rpms/selinux-policy/devel policy-20060915.patch, 1.26, 1.27 selinux-policy.spec, 1.305, 1.306
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 4 19:31:44 UTC 2006
- Previous message (by thread): rpms/kernel/devel/configs config-generic,1.252,1.253
- Next message (by thread): rpms/tomcat5/devel tomcat5-5.5-catalina.sh.patch, 1.2, 1.3 tomcat5-5.5.conf, 1.2, 1.3 tomcat5-5.5.init, 1.2, 1.3 tomcat5-5.5.relink, 1.3, 1.4 tomcat5.spec, 1.93, 1.94
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv7386
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Wed Oct 4 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-3
- Make xentapctrl work
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/flask/access_vectors | 2
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 2
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.te | 7
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.te.in | 17 -
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 20 +
policy/modules/services/apache.fc | 9
policy/modules/services/apache.te | 3
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.if | 25 -
policy/modules/services/cron.te | 6
policy/modules/services/cups.te | 5
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 5
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 2
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 4
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/locallogin.if | 37 ++
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 4
policy/modules/system/mount.fc | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.if | 4
policy/modules/system/selinuxutil.te | 5
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 2
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 16 -
policy/modules/system/userdomain.if | 165 +++++++++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 9
policy/users | 14
102 files changed, 1519 insertions(+), 184 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- policy-20060915.patch 3 Oct 2006 20:35:40 -0000 1.26
+++ policy-20060915.patch 4 Oct 2006 19:31:42 -0000 1.27
@@ -1029,6 +1029,26 @@
+/opt/fortitude/modules.local(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
+/opt/fortitude/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/opt/fortitude/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.18/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te 2006-09-22 14:07:06.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/apache.te 2006-10-04 10:56:30.000000000 -0400
+@@ -204,6 +204,8 @@
+ allow httpd_t squirrelmail_spool_t:file create_file_perms;
+ allow httpd_t squirrelmail_spool_t:lnk_file create_lnk_perms;
+
++apache_domtrans_rotatelogs(httpd_t)
++
+ kernel_read_kernel_sysctls(httpd_t)
+ # for modules that want to access /proc/meminfo
+ kernel_read_system_state(httpd_t)
+@@ -296,6 +298,7 @@
+ ')
+ ')
+
++
+ tunable_policy(`httpd_can_network_connect',`
+ corenet_tcp_connect_all_ports(httpd_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.18/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-09-22 14:07:05.000000000 -0400
+++ serefpolicy-2.3.18/policy/modules/services/automount.te 2006-10-03 12:02:36.000000000 -0400
@@ -2342,7 +2362,7 @@
+/var/run/pcscd\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.18/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/system/init.te 2006-10-03 12:02:36.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/init.te 2006-10-04 10:15:21.000000000 -0400
@@ -151,6 +151,7 @@
mcs_process_set_categories(init_t)
@@ -2964,10 +2984,35 @@
usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.3.18/policy/modules/system/xen.fc
+--- nsaserefpolicy/policy/modules/system/xen.fc 2006-09-22 14:07:07.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/xen.fc 2006-10-04 10:20:01.000000000 -0400
+@@ -19,3 +19,4 @@
+ /var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
+
+ /xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0)
++/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.18/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.18/policy/modules/system/xen.te 2006-10-03 12:02:36.000000000 -0400
-@@ -132,6 +132,7 @@
++++ serefpolicy-2.3.18/policy/modules/system/xen.te 2006-10-04 10:22:45.000000000 -0400
+@@ -63,12 +63,15 @@
+ domain_type(xm_t)
+ init_daemon_domain(xm_t, xm_exec_t)
+
++type xenctl_t;
++files_type(xenctl_t)
++
+ ########################################
+ #
+ # xend local policy
+ #
+
+-allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice sys_ptrace sys_tty_config net_raw };
++allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_nice sys_ptrace sys_tty_config net_raw };
+ dontaudit xend_t self:capability { sys_ptrace };
+ allow xend_t self:process { signal sigkill };
+ dontaudit xend_t self:process ptrace;
+@@ -132,6 +135,7 @@
corenet_tcp_bind_soundd_port(xend_t)
corenet_tcp_bind_generic_port(xend_t)
corenet_tcp_bind_vnc_port(xend_t)
@@ -2975,6 +3020,13 @@
corenet_sendrecv_xen_server_packets(xend_t)
corenet_sendrecv_soundd_server_packets(xend_t)
corenet_rw_tun_tap_dev(xend_t)
+@@ -317,3 +321,6 @@
+ xen_append_log(xm_t)
+ xen_stream_connect(xm_t)
+ xen_stream_connect_xenstore(xm_t)
++
++allow xend_t xenctl_t:fifo_file create_file_perms;
++dev_filetrans(xend_t, xenctl_t, fifo_file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.3.18/policy/users
--- nsaserefpolicy/policy/users 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.18/policy/users 2006-10-03 12:02:36.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.305
retrieving revision 1.306
diff -u -r1.305 -r1.306
--- selinux-policy.spec 3 Oct 2006 20:35:40 -0000 1.305
+++ selinux-policy.spec 4 Oct 2006 19:31:42 -0000 1.306
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.18
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,9 @@
%endif
%changelog
+* Wed Oct 4 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-3
+- Make xentapctrl work
+
* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-2
- Don't transition unconfined_t to bootloader_t
- Fix label in /dev/xen/blktap
- Previous message (by thread): rpms/kernel/devel/configs config-generic,1.252,1.253
- Next message (by thread): rpms/tomcat5/devel tomcat5-5.5-catalina.sh.patch, 1.2, 1.3 tomcat5-5.5.conf, 1.2, 1.3 tomcat5-5.5.init, 1.2, 1.3 tomcat5-5.5.relink, 1.3, 1.4 tomcat5.spec, 1.93, 1.94
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list