rpms/selinux-policy/FC-6 policy-20061106.patch, 1.2, 1.3 selinux-policy.spec, 1.326, 1.327 sources, 1.99, 1.100
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 17 19:22:35 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore,1.97,1.98 sources,1.101,1.102
- Next message (by thread): rpms/kudzu/devel .cvsignore, 1.141, 1.142 kudzu.spec, 1.160, 1.161 sources, 1.158, 1.159
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv22151
Modified Files:
policy-20061106.patch selinux-policy.spec sources
Log Message:
* Wed Nov 15 2006 Dan Walsh <dwalsh at redhat.com> 2.4.5-1
- Move to upstream version which accepted my patches
policy-20061106.patch:
Rules.modular | 10 +
policy/flask/access_vectors | 2
policy/global_tunables | 36 ++++
policy/mls | 3
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 1
policy/modules/admin/consoletype.te | 10 +
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 6
policy/modules/admin/logwatch.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.te | 5
policy/modules/admin/quota.te | 1
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 24 +++
policy/modules/admin/rpm.te | 37 +---
policy/modules/apps/java.fc | 2
policy/modules/kernel/corecommands.if | 17 ++
policy/modules/kernel/corenetwork.if.in | 12 +
policy/modules/kernel/corenetwork.te.in | 15 +-
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 5
policy/modules/kernel/devices.te | 6
policy/modules/kernel/domain.te | 7
policy/modules/kernel/files.if | 88 +++++++++++
policy/modules/kernel/filesystem.te | 6
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 10 +
policy/modules/services/apache.te | 16 ++
policy/modules/services/automount.te | 1
policy/modules/services/cron.if | 26 ---
policy/modules/services/cron.te | 5
policy/modules/services/cups.fc | 2
policy/modules/services/cups.te | 4
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.fc | 1
policy/modules/services/dbus.if | 1
policy/modules/services/hal.fc | 4
policy/modules/services/hal.te | 8 +
policy/modules/services/kerberos.if | 1
policy/modules/services/kerberos.te | 11 +
policy/modules/services/lpd.if | 52 +++----
policy/modules/services/mta.if | 1
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 ++
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.te | 3
policy/modules/services/pegasus.if | 31 ++++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 9 +
policy/modules/services/procmail.te | 16 ++
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 2
policy/modules/services/samba.te | 6
policy/modules/services/sasl.te | 2
policy/modules/services/snmp.te | 1
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 3
policy/modules/services/telnet.te | 1
policy/modules/services/tftp.te | 2
policy/modules/services/xserver.if | 40 +++++
policy/modules/system/authlogin.if | 5
policy/modules/system/authlogin.te | 2
policy/modules/system/clock.te | 1
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 2
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 14 +
policy/modules/system/iptables.te | 6
policy/modules/system/libraries.fc | 13 +
policy/modules/system/libraries.te | 6
policy/modules/system/locallogin.if | 37 ++++
policy/modules/system/logging.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 48 ++++++
policy/modules/system/miscfiles.fc | 1
policy/modules/system/modutils.te | 5
policy/modules/system/mount.te | 19 +-
policy/modules/system/raid.te | 7
policy/modules/system/selinuxutil.if | 4
policy/modules/system/selinuxutil.te | 37 +++-
policy/modules/system/unconfined.fc | 4
policy/modules/system/unconfined.if | 19 ++
policy/modules/system/unconfined.te | 11 +
policy/modules/system/userdomain.if | 237 +++++++++++++++++++++++++++-----
policy/modules/system/userdomain.te | 10 +
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 30 +++-
91 files changed, 942 insertions(+), 193 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 policy-20061106.patch
Index: policy-20061106.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20061106.patch 13 Nov 2006 16:32:43 -0000 1.2
+++ policy-20061106.patch 17 Nov 2006 19:22:32 -0000 1.3
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.3/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors 2006-10-23 16:14:53.000000000 -0400
-+++ serefpolicy-2.4.3/policy/flask/access_vectors 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.5/policy/flask/access_vectors
