rpms/selinux-policy/devel policy-20060505.patch,1.13,1.14

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri May 26 14:25:13 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27291

Modified Files:
	policy-20060505.patch 
Log Message:
* Wed May 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.42-3
- fixes for java, openldap and webalizer


policy-20060505.patch:
 Rules.modular                             |    2 
 config/appconfig-strict-mls/default_type  |    1 
 policy/global_tunables                    |   16 +++++++
 policy/modules/admin/consoletype.te       |    9 +++-
 policy/modules/admin/rpm.te               |    9 ++++
 policy/modules/apps/unconfined_execmem.fc |    3 +
 policy/modules/apps/unconfined_execmem.if |   29 ++++++++++++++
 policy/modules/apps/unconfined_execmem.te |   21 ++++++++++
 policy/modules/apps/webalizer.te          |    1 
 policy/modules/kernel/corecommands.fc     |    6 --
 policy/modules/kernel/files.if            |   15 +++++++
 policy/modules/kernel/filesystem.if       |   23 +++++++++++
 policy/modules/kernel/kernel.te           |    1 
 policy/modules/services/amavis.fc         |    2 
 policy/modules/services/amavis.if         |   62 ++++++++++++++++++++++++++++++
 policy/modules/services/amavis.te         |   10 ++++
 policy/modules/services/bluetooth.te      |    5 ++
 policy/modules/services/clamav.te         |   21 ++++++++++
 policy/modules/services/cups.te           |    1 
 policy/modules/services/cvs.te            |    1 
 policy/modules/services/dovecot.te        |    1 
 policy/modules/services/ftp.te            |   20 +++++++++
 policy/modules/services/ldap.fc           |    1 
 policy/modules/services/mysql.te          |    2 
 policy/modules/services/networkmanager.fc |    1 
 policy/modules/services/nscd.te           |    5 ++
 policy/modules/services/postfix.te        |    7 +--
 policy/modules/services/pyzor.te          |   11 +++++
 policy/modules/services/rsync.te          |    1 
 policy/modules/services/samba.te          |    4 +
 policy/modules/services/xserver.if        |   43 ++++++++++++++++++++
 policy/modules/system/hostname.te         |    5 +-
 policy/modules/system/init.te             |    1 
 policy/modules/system/libraries.fc        |   10 ++++
 policy/modules/system/logging.te          |    8 +++
 policy/modules/system/unconfined.te       |    4 +
 policy/modules/system/userdomain.te       |   42 ++++++++++++++++++--
 policy/modules/system/xen.fc              |    1 
 policy/modules/system/xen.if              |    2 
 policy/modules/system/xen.te              |   27 ++++++++++++-
 policy/rolemap                            |    1 
 policy/support/misc_macros.spt            |    2 
 policy/users                              |    6 +-
 43 files changed, 418 insertions(+), 25 deletions(-)

Index: policy-20060505.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060505.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20060505.patch	26 May 2006 10:09:26 -0000	1.13
+++ policy-20060505.patch	26 May 2006 14:25:11 -0000	1.14
@@ -484,7 +484,7 @@
  allow dovecot_t dovecot_auth_t:fd use;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.42/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2006-05-17 16:57:08.000000000 -0400
-+++ serefpolicy-2.2.42/policy/modules/services/ftp.te	2006-05-25 15:21:08.000000000 -0400
++++ serefpolicy-2.2.42/policy/modules/services/ftp.te	2006-05-26 10:24:35.000000000 -0400
 @@ -162,15 +162,35 @@
  ')
  
@@ -513,7 +513,7 @@
  	fs_read_cifs_symlinks(ftpd_t)
  ')
  
-+tunable_policy(`allow_ftpd_use_samba && allow_ftpd_anon_write',`
++tunable_policy(`allow_ftpd_use_cifs && allow_ftpd_anon_write',`
 +	fs_manage_cifs_files(ftpd_t)
 +	fs_read_cifs_symlinks(ftpd_t)
 +')
@@ -531,8 +531,16 @@
 +/var/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-2.2.42/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2006-04-12 12:59:10.000000000 -0400
-+++ serefpolicy-2.2.42/policy/modules/services/mysql.te	2006-05-23 16:26:35.000000000 -0400
-@@ -103,6 +103,7 @@
++++ serefpolicy-2.2.42/policy/modules/services/mysql.te	2006-05-25 16:10:38.000000000 -0400
+@@ -33,6 +33,7 @@
+ allow mysqld_t self:capability { dac_override setgid setuid sys_resource net_bind_service };
+ dontaudit mysqld_t self:capability sys_tty_config;
+ allow mysqld_t self:process { setsched getsched setrlimit signal_perms };
++allow mysqld_t self:process { setsched getsched setrlimit signal_perms rlimitinh };
+ allow mysqld_t self:fifo_file { read write };
+ allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
+ allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
+@@ -103,6 +104,7 @@
  logging_send_syslog_msg(mysqld_t)
  
  miscfiles_read_localization(mysqld_t)
@@ -1054,3 +1062,15 @@
 +		gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
  	')
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.42/Rules.modular
+--- nsaserefpolicy/Rules.modular	2006-05-02 18:59:59.000000000 -0400
++++ serefpolicy-2.2.42/Rules.modular	2006-05-26 10:24:05.000000000 -0400
+@@ -31,7 +31,7 @@
+ vpath %.if $(ALL_LAYERS)
+ vpath %.fc $(ALL_LAYERS)
+ 
+-.SECONDARY:
++#.SECONDARY:
+ 
+ ########################################
+ #

More information about the fedora-cvs-commits mailing list