <p>
-+## Allow nfs servers to modify public files
-+## used for public file transfer services.
-+## </p>
-+## </desc>
-+gen_tunable(allow_nfsd_anon_write,false)
-+
-+## <desc>
-+## <p>
- ## Allow java executable stack
- ## </p>
- ## </desc>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.2.40/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/consoletype.te 2006-05-16 10:16:11.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.2.42/policy/modules/admin/consoletype.te
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/admin/consoletype.te 2006-05-22 13:34:07.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(consoletype,1.0.1)
++policy_module(consoletype,1.0.0)
+
+ ########################################
+ #
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -56,81 +30,35 @@
mls_file_read_up(consoletype_t)
mls_file_write_down(consoletype_t)
role system_r types consoletype_t;
-@@ -107,3 +112,12 @@
- optional_policy(`
- userdom_use_unpriv_users_fds(consoletype_t)
- ')
-+
-+optional_policy(`
-+ xen_append_log(consoletype_t)
-+ xen_dontaudit_rw_unix_stream_sockets(consoletype_t)
-+ kernel_read_xen_state(consoletype_t)
-+ kernel_write_xen_state(consoletype_t)
-+
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.40/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2006-04-27 10:31:31.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/netutils.te 2006-05-16 10:16:11.000000000 -0400
-@@ -187,6 +187,7 @@
- # traceroute needs this but not tracepath
- corenet_raw_bind_all_nodes(traceroute_t)
- corenet_tcp_connect_all_ports(traceroute_t)
-+corenet_udp_bind_traceroute_port(traceroute_t)
-
- fs_dontaudit_getattr_xattr_fs(traceroute_t)
-
-@@ -195,6 +196,8 @@
- files_read_etc_files(traceroute_t)
- files_dontaudit_search_var(traceroute_t)
-
-+init_use_fds(traceroute_t)
-+
- libs_use_ld_so(traceroute_t)
- libs_use_shared_libs(traceroute_t)
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.40/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2006-04-20 08:17:35.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/admin/prelink.te 2006-05-16 16:59:39.000000000 -0400
-@@ -46,6 +46,9 @@
- corecmd_manage_all_executables(prelink_t)
- corecmd_relabel_all_executables(prelink_t)
- corecmd_mmap_all_executables(prelink_t)
-+corecmd_read_sbin_symlinks(prelink_t)
-+
-+domain_obj_id_change_exemption(prelink_t)
-
- dev_read_urand(prelink_t)
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.40/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te 2006-05-03 16:26:07.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/apps/mono.te 2006-05-16 10:16:11.000000000 -0400
-@@ -22,6 +22,7 @@
- unconfined_domain_noaudit(mono_t)
- unconfined_dbus_chat(mono_t)
-
-+ role system_r types mono_t;
- init_dbus_chat_script(mono_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.42/policy/modules/admin/rpm.te
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-04-19 17:43:32.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/admin/rpm.te 2006-05-22 13:34:07.000000000 -0400
+@@ -334,6 +334,15 @@
- optional_policy(`
-@@ -35,4 +36,8 @@
- optional_policy(`
- networkmanager_dbus_chat(mono_t)
- ')
-+
+ ifdef(`targeted_policy',`
+ unconfined_domain(rpm_script_t)
+ optional_policy(`
-+ unconfined_dbus_connect_bus(mono_t)
++ java_domtrans(rpm_script_t)
+ ')
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.fc
++ optional_policy(`
++ mono_domtrans(rpm_script_t)
++ ')
++ optional_policy(`
++ unconfined_execmem_domtrans(rpm_script_t)
++ ')
+ ',`
+ optional_policy(`
