rpms/selinux-policy/devel policy-20060915.patch, 1.25, 1.26 selinux-policy.spec, 1.304, 1.305
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Oct 3 20:35:47 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15463
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-2
- Don't transition unconfined_t to bootloader_t
- Fix label in /dev/xen/blktap
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/flask/access_vectors | 2
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 2
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.te | 7
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.te.in | 17 -
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 20 +
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.if | 25 -
policy/modules/services/cron.te | 6
policy/modules/services/cups.te | 5
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 5
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 2
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 4
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/locallogin.if | 37 ++
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 4
policy/modules/system/mount.fc | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.if | 4
policy/modules/system/selinuxutil.te | 5
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 2
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 16 -
policy/modules/system/userdomain.if | 165 +++++++++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.te | 1
policy/users | 14
100 files changed, 1508 insertions(+), 183 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policy-20060915.patch 3 Oct 2006 19:03:24 -0000 1.25
+++ policy-20060915.patch 3 Oct 2006 20:35:40 -0000 1.26
@@ -186,6 +186,18 @@
logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
allow amanda_t amanda_tmp_t:dir create_dir_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.18/policy/modules/admin/bootloader.fc
+--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-09-25 15:11:11.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/bootloader.fc 2006-10-03 16:16:13.000000000 -0400
+@@ -7,8 +7,6 @@
+ /usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+
+ /sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+-#/sbin/grub-.* -- gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
+-#/sbin/grubby -- gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
+ /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.18/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-09-25 15:11:11.000000000 -0400
+++ serefpolicy-2.3.18/policy/modules/admin/bootloader.te 2006-10-03 12:02:36.000000000 -0400
@@ -542,7 +554,7 @@
+allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.18/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/kernel/devices.fc 2006-10-03 12:02:36.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/devices.fc 2006-10-03 16:05:01.000000000 -0400
@@ -25,10 +25,10 @@
/dev/i915 -c gen_context(system_u:object_r:dri_device_t,s0)
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
@@ -570,6 +582,14 @@
/dev/(misc/)?psaux -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0)
+@@ -99,6 +99,7 @@
+ /dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0)
+
+ /dev/xen/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
++/dev/xen/blktap.* -c gen_context(system_u:object_r:xen_device_t,s0)
+
+ ifdef(`distro_debian',`
+ # used by udev init script as temporary mount point
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.18/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-09-25 15:11:10.000000000 -0400
+++ serefpolicy-2.3.18/policy/modules/kernel/files.fc 2006-10-03 12:02:36.000000000 -0400
@@ -2704,18 +2724,24 @@
corenet_unconfined($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.18/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/system/unconfined.te 2006-10-03 12:02:36.000000000 -0400
-@@ -64,10 +64,6 @@
++++ serefpolicy-2.3.18/policy/modules/system/unconfined.te 2006-10-03 16:15:06.000000000 -0400
+@@ -63,13 +63,9 @@
+ bind_domtrans_ndc(unconfined_t)
')
- optional_policy(`
+- optional_policy(`
- bluetooth_domtrans_helper(unconfined_t)
- ')
-
- optional_policy(`
- bootloader_domtrans(unconfined_t)
- ')
+- bootloader_domtrans(unconfined_t)
+- ')
++# optional_policy(`
++# bootloader_domtrans(unconfined_t)
++# ')
+ optional_policy(`
+ init_dbus_chat_script(unconfined_t)
@@ -189,6 +185,8 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.304
retrieving revision 1.305
diff -u -r1.304 -r1.305
--- selinux-policy.spec 3 Oct 2006 18:45:18 -0000 1.304
+++ selinux-policy.spec 3 Oct 2006 20:35:40 -0000 1.305
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.18
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,10 @@
%endif
%changelog
+* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-2
+- Don't transition unconfined_t to bootloader_t
+- Fix label in /dev/xen/blktap
+
* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-1
- Patch for labeled networking
More information about the fedora-cvs-commits
mailing list