+--- nsaserefpolicy/policy/flask/access_vectors 2006-11-16 17:15:00.000000000 -0500
++++ serefpolicy-2.4.5/policy/flask/access_vectors 2006-11-17 09:19:51.000000000 -0500
@@ -619,6 +619,8 @@
send
recv
@@ -10,15 +10,9 @@
}
class key
-@@ -635,4 +637,5 @@
- class context
- {
- translate
-+ contains
- }
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.3/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2006-11-06 11:13:22.000000000 -0500
-+++ serefpolicy-2.4.3/policy/global_tunables 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.5/policy/global_tunables
+--- nsaserefpolicy/policy/global_tunables 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/global_tunables 2006-11-17 09:19:51.000000000 -0500
@@ -574,6 +574,13 @@
gen_tunable(xdm_sysadm_login,false)
')
@@ -74,20 +68,22 @@
+## </p>
+## </desc>
+gen_tunable(use_lpd_server,false)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.4.3/policy/mls
---- nsaserefpolicy/policy/mls 2006-11-06 11:13:22.000000000 -0500
-+++ serefpolicy-2.4.3/policy/mls 2006-11-09 14:03:18.000000000 -0500
-@@ -597,4 +597,7 @@
- mlsconstrain context translate
- (( h1 dom h2 ) or ( t1 == mlstranslate ));
-
-+mlsconstrain context contains
-+ ( h1 dom h2 );
-+
- ') dnl end enable_mls
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.3/policy/modules/admin/acct.te
---- nsaserefpolicy/policy/modules/admin/acct.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.4.3/policy/modules/admin/acct.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.4.5/policy/mls
+--- nsaserefpolicy/policy/mls 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/mls 2006-11-17 09:19:51.000000000 -0500
+@@ -585,7 +585,8 @@
+ ( t2 == unlabeled_t ));
+
+ mlsconstrain association { polmatch }
+- (( l1 dom l2 ) and ( h1 domby h2 ));
++ ((( l1 dom l2 ) and ( h1 domby h2 )) or
++ ( t2 == unlabeled_t ));
+
+
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.5/policy/modules/admin/acct.te
+--- nsaserefpolicy/policy/modules/admin/acct.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/acct.te 2006-11-17 09:19:51.000000000 -0500
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -96,9 +92,9 @@
type acct_data_t;
logging_log_file(acct_data_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.3/policy/modules/admin/amanda.te
---- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-06 11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/admin/amanda.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.5/policy/modules/admin/amanda.te
+--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/amanda.te 2006-11-17 09:19:51.000000000 -0500
@@ -75,6 +75,7 @@
allow amanda_t self:unix_dgram_socket create_socket_perms;
allow amanda_t self:tcp_socket create_stream_socket_perms;
@@ -107,9 +103,9 @@
# access to amanda_amandates_t
allow amanda_t amanda_amandates_t:file { getattr lock read write };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4.3/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.3/policy/modules/admin/consoletype.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4.5/policy/modules/admin/consoletype.te
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/consoletype.te 2006-11-17 09:19:51.000000000 -0500
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -132,9 +128,18 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4.3/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.4.3/policy/modules/admin/dmesg.te 2006-11-09 14:03:18.000000000 -0500
+@@ -84,7 +90,7 @@
+ optional_policy(`
+ files_read_etc_files(consoletype_t)
+ firstboot_use_fds(consoletype_t)
+- firstboot_write_pipes(consoletype_t)
++ firstboot_rw_pipes(consoletype_t)
+ ')
+
+ optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4.5/policy/modules/admin/dmesg.te
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/dmesg.te 2006-11-17 09:19:51.000000000 -0500
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -143,9 +148,34 @@
role system_r types dmesg_t;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.4.3/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.3/policy/modules/admin/logwatch.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-2.4.5/policy/modules/admin/firstboot.if
+--- nsaserefpolicy/policy/modules/admin/firstboot.if 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/firstboot.if 2006-11-17 09:19:51.000000000 -0500
+@@ -96,7 +96,7 @@
+
+ ########################################
+ ## <summary>
+-## Write to a firstboot unnamed pipe.