+ bootloader_domtrans(rpm_script_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.fc
--- nsaserefpolicy/policy/modules/apps/unconfined_execmem.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.fc 2006-05-16 17:24:40.000000000 -0400
-@@ -0,0 +1,2 @@
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.fc 2006-05-22 13:34:08.000000000 -0400
+@@ -0,0 +1,3 @@
+/usr/lib/openoffice.org.*/program/.*\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.if serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.if
++/usr/bin/mplayer -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.if serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.if
--- nsaserefpolicy/policy/modules/apps/unconfined_execmem.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.if 2006-05-16 17:10:38.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.if 2006-05-22 13:34:08.000000000 -0400
@@ -0,0 +1,29 @@
+## <summary>Unconfined domain with execmem/execstack privs</summary>
+
@@ -161,10 +89,10 @@
+ errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
+ ')
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.te serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/unconfined_execmem.te serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.te
--- nsaserefpolicy/policy/modules/apps/unconfined_execmem.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.40/policy/modules/apps/unconfined_execmem.te 2006-05-16 17:05:11.000000000 -0400
-@@ -0,0 +1,22 @@
++++ serefpolicy-2.2.42/policy/modules/apps/unconfined_execmem.te 2006-05-22 13:34:08.000000000 -0400
+@@ -0,0 +1,21 @@
+
+policy_module(unconfined_execmem,1.1.2)
+
@@ -185,66 +113,10 @@
+ifdef(`targeted_policy',`
+ allow unconfined_execmem_t self:process { execstack execmem };
+ unconfined_domain_noaudit(unconfined_execmem_t)
-+ role system_r types unconfined_execmem_t;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.40/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-04-27 10:31:32.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/kernel/corecommands.fc 2006-05-16 10:16:11.000000000 -0400
-@@ -76,7 +76,7 @@
- #
-
- /lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
--
[...1734 lines suppressed...]
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.2.40/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.fc 2006-05-16 10:16:11.000000000 -0400
-@@ -13,5 +13,6 @@
+@@ -428,6 +461,7 @@
+ optional_policy(`
+ sysnet_run_ifconfig(sysadm_t,sysadm_r,admin_terminal)
+ sysnet_run_dhcpc(sysadm_t,sysadm_r,admin_terminal)
++ consoletype_run(sysadm_t,sysadm_r,admin_terminal)
+ ')
- /var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
+ optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.2.42/policy/modules/system/xen.fc
+--- nsaserefpolicy/policy/modules/system/xen.fc 2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.fc 2006-05-23 14:35:38.000000000 -0400
+@@ -16,3 +16,4 @@
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
-+/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.40/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.if 2006-05-16 10:16:11.000000000 -0400
-@@ -127,3 +127,4 @@
- allow xm_t:$1:fifo_file rw_file_perms;
++/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.42/policy/modules/system/xen.if
+--- nsaserefpolicy/policy/modules/system/xen.if 2006-05-03 16:01:26.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.if 2006-05-23 15:34:07.000000000 -0400
+@@ -124,6 +124,6 @@
+
+ domain_auto_trans($1,xm_exec_t,xm_t)
+ allow xm_t $1:fd use;
+- allow xm_t:$1:fifo_file rw_file_perms;
