rpms/selinux-policy/devel policy-20060915.patch, 1.25, 1.26 selinux-policy.spec, 1.304, 1.305

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Oct 3 20:35:47 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15463

Modified Files:
	policy-20060915.patch selinux-policy.spec 
Log Message:
* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-2
- Don't transition unconfined_t to bootloader_t
- Fix label in /dev/xen/blktap


policy-20060915.patch:
 Rules.modular                                |   10 
 config/appconfig-strict-mcs/seusers          |    3 
 config/appconfig-strict-mls/initrc_context   |    2 
 config/appconfig-strict-mls/seusers          |    3 
 config/appconfig-strict/seusers              |    1 
 config/appconfig-targeted-mcs/seusers        |    3 
 config/appconfig-targeted-mls/initrc_context |    2 
 config/appconfig-targeted-mls/seusers        |    3 
 config/appconfig-targeted/seusers            |    1 
 policy/flask/access_vectors                  |    2 
 policy/global_tunables                       |   15 +
 policy/mcs                                   |    6 
 policy/mls                                   |   36 +-
 policy/modules/admin/acct.te                 |    1 
 policy/modules/admin/amanda.te               |    2 
 policy/modules/admin/bootloader.fc           |    2 
 policy/modules/admin/bootloader.te           |    7 
 policy/modules/admin/consoletype.te          |    8 
 policy/modules/admin/dmesg.te                |    1 
 policy/modules/admin/netutils.te             |    2 
 policy/modules/admin/prelink.te              |    7 
 policy/modules/admin/rpm.fc                  |    2 
 policy/modules/admin/rpm.if                  |   21 +
 policy/modules/admin/rpm.te                  |    5 
 policy/modules/admin/su.if                   |    2 
 policy/modules/admin/usermanage.te           |    5 
 policy/modules/apps/java.fc                  |    2 
 policy/modules/apps/java.te                  |    2 
 policy/modules/apps/mono.te                  |    3 
 policy/modules/kernel/corecommands.fc        |    1 
 policy/modules/kernel/corecommands.if        |   17 +
 policy/modules/kernel/corenetwork.te.in      |   17 -
 policy/modules/kernel/devices.fc             |    9 
 policy/modules/kernel/files.fc               |   27 -
 policy/modules/kernel/filesystem.if          |   22 +
 policy/modules/kernel/filesystem.te          |    1 
 policy/modules/kernel/kernel.if              |    2 
 policy/modules/kernel/kernel.te              |   25 -
 policy/modules/kernel/mcs.te                 |   18 -
 policy/modules/kernel/mls.te                 |   10 
 policy/modules/kernel/selinux.te             |    2 
 policy/modules/kernel/storage.fc             |   49 +--
 policy/modules/kernel/storage.if             |    1 
 policy/modules/kernel/terminal.fc            |    2 
 policy/modules/kernel/terminal.if            |   20 +
 policy/modules/services/apache.fc            |    9 
 policy/modules/services/automount.te         |    4 
 policy/modules/services/ccs.fc               |    8 
 policy/modules/services/ccs.if               |   65 ++++
 policy/modules/services/ccs.te               |   87 ++++++
 policy/modules/services/cron.if              |   25 -
 policy/modules/services/cron.te              |    6 
 policy/modules/services/cups.te              |    5 
 policy/modules/services/cvs.te               |    1 
 policy/modules/services/dbus.if              |    1 
 policy/modules/services/dovecot.te           |    2 
 policy/modules/services/hal.te               |    1 
 policy/modules/services/lpd.fc               |    5 
 policy/modules/services/mta.te               |    1 
 policy/modules/services/nscd.if              |   20 +
 policy/modules/services/nscd.te              |    3 
 policy/modules/services/pegasus.if           |   31 ++
 policy/modules/services/pegasus.te           |    5 
 policy/modules/services/procmail.te          |    1 
 policy/modules/services/rhgb.te              |   24 +
 policy/modules/services/ricci.fc             |   20 +
 policy/modules/services/ricci.if             |  184 ++++++++++++
 policy/modules/services/ricci.te             |  388 +++++++++++++++++++++++++++
 policy/modules/services/rsync.te             |    1 
 policy/modules/services/setroubleshoot.te    |    2 
 policy/modules/services/spamassassin.te      |    4 
 policy/modules/services/ssh.te               |    2 
 policy/modules/services/xserver.if           |    2 
 policy/modules/services/xserver.te           |    2 
 policy/modules/system/authlogin.if           |    2 
 policy/modules/system/fstools.te             |    3 
 policy/modules/system/hostname.te            |    6 
 policy/modules/system/init.fc                |    3 
 policy/modules/system/init.te                |    4 
 policy/modules/system/iscsi.fc               |    7 
 policy/modules/system/iscsi.if               |   24 +
 policy/modules/system/iscsi.te               |   74 +++++
 policy/modules/system/libraries.fc           |    1 
 policy/modules/system/locallogin.if          |   37 ++
 policy/modules/system/logging.fc             |    8 
 policy/modules/system/logging.te             |    4 
 policy/modules/system/mount.fc               |    1 
 policy/modules/system/mount.te               |    1 
 policy/modules/system/raid.te                |    3 
 policy/modules/system/selinuxutil.fc         |    6 
 policy/modules/system/selinuxutil.if         |    4 
 policy/modules/system/selinuxutil.te         |    5 
 policy/modules/system/setrans.fc             |    2 
 policy/modules/system/setrans.te             |    2 
 policy/modules/system/unconfined.if          |    1 
 policy/modules/system/unconfined.te          |   16 -
 policy/modules/system/userdomain.if          |  165 +++++++++++
 policy/modules/system/userdomain.te          |    6 
 policy/modules/system/xen.te                 |    1 
 policy/users                                 |   14 
 100 files changed, 1508 insertions(+), 183 deletions(-)

Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policy-20060915.patch	3 Oct 2006 19:03:24 -0000	1.25
+++ policy-20060915.patch	3 Oct 2006 20:35:40 -0000	1.26
@@ -186,6 +186,18 @@
  logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
  
  allow amanda_t amanda_tmp_t:dir create_dir_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.18/policy/modules/admin/bootloader.fc
+--- nsaserefpolicy/policy/modules/admin/bootloader.fc	2006-09-25 15:11:11.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/bootloader.fc	2006-10-03 16:16:13.000000000 -0400
+@@ -7,8 +7,6 @@
+ /usr/sbin/mkinitrd	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ 
+ /sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+-#/sbin/grub-.*		--	gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
+-#/sbin/grubby		--	gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
+ /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/mkinitrd		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.18/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-09-25 15:11:11.000000000 -0400
 +++ serefpolicy-2.3.18/policy/modules/admin/bootloader.te	2006-10-03 12:02:36.000000000 -0400
@@ -542,7 +554,7 @@
 +allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.18/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/kernel/devices.fc	2006-10-03 12:02:36.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/devices.fc	2006-10-03 16:05:01.000000000 -0400
 @@ -25,10 +25,10 @@
  /dev/i915		-c	gen_context(system_u:object_r:dri_device_t,s0)
  /dev/irlpt[0-9]+	-c	gen_context(system_u:object_r:printer_device_t,s0)
@@ -570,6 +582,14 @@
  /dev/(misc/)?psaux	-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/rmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/radeon		-c	gen_context(system_u:object_r:dri_device_t,s0)
+@@ -99,6 +99,7 @@
+ /dev/usb/scanner.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
+ 
+ /dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
++/dev/xen/blktap.*	-c	gen_context(system_u:object_r:xen_device_t,s0)
+ 
+ ifdef(`distro_debian',`
+ # used by udev init script as temporary mount point
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.18/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-09-25 15:11:10.000000000 -0400
 +++ serefpolicy-2.3.18/policy/modules/kernel/files.fc	2006-10-03 12:02:36.000000000 -0400
@@ -2704,18 +2724,24 @@
  	corenet_unconfined($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.18/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/system/unconfined.te	2006-10-03 12:02:36.000000000 -0400
-@@ -64,10 +64,6 @@
++++ serefpolicy-2.3.18/policy/modules/system/unconfined.te	2006-10-03 16:15:06.000000000 -0400
+@@ -63,13 +63,9 @@
+ 		bind_domtrans_ndc(unconfined_t)
  	')
  
- 	optional_policy(`
+-	optional_policy(`
 -		bluetooth_domtrans_helper(unconfined_t)
 -	')
 -
 -	optional_policy(`
- 		bootloader_domtrans(unconfined_t)
- 	')
+-		bootloader_domtrans(unconfined_t)
+-	')
++#	optional_policy(`
++#		bootloader_domtrans(unconfined_t)
++#	')
  
+ 	optional_policy(`
+ 		init_dbus_chat_script(unconfined_t)
 @@ -189,6 +185,8 @@
  	optional_policy(`
  		xserver_domtrans_xdm_xserver(unconfined_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.304
retrieving revision 1.305
diff -u -r1.304 -r1.305
--- selinux-policy.spec	3 Oct 2006 18:45:18 -0000	1.304
+++ selinux-policy.spec	3 Oct 2006 20:35:40 -0000	1.305
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.3.18
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,10 @@
 %endif
 
 %changelog
+* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-2
+- Don't transition unconfined_t to bootloader_t
+- Fix label in /dev/xen/blktap
+
 * Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-1
 - Patch for labeled networking
 




More information about the fedora-cvs-commits mailing list