++## Read Write to a firstboot unnamed pipe.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+@@ -104,10 +104,10 @@
+ ## </summary>
+ ## </param>
+ #
+-interface(`firstboot_write_pipes',`
++interface(`firstboot_rw_pipes',`
+ gen_require(`
+ type firstboot_t;
+ ')
+
+- allow $1 firstboot_t:fifo_file write;
++ allow $1 firstboot_t:fifo_file { read write };
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.4.5/policy/modules/admin/logwatch.te
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/logwatch.te 2006-11-17 09:19:51.000000000 -0500
@@ -53,6 +53,7 @@
corecmd_exec_ls(logwatch_t)
@@ -154,9 +184,9 @@
# Read /proc/PID directories for all domains.
domain_read_all_domains_state(logwatch_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.4.3/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2006-11-06 11:13:22.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/admin/netutils.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.4.5/policy/modules/admin/netutils.te
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/netutils.te 2006-11-17 09:19:51.000000000 -0500
@@ -18,10 +18,12 @@
type ping_exec_t;
init_system_domain(ping_t,ping_exec_t)
@@ -170,9 +200,9 @@
role system_r types traceroute_t;
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4.3/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2006-11-06 11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/admin/prelink.te 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4.5/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/prelink.te 2006-11-17 09:19:51.000000000 -0500
@@ -57,6 +57,7 @@
files_write_non_security_dirs(prelink_t)
files_read_etc_files(prelink_t)
@@ -193,9 +223,20 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.4.3/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.4.3/policy/modules/admin/rpm.fc 2006-11-09 14:03:18.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-2.4.5/policy/modules/admin/quota.te
+--- nsaserefpolicy/policy/modules/admin/quota.te 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/admin/quota.te 2006-11-17 13:36:35.000000000 -0500
+@@ -30,6 +30,7 @@
+ dev_read_sysfs(quota_t)
+ dev_getattr_all_blk_files(quota_t)
+ dev_getattr_all_chr_files(quota_t)
[...2615 lines suppressed...]
template(`userdom_ro_home_template',`
@@ -3098,7 +2366,7 @@
# type for contents of home directory
type $1_home_t, $1_file_type, home_type;
files_type($1_home_t)
-@@ -214,6 +222,10 @@
+@@ -220,6 +224,10 @@
## <rolebase/>
#
template(`userdom_manage_home_template',`
@@ -3109,7 +2377,7 @@
# type for contents of home directory
type $1_home_t, $1_file_type, home_type;
files_type($1_home_t)
-@@ -341,6 +353,10 @@
+@@ -347,6 +355,10 @@
## <rolebase/>
#
template(`userdom_manage_tmp_template',`
@@ -3120,7 +2388,7 @@
type $1_tmp_t, $1_file_type;
files_tmp_file($1_tmp_t)
-@@ -409,6 +425,9 @@
+@@ -415,6 +427,9 @@
## <rolebase/>
#
template(`userdom_manage_tmpfs_template',`
@@ -3130,7 +2398,7 @@
type $1_tmpfs_t, $1_file_type;
files_tmpfs_file($1_tmpfs_t)
-@@ -664,6 +683,8 @@
+@@ -670,6 +685,8 @@
allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1_t self:process { ptrace setfscreate };
@@ -3139,7 +2407,7 @@
# evolution and gnome-session try to create a netlink socket
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
-@@ -1028,6 +1049,7 @@
+@@ -1034,6 +1051,7 @@
template(`userdom_admin_user_template',`
gen_require(`
class passwd { passwd chfn chsh rootok crontab };
@@ -3147,7 +2415,54 @@
')
##############################
-@@ -5454,3 +5476,182 @@
+@@ -4492,41 +4510,13 @@
+ ## </param>
+ #
+ interface(`userdom_read_sysadm_home_content_files',`
+- ifdef(`strict_policy',`
+- gen_require(`
+- type sysadm_home_dir_t, sysadm_home_t;
+- ')
+-
+- files_search_home($1)
+- allow $1 { sysadm_home_dir_t sysadm_home_t }:dir r_dir_perms;
+- allow $1 sysadm_home_t:{ file lnk_file } r_file_perms;
+- ',`
+- userdom_read_generic_user_home_content_files($1)
++ gen_require(`
++ type sysadm_home_dir_t, sysadm_home_t;
+ ')
+-')
+
+-########################################
+-## <summary>
+-## Read files in the sysadm users home directory.
