rpms/selinux-policy/devel policy-20060829.patch, 1.14, 1.15 selinux-policy.spec, 1.275, 1.276
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 8 17:10:43 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17003
Modified Files:
policy-20060829.patch selinux-policy.spec
Log Message:
* Thu Sep 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-3
- Fix location of xel log files
- Fix handling of sysadm_r -> rpm_exec_t
policy-20060829.patch:
Makefile | 23 -
Rules.modular | 10
policy/modules/admin/anaconda.te | 6
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 2
policy/modules/admin/consoletype.te | 7
policy/modules/admin/rpm.fc | 2
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 21 +
policy/modules/kernel/filesystem.if | 19 +
policy/modules/services/amavis.te | 1
policy/modules/services/apache.te | 1
policy/modules/services/automount.te | 1
policy/modules/services/bluetooth.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cron.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/lpd.fc | 1
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 6
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++++
policy/modules/services/ricci.te | 386 ++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 1
policy/modules/services/xserver.if | 24 +
policy/modules/system/hostname.te | 5
policy/modules/system/init.te | 3
policy/modules/system/selinuxutil.te | 3
policy/modules/system/userdomain.if | 268 +++++++++++++------
policy/modules/system/userdomain.te | 61 +---
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 2
45 files changed, 1353 insertions(+), 140 deletions(-)
Index: policy-20060829.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060829.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- policy-20060829.patch 7 Sep 2006 19:15:29 -0000 1.14
+++ policy-20060829.patch 8 Sep 2006 17:10:41 -0000 1.15
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.3.13/Makefile
--- nsaserefpolicy/Makefile 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.13/Makefile 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/Makefile 2006-09-08 12:02:39.000000000 -0400
@@ -44,16 +44,17 @@
endif
@@ -47,7 +47,7 @@
$(moddir)/kernel/corenetwork.te: $(moddir)/kernel/corenetwork.te.m4 $(moddir)/kernel/corenetwork.te.in
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.13/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-09-01 14:10:19.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/anaconda.te 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/admin/anaconda.te 2006-09-08 12:02:39.000000000 -0400
@@ -64,3 +64,9 @@
optional_policy(`
usermanage_domtrans_admin_passwd(anaconda_t)
@@ -60,7 +60,7 @@
+domain_dontaudit_use_interactive_fds(anaconda_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.13/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.fc 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/admin/bootloader.fc 2006-09-08 12:02:39.000000000 -0400
@@ -10,3 +10,4 @@
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -68,7 +68,7 @@
+/boot/grub/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.13/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.te 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/admin/bootloader.te 2006-09-08 12:02:39.000000000 -0400
@@ -161,7 +161,7 @@
allow bootloader_t self:capability ipc_lock;
@@ -80,7 +80,7 @@
files_mountpoint(bootloader_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.13/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/consoletype.te 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/admin/consoletype.te 2006-09-08 12:02:39.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -97,7 +97,7 @@
role system_r types consoletype_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.13/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/rpm.fc 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/admin/rpm.fc 2006-09-08 12:02:39.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -107,32 +107,9 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.13/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/rpm.if 2006-09-06 15:40:04.000000000 -0400
-@@ -75,12 +75,13 @@
- ')
-
- rpm_domtrans($1)
-- role $2 types rpm_t;
-- role $2 types rpm_script_t;
-- seutil_run_loadpolicy(rpm_script_t,$2,$3)
-- seutil_run_semanage(rpm_script_t,$2,$3)
-- seutil_run_setfiles(rpm_script_t,$2,$3)
-- seutil_run_restorecon(rpm_script_t,$2,$3)
-+ #role $2 types rpm_t;
-+ #role $2 types rpm_script_t;
-+ role_transition $2 rpm_exec_t system_r;
-+ seutil_run_loadpolicy(rpm_script_t,system_r,$3)
-+ seutil_run_semanage(rpm_script_t,system_r,$3)
-+ seutil_run_setfiles(rpm_script_t,system_r,$3)
-+ seutil_run_restorecon(rpm_script_t,system_r,$3)
- allow rpm_t $3:chr_file rw_term_perms;
- ')
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.13/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/apps/java.fc 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/apps/java.fc 2006-09-08 12:02:39.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -144,7 +121,7 @@
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.13/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/apps/mono.te 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/apps/mono.te 2006-09-08 12:02:39.000000000 -0400
@@ -7,10 +7,8 @@
#
@@ -169,7 +146,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-09-06 13:04:50.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.in 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.in 2006-09-08 12:02:39.000000000 -0400
@@ -67,6 +67,7 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -189,7 +166,7 @@
network_port(router, udp,520,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.13/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-09-05 07:41:00.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/files.fc 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/files.fc 2006-09-08 12:02:39.000000000 -0400
@@ -32,6 +32,7 @@
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
/boot/lost\+found/.* <<none>>
@@ -200,7 +177,7 @@
# /emul
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.13/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/files.if 2006-09-07 14:42:24.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/files.if 2006-09-08 12:02:39.000000000 -0400
@@ -386,7 +386,7 @@
attribute file_type, security_file_type;
')
@@ -235,7 +212,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.13/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-06 13:04:50.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/filesystem.if 2006-09-06 15:40:04.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/kernel/filesystem.if 2006-09-08 12:02:39.000000000 -0400
@@ -3303,3 +3303,22 @@
allow $1 noxattrfs:blk_file { getattr relabelfrom };
allow $1 noxattrfs:chr_file { getattr relabelfrom };
@@ -261,7 +238,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.13/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/amavis.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/amavis.te 2006-09-08 12:02:39.000000000 -0400
@@ -156,6 +156,7 @@
ifdef(`targeted_policy',`
@@ -272,7 +249,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.13/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/apache.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/apache.te 2006-09-08 12:02:39.000000000 -0400
@@ -712,4 +712,5 @@
ifdef(`targeted_policy',`
@@ -281,7 +258,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.13/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/automount.te 2006-09-07 14:41:23.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/automount.te 2006-09-08 12:02:39.000000000 -0400
@@ -74,6 +74,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -292,7 +269,7 @@