++ allow xm_t $1:fifo_file rw_file_perms;
allow xm_t $1:process sigchld;
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.42/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/system/xen.te 2006-05-23 15:40:21.000000000 -0400
+@@ -50,6 +50,10 @@
+ domain_entry_file(xenconsoled_t,xenconsoled_exec_t)
+ role system_r types xenconsoled_t;
+
++# Xen Image files
++type xen_image_t; # customizable
++files_type(xen_image_t)
++
+ # pid files
+ type xenconsoled_var_run_t;
+ files_pid_file(xenconsoled_var_run_t)
+@@ -74,6 +78,11 @@
+ allow xend_t self:tcp_socket create_stream_socket_perms;
+ allow xend_t self:packet_socket create_socket_perms;
+
++files_etc_filetrans_etc_runtime(xend_t,file)
++
++allow xend_t xen_image_t:dir r_dir_perms;
++allow xend_t xen_image_t:file r_file_perms;
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.40/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2006-05-03 16:26:08.000000000 -0400
-+++ serefpolicy-2.2.40/policy/modules/system/xen.te 2006-05-16 10:16:11.000000000 -0400
-@@ -77,7 +77,7 @@
# pid file
allow xend_t xend_var_run_t:file manage_file_perms;
allow xend_t xend_var_run_t:sock_file manage_file_perms;
--allow xend_t xend_var_run_t:dir rw_dir_perms;
-+allow xend_t xend_var_run_t:dir { setattr rw_dir_perms };
- files_pid_filetrans(xend_t,xend_var_run_t, { file sock_file })
-
- # log files
-@@ -92,6 +92,10 @@
+@@ -89,8 +98,9 @@
+ # var/lib files for xend
+ allow xend_t xend_var_lib_t:file create_file_perms;
+ allow xend_t xend_var_lib_t:sock_file create_file_perms;
++allow xend_t xend_var_lib_t:fifo_file create_file_perms;
allow xend_t xend_var_lib_t:dir create_dir_perms;
- files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir sock_file })
+-files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir sock_file })
++files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
-+optional_policy(`
-+ consoletype_domtrans(xend_t)
-+')
-+
# transition to store
domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
- allow xenstored_t xend_t:fd use;
-@@ -153,8 +157,6 @@
- sysnet_delete_dhcpc_pid(xend_t)
- sysnet_read_dhcpc_pid(xend_t)
-
--consoletype_exec(xend_t)
--
- xen_stream_connect_xenstore(xend_t)
-
- ########################################
-@@ -180,6 +182,7 @@
-
- term_create_pty(xenconsoled_t,xen_devpts_t);
- term_dontaudit_use_generic_ptys(xenconsoled_t)
-+term_use_console(xenconsoled_t)
-
- init_use_fds(xenconsoled_t)
-
-@@ -198,6 +201,7 @@
-
- allow xenstored_t self:capability { dac_override mknod ipc_lock };
- allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
-+allow xenstored_t self:unix_dgram_socket create_socket_perms;
-
- # pid file
- allow xenstored_t xenstored_var_run_t:file manage_file_perms;
-@@ -220,12 +224,15 @@
- dev_rw_xen(xenstored_t)
-
- term_dontaudit_use_generic_ptys(xenstored_t)
-+term_dontaudit_use_console(xenconsoled_t)
-
- init_use_fds(xenstored_t)
-
- libs_use_ld_so(xenstored_t)
- libs_use_shared_libs(xenstored_t)
-
-+logging_send_syslog_msg(xenstored_t)
-+
- miscfiles_read_localization(xenstored_t)
+@@ -113,6 +123,7 @@
+ corecmd_exec_bin(xend_t)
+ corecmd_exec_shell(xend_t)
+
++corenet_tcp_bind_all_nodes(xend_t)
+ corenet_tcp_sendrecv_all_if(xend_t)
+ corenet_tcp_sendrecv_all_nodes(xend_t)
+ corenet_tcp_sendrecv_all_ports(xend_t)
+@@ -242,7 +253,7 @@
+ # xm local policy
+ #
- xen_append_log(xenstored_t)
-@@ -263,3 +270,4 @@
+-allow xm_t self:capability dac_override;
++allow xm_t self:capability { dac_override ipc_lock };
+ # internal communication is often done using fifo and unix sockets.