+-## </summary>
+-## <param name="domain">
+-## <summary>
+-## Domain allowed access.
+-## </summary>
+-## </param>
+-#
+-interface(`userdom_read_sysadm_tmp_files',`
+- ifdef(`strict_policy',`
+- gen_require(`
+- type sysadm_tmp_t;
+- ')
+-
+- files_search_tmp($1)
+- allow $1 sysadm_tmp_t:dir list_dir_perms;
+- allow $1 sysadm_tmp_t:{ file lnk_file } r_file_perms;
+- ',`
+- files_read_generic_tmp_files($1)
+- ')
++ files_search_home($1)
++ allow $1 { sysadm_home_dir_t sysadm_home_t }:dir r_dir_perms;
++ allow $1 sysadm_home_t:{ file lnk_file } r_file_perms;
+ ')
+
+ ########################################
+@@ -5488,3 +5478,182 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -3330,9 +2645,9 @@
+ allow $1 user_home_t:file execute;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.3/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-11-06 11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/userdomain.te 2006-11-09 14:03:19.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.5/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-11-16 17:15:24.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/system/userdomain.te 2006-11-17 09:19:51.000000000 -0500
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -3369,9 +2684,9 @@
usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.3/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-06 11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/xen.fc 2006-11-09 14:03:19.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.5/policy/modules/system/xen.fc
+--- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-16 17:15:24.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/system/xen.fc 2006-11-17 09:19:51.000000000 -0500
@@ -8,6 +8,7 @@
/usr/sbin/xm -- gen_context(system_u:object_r:xm_exec_t,s0)
@@ -3380,9 +2695,9 @@
/var/lib/xend(/.*)? gen_context(system_u:object_r:xend_var_lib_t,s0)
/var/lib/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.3/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2006-11-06 11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/xen.te 2006-11-10 13:39:54.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.5/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2006-11-16 17:15:24.000000000 -0500
++++ serefpolicy-2.4.5/policy/modules/system/xen.te 2006-11-17 12:30:18.000000000 -0500
@@ -86,8 +86,8 @@
allow xend_t self:tcp_socket create_stream_socket_perms;
allow xend_t self:packet_socket create_socket_perms;
@@ -3410,20 +2725,22 @@
domain_read_all_domains_state(xend_t)
domain_dontaudit_read_all_domains_state(xend_t)
-@@ -164,7 +166,11 @@
+@@ -163,8 +165,13 @@
+ files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
files_read_usr_files(xend_t)
-
--storage_raw_read_fixed_disk(xend_t)
++files_read_default_symlinks(xend_t)
++
+#tunable_policy(`xen_use_raw_disk',`
+ storage_raw_read_fixed_disk(xend_t)
+ storage_raw_write_fixed_disk(xend_t)
+#')
-+
+
+-storage_raw_read_fixed_disk(xend_t)
storage_raw_read_removable_device(xend_t)
term_getattr_all_user_ptys(xend_t)
-@@ -236,6 +242,10 @@
+@@ -236,6 +243,10 @@
files_read_usr_files(xenconsoled_t)
@@ -3434,7 +2751,7 @@
term_create_pty(xenconsoled_t,xen_devpts_t);
term_use_generic_ptys(xenconsoled_t)
term_use_console(xenconsoled_t)
-@@ -283,6 +293,12 @@
+@@ -283,6 +294,12 @@
files_read_usr_files(xenstored_t)
@@ -3447,7 +2764,7 @@
term_use_generic_ptys(xenstored_t)
term_use_console(xenconsoled_t)
-@@ -353,3 +369,10 @@
+@@ -353,3 +370,10 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
@@ -3458,9 +2775,9 @@
+fs_write_nfs_files(xend_t)