fs_unmount_all_fs(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.13/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/bluetooth.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/bluetooth.te 2006-09-08 12:02:39.000000000 -0400
@@ -217,14 +217,16 @@
fs_rw_tmpfs_files(bluetooth_helper_t)
@@ -313,7 +290,7 @@
xserver_rw_xdm_pipes(bluetooth_helper_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.13/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.fc 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ccs.fc 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -325,7 +302,7 @@
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.13/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ccs.if 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,65 @@
+## <summary>policy for ccs</summary>
+
@@ -394,7 +371,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.13/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ccs.te 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,87 @@
+policy_module(ccs,1.0.0)
+
@@ -485,7 +462,7 @@
+allow ccs_t cluster_conf_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.3.13/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/clamav.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/clamav.te 2006-09-08 12:02:39.000000000 -0400
@@ -121,6 +121,7 @@
cron_rw_pipes(clamd_t)
@@ -496,7 +473,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.13/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/cron.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/cron.te 2006-09-08 12:02:39.000000000 -0400
@@ -175,6 +175,7 @@
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
@@ -507,7 +484,7 @@
tunable_policy(`fcron_crond', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.13/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/dbus.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/dbus.if 2006-09-08 12:02:39.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -518,7 +495,7 @@
corecmd_read_bin_files($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.13/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/lpd.fc 2006-09-07 14:03:03.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/lpd.fc 2006-09-08 12:02:39.000000000 -0400
@@ -9,6 +9,7 @@
/usr/sbin/checkpc -- gen_context(system_u:object_r:checkpc_exec_t,s0)
/usr/sbin/lpd -- gen_context(system_u:object_r:lpd_exec_t,s0)
@@ -529,7 +506,7 @@
/usr/bin/lprm(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.13/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.fc 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob.fc 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,8 @@
+# oddjob executable will have:
+# label: system_u:object_r:oddjob_exec_t
@@ -541,7 +518,7 @@
+/usr/lib/oddjobd gen_context(system_u:object_r:oddjob_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.13/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob.if 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,76 @@
+## <summary>policy for oddjob</summary>
+
@@ -621,7 +598,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.fc
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.fc 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.fc 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,6 @@
+# oddjob_mkhomedir executable will have:
+# label: system_u:object_r:oddjob_mkhomedir_exec_t
@@ -631,7 +608,7 @@
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.if
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.if 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>policy for oddjob_mkhomedir</summary>
+
@@ -659,7 +636,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.te
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.te 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,29 @@
+policy_module(oddjob_mkhomedir,1.0.0)
+
@@ -692,7 +669,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.13/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/oddjob.te 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,73 @@
+policy_module(oddjob,1.0.0)
+
@@ -769,7 +746,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.13/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/pegasus.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/pegasus.if 2006-09-08 12:02:39.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -805,7 +782,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.13/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/pegasus.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/pegasus.te 2006-09-08 12:02:39.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -824,7 +801,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.13/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/postfix.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/postfix.te 2006-09-08 12:02:39.000000000 -0400
@@ -171,6 +171,11 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -847,7 +824,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.13/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.fc 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ricci.fc 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -871,7 +848,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.13/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ricci.if 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1059,7 +1036,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.13/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/ricci.te 2006-09-08 12:02:39.000000000 -0400
@@ -0,0 +1,386 @@
+policy_module(ricci,1.0.0)
+
@@ -1449,7 +1426,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.13/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/rpc.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/rpc.te 2006-09-08 12:02:39.000000000 -0400
@@ -53,6 +53,7 @@
fs_read_rpc_files(rpcd_t)
fs_read_rpc_symlinks(rpcd_t)
@@ -1460,7 +1437,7 @@
# cjp: this should really have its own type
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.13/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/xserver.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/services/xserver.if 2006-09-08 12:02:39.000000000 -0400
@@ -1152,3 +1152,27 @@
allow $1 xdm_xserver_tmp_t:sock_file write;
allow $1 xdm_xserver_t:unix_stream_socket connectto;
@@ -1491,7 +1468,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.13/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/hostname.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/hostname.te 2006-09-08 12:02:39.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -1506,7 +1483,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.13/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-08-28 16:22:32.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/init.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/init.te 2006-09-08 12:02:39.000000000 -0400
@@ -361,7 +361,8 @@
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -1519,7 +1496,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.13/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/selinuxutil.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/selinuxutil.te 2006-09-08 12:02:39.000000000 -0400
@@ -450,6 +450,7 @@
selinux_compute_user_contexts(restorecond_t)
@@ -1539,7 +1516,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/userdomain.if 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/userdomain.if 2006-09-08 12:02:39.000000000 -0400
@@ -8,11 +8,10 @@
## <desc>
## <p>
@@ -2040,7 +2017,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.13/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/userdomain.te 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/userdomain.te 2006-09-08 12:02:39.000000000 -0400