+ allow xm_t self:fifo_file { read write };
+ allow xm_t self:unix_stream_socket create_stream_socket_perms;
+@@ -270,3 +281,15 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.40/policy/rolemap
++files_list_mnt(xm_t)
++
++init_rw_script_stream_sockets(xm_t)
++
++files_read_etc_runtime_files(xm_t)
++files_read_usr_files(xm_t)
++
++files_search_var_lib(xm_t)
++allow xm_t xend_var_lib_t:dir rw_dir_perms;
++allow xm_t xend_var_lib_t:fifo_file create_file_perms;
++allow xm_t xend_var_lib_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.42/policy/rolemap
--- nsaserefpolicy/policy/rolemap 2006-01-26 15:38:41.000000000 -0500
-+++ serefpolicy-2.2.40/policy/rolemap 2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/policy/rolemap 2006-05-22 13:34:08.000000000 -0400
@@ -15,5 +15,6 @@
ifdef(`enable_mls',`
@@ -1739,9 +863,21 @@
+ auditadm_r auditadm auditadm_t
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.40/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_macros.spt serefpolicy-2.2.42/policy/support/misc_macros.spt
+--- nsaserefpolicy/policy/support/misc_macros.spt 2006-05-19 10:07:51.000000000 -0400
++++ serefpolicy-2.2.42/policy/support/misc_macros.spt 2006-05-22 13:34:08.000000000 -0400
+@@ -37,7 +37,7 @@
+ #
+ # gen_context(context,mls_sensitivity,[mcs_categories])
+ #
+-define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')')dnl
++define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl
+
+ ########################################
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.42/policy/users
--- nsaserefpolicy/policy/users 2006-02-15 17:02:30.000000000 -0500
-+++ serefpolicy-2.2.40/policy/users 2006-05-16 10:16:11.000000000 -0400
++++ serefpolicy-2.2.42/policy/users 2006-05-22 13:34:08.000000000 -0400
@@ -29,7 +29,7 @@
gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
',`
Index: policygentool
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policygentool,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policygentool 27 Feb 2006 23:00:40 -0000 1.4
+++ policygentool 24 May 2006 03:19:52 -0000 1.5
@@ -32,7 +32,9 @@
## Execute a domain transition to run TEMPLATETYPE.
## </summary>
## <param name=\"domain\">
+## <summary>
## Domain allowed to transition.
+## </summary>
## </param>
#
interface(`TEMPLATETYPE_domtrans',`
@@ -113,8 +115,7 @@
allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms;
allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms;
allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms;
-files_var_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t,{ file dir sock_file })
-files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t)
+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file })
"""
te_network2="""
## Networking basics (adjust to your needs!)
@@ -132,7 +133,7 @@
"""
te_initsc2="""
# Init script handling
-init_use_fd(TEMPLATETYPE_t)
+init_use_fds(TEMPLATETYPE_t)
init_use_script_ptys(TEMPLATETYPE_t)
domain_use_interactive_fds(TEMPLATETYPE_t)
"""
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/selinux-policy.spec,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- selinux-policy.spec 17 May 2006 13:57:47 -0000 1.168
+++ selinux-policy.spec 24 May 2006 03:19:52 -0000 1.169
@@ -12,11 +12,11 @@
%endif
%define POLICYVER 20
%define POLICYCOREUTILSVER 1.30-1
-%define CHECKPOLICYVER 1.30.3-1
+%define CHECKPOLICYVER 1.30.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.40
-Release: 1.fc5
+Version: 2.2.42
+Release: 2.fc5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -326,6 +326,22 @@
%endif
%changelog
+* Tue May 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2.fc5
+- Bump for fc5
+
+* Mon May 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-2
+- Xen fixes
+
+* Thu May 18 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-1
+- Upgrade to upstream
+
+* Thu May 18 2006 Dan Walsh <dwalsh at redhat.com> 2.2.41-1
+- allow hal to read boot_t files
+- Upgrade to upstream
+
+* Wed May 17 2006 Dan Walsh <dwalsh at redhat.com> 2.2.40-2
+- allow hal to read boot_t files
+
* Wed May 17 2006 Dan Walsh <dwalsh at redhat.com> 2.2.40-1.fc5
- Bump for fc5
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/sources,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- sources 17 May 2006 13:57:47 -0000 1.58
+++ sources 24 May 2006 03:19:52 -0000 1.59
@@ -1 +1 @@
-d2a0babbbb7cbf1d8bcb051d5972bb50 serefpolicy-2.2.40.tgz
+2790acad9ae17a8b00b93c2adfebffd4 serefpolicy-2.2.42.tgz
More information about the fedora-cvs-commits
mailing list