+fs_read_nfs_files(xend_t)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.3/Rules.modular
---- nsaserefpolicy/Rules.modular 2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.4.3/Rules.modular 2006-11-09 14:03:19.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.5/Rules.modular
+--- nsaserefpolicy/Rules.modular 2006-11-16 17:15:29.000000000 -0500
++++ serefpolicy-2.4.5/Rules.modular 2006-11-17 09:19:51.000000000 -0500
@@ -219,6 +219,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v
retrieving revision 1.326
retrieving revision 1.327
diff -u -r1.326 -r1.327
--- selinux-policy.spec 13 Nov 2006 16:32:43 -0000 1.326
+++ selinux-policy.spec 17 Nov 2006 19:22:32 -0000 1.327
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.4.3
-Release: 10%{?dist}
+Version: 2.4.5
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -351,8 +351,26 @@
%endif
%changelog
-* Mon Nov 13 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-10.fc6
-- Bump for fc6
+* Wed Nov 15 2006 Dan Walsh <dwalsh at redhat.com> 2.4.5-1
+- Move to upstream version which accepted my patches
+
+* Wed Nov 15 2006 Dan Walsh <dwalsh at redhat.com> 2.4.4-2
+- Fixes for nvidia driver
+
+* Tue Nov 14 2006 Dan Walsh <dwalsh at redhat.com> 2.4.4-2
+- Allow semanage to signal mcstrans
+
+* Tue Nov 14 2006 Dan Walsh <dwalsh at redhat.com> 2.4.4-1
+- Update to upstream
+
+* Mon Nov 13 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-13
+- Allow modstorage to edit /etc/fstab file
+
+* Mon Nov 13 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-12
+- Fix for qemu, /dev/
+
+* Mon Nov 13 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-11
+- Fix path to realplayer.bin
* Fri Nov 10 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-10
- Allow xen to connect to xen port
@@ -379,9 +397,6 @@
* Tue Nov 7 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-3
- Remove ability for sysadm_t to look at audit.log
-* Tue Nov 7 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-2.fc6
-- Bump for fc6
-
* Tue Nov 7 2006 Dan Walsh <dwalsh at redhat.com> 2.4.3-2
- Fix rpc_port_types
- Add aide policy for mls
@@ -407,18 +422,12 @@
* Tue Oct 31 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-4
- Add perms for swat
-* Mon Oct 30 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-3.fc6
-- Bump for fc6
-
* Mon Oct 30 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-3
- Allow daemons to dump core files to /
* Fri Oct 27 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-2
- Fixes for ricci
-* Fri Oct 27 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-1.fc6
-- Bump for fc6
-
* Fri Oct 27 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-1
- Allow mount.nfs to work
@@ -428,9 +437,6 @@
* Mon Oct 23 2006 Dan Walsh <dwalsh at redhat.com> 2.4.1-4
- Fixes for ricci using saslauthd
-* Mon Oct 23 2006 Dan Walsh <dwalsh at redhat.com> 2.4.1-3.fc6
-- Bump for fc6
-
* Mon Oct 23 2006 Dan Walsh <dwalsh at redhat.com> 2.4.1-3
- Allow mountpoint on home_dir_t and home_t
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/sources,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- sources 7 Nov 2006 20:41:45 -0000 1.99
+++ sources 17 Nov 2006 19:22:32 -0000 1.100
@@ -1 +1 @@
-32269bd83ca28323e7c2c9d5dc424e18 serefpolicy-2.4.3.tgz
+c6d88e7a588fb11c9844027801bbb0f0 serefpolicy-2.4.5.tgz
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore,1.97,1.98 sources,1.101,1.102
- Next message (by thread): rpms/kudzu/devel .cvsignore, 1.141, 1.142 kudzu.spec, 1.160, 1.161 sources, 1.158, 1.159
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list