@@ -56,14 +56,6 @@
# Local policy
#
@@ -2056,7 +2033,39 @@
ifdef(`targeted_policy',`
# Define some type aliases to help with compatibility with
# macros and domains from the "strict" policy.
-@@ -124,34 +116,34 @@
+@@ -83,8 +75,6 @@
+ fs_associate_tmpfs(user_home_dir_t)
+
+ # compatibility for switching from strict
+-# dominance { role secadm_r { role system_r; }}
+-# dominance { role auditadm_r { role system_r; }}
+ # dominance { role sysadm_r { role system_r; }}
+ # dominance { role user_r { role system_r; }}
+ # dominance { role staff_r { role system_r; }}
+@@ -106,52 +96,51 @@
+ type_transition privhome user_home_dir_t:{ dir file lnk_file fifo_file sock_file } user_home_t;
+ files_search_home(privhome)
+
++ optional_policy(`
++ samba_per_userdomain_template(user)
++ ')
++',`
+ ifdef(`enable_mls',`
+- allow secadm_r system_r;
+- allow auditadm_r system_r;
++ allow sysadm_r system_r;
+ allow secadm_r user_r;
+ allow staff_r secadm_r;
+ allow staff_r auditadm_r;
+ ')
+
+- optional_policy(`
+- samba_per_userdomain_template(user)
+- ')
+-',`
+ admin_user_template(sysadm)
+ unpriv_user_template(staff)
+ unpriv_user_template(user)
# user role change rules:
# sysadm_r can change to user roles
@@ -2103,7 +2112,7 @@
')
allow privhome home_root_t:dir { getattr search };
-@@ -172,6 +164,8 @@
+@@ -172,6 +161,8 @@
mls_process_read_up(sysadm_t)
@@ -2112,7 +2121,7 @@
init_exec(sysadm_t)
ifdef(`direct_sysadm_daemon',`
-@@ -210,7 +204,9 @@
+@@ -210,7 +201,9 @@
init_exec(secadm_t)
logging_read_audit_log(secadm_t)
logging_read_generic_logs(secadm_t)
@@ -2123,7 +2132,7 @@
', `
logging_manage_audit_log(sysadm_t)
logging_manage_audit_config(sysadm_t)
-@@ -439,11 +435,11 @@
+@@ -439,11 +432,11 @@
selinux_set_parameters(secadm_t)
seutil_manage_bin_policy(secadm_t)
@@ -2140,9 +2149,32 @@
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.3.13/policy/modules/system/xen.fc
+--- nsaserefpolicy/policy/modules/system/xen.fc 2006-07-14 17:04:44.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/xen.fc 2006-09-08 12:02:39.000000000 -0400
+@@ -7,6 +7,7 @@
+ /var/lib/xend(/.*)? gen_context(system_u:object_r:xend_var_lib_t,s0)
+ /var/lib/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_lib_t,s0)
+
++/var/log/xen(/.*)? gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xen-hotplug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xend\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xend-debug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.13/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2006-09-06 13:04:51.000000000 -0400
++++ serefpolicy-2.3.13/policy/modules/system/xen.te 2006-09-08 12:02:39.000000000 -0400
+@@ -68,7 +68,7 @@
+ # xend local policy
+ #
+
+-allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice sys_tty_config net_raw };
++allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice sys_ptrace sys_tty_config net_raw };
+ dontaudit xend_t self:capability { sys_ptrace };
+ allow xend_t self:process { signal sigkill };
+ dontaudit xend_t self:process ptrace;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.13/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-08-31 14:57:06.000000000 -0400
-+++ serefpolicy-2.3.13/Rules.modular 2006-09-06 15:40:05.000000000 -0400
++++ serefpolicy-2.3.13/Rules.modular 2006-09-08 12:02:39.000000000 -0400
@@ -218,6 +218,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.275
retrieving revision 1.276
diff -u -r1.275 -r1.276
--- selinux-policy.spec 7 Sep 2006 19:15:29 -0000 1.275
+++ selinux-policy.spec 8 Sep 2006 17:10:41 -0000 1.276
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.13
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -348,6 +348,10 @@
%endif
%changelog
+* Thu Sep 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-3
+- Fix location of xel log files
+- Fix handling of sysadm_r -> rpm_exec_t
+
* Thu Sep 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.13-2
- Fixes for autofs, lp
More information about the fedora-cvs-commits
mailing list