rpms/selinux-policy/devel policy-20060505.patch,1.13,1.14
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri May 26 14:25:13 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27291
Modified Files:
policy-20060505.patch
Log Message:
* Wed May 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-3
- fixes for java, openldap and webalizer
policy-20060505.patch:
Rules.modular | 2
config/appconfig-strict-mls/default_type | 1
policy/global_tunables | 16 +++++++
policy/modules/admin/consoletype.te | 9 +++-
policy/modules/admin/rpm.te | 9 ++++
policy/modules/apps/unconfined_execmem.fc | 3 +
policy/modules/apps/unconfined_execmem.if | 29 ++++++++++++++
policy/modules/apps/unconfined_execmem.te | 21 ++++++++++
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corecommands.fc | 6 --
policy/modules/kernel/files.if | 15 +++++++
policy/modules/kernel/filesystem.if | 23 +++++++++++
policy/modules/kernel/kernel.te | 1
policy/modules/services/amavis.fc | 2
policy/modules/services/amavis.if | 62 ++++++++++++++++++++++++++++++
policy/modules/services/amavis.te | 10 ++++
policy/modules/services/bluetooth.te | 5 ++
policy/modules/services/clamav.te | 21 ++++++++++
policy/modules/services/cups.te | 1
policy/modules/services/cvs.te | 1
policy/modules/services/dovecot.te | 1
policy/modules/services/ftp.te | 20 +++++++++
policy/modules/services/ldap.fc | 1
policy/modules/services/mysql.te | 2
policy/modules/services/networkmanager.fc | 1
policy/modules/services/nscd.te | 5 ++
policy/modules/services/postfix.te | 7 +--
policy/modules/services/pyzor.te | 11 +++++
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 4 +
policy/modules/services/xserver.if | 43 ++++++++++++++++++++
policy/modules/system/hostname.te | 5 +-
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 10 ++++
policy/modules/system/logging.te | 8 +++
policy/modules/system/unconfined.te | 4 +
policy/modules/system/userdomain.te | 42 ++++++++++++++++++--
policy/modules/system/xen.fc | 1
policy/modules/system/xen.if | 2
policy/modules/system/xen.te | 27 ++++++++++++-
policy/rolemap | 1
policy/support/misc_macros.spt | 2
policy/users | 6 +-
43 files changed, 418 insertions(+), 25 deletions(-)
Index: policy-20060505.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060505.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20060505.patch 26 May 2006 10:09:26 -0000 1.13
+++ policy-20060505.patch 26 May 2006 14:25:11 -0000 1.14
@@ -484,7 +484,7 @@
allow dovecot_t dovecot_auth_t:fd use;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.42/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2006-05-17 16:57:08.000000000 -0400
-+++ serefpolicy-2.2.42/policy/modules/services/ftp.te 2006-05-25 15:21:08.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/services/ftp.te 2006-05-26 10:24:35.000000000 -0400
@@ -162,15 +162,35 @@
')
@@ -513,7 +513,7 @@
fs_read_cifs_symlinks(ftpd_t)
')
-+tunable_policy(`allow_ftpd_use_samba && allow_ftpd_anon_write',`
++tunable_policy(`allow_ftpd_use_cifs && allow_ftpd_anon_write',`
+ fs_manage_cifs_files(ftpd_t)
+ fs_read_cifs_symlinks(ftpd_t)
+')
@@ -531,8 +531,16 @@
+/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-2.2.42/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2006-04-12 12:59:10.000000000 -0400
-+++ serefpolicy-2.2.42/policy/modules/services/mysql.te 2006-05-23 16:26:35.000000000 -0400
-@@ -103,6 +103,7 @@
++++ serefpolicy-2.2.42/policy/modules/services/mysql.te 2006-05-25 16:10:38.000000000 -0400
+@@ -33,6 +33,7 @@
+ allow mysqld_t self:capability { dac_override setgid setuid sys_resource net_bind_service };
+ dontaudit mysqld_t self:capability sys_tty_config;
+ allow mysqld_t self:process { setsched getsched setrlimit signal_perms };
++allow mysqld_t self:process { setsched getsched setrlimit signal_perms rlimitinh };
+ allow mysqld_t self:fifo_file { read write };
+ allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
+ allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
+@@ -103,6 +104,7 @@
logging_send_syslog_msg(mysqld_t)
miscfiles_read_localization(mysqld_t)
@@ -1054,3 +1062,15 @@
+ gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
')
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.42/Rules.modular
+--- nsaserefpolicy/Rules.modular 2006-05-02 18:59:59.000000000 -0400
++++ serefpolicy-2.2.42/Rules.modular 2006-05-26 10:24:05.000000000 -0400
+@@ -31,7 +31,7 @@
+ vpath %.if $(ALL_LAYERS)
+ vpath %.fc $(ALL_LAYERS)
+
+-.SECONDARY:
++#.SECONDARY:
+
+ ########################################
+ #
More information about the fedora-cvs-commits
mailing list