rpms/selinux-policy/devel policy-20060915.patch,1.1,1.2
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 15 20:34:42 UTC 2006
- Previous message (by thread): rpms/firstboot/devel .cvsignore, 1.63, 1.64 firstboot.spec, 1.84, 1.85 sources, 1.80, 1.81
- Next message (by thread): rpms/iscsi-initiator-utils/devel iscsi-initiator-utils-fix-session-mixup-on-restart.patch, NONE, 1.1 .cvsignore, 1.10, 1.11 iscsi-initiator-utils.spec, 1.19, 1.20 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23499
Modified Files:
policy-20060915.patch
Log Message:
* Fri Sep 15 2006 Dan Walsh <dwalsh at redhat.com> 2.3.14-1
- Upgrade to upstream
policy-20060915.patch:
Rules.modular | 10
policy/global_tunables | 9
policy/mcs | 3
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 7
policy/modules/admin/firstboot.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/mono.te | 9
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/corenetwork.te.m4 | 13
policy/modules/kernel/domain.te | 8
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 46 +++
policy/modules/kernel/filesystem.if | 19 +
policy/modules/kernel/mcs.te | 1
policy/modules/kernel/terminal.if | 2
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.te | 1
policy/modules/services/automount.te | 1
policy/modules/services/bluetooth.fc | 3
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/clamav.te | 1
policy/modules/services/cups.te | 31 +-
policy/modules/services/dbus.if | 1
policy/modules/services/dhcp.te | 7
policy/modules/services/lpd.fc | 1
policy/modules/services/networkmanager.fc | 1
policy/modules/services/networkmanager.te | 2
policy/modules/services/ntp.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 +++++
policy/modules/services/oddjob.te | 73 +++++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24 +
policy/modules/services/oddjob_mkhomedir.te | 29 ++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 6
policy/modules/services/ppp.fc | 4
policy/modules/services/ppp.te | 10
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++++
policy/modules/services/ricci.te | 386 ++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 2
policy/modules/services/setroubleshoot.te | 7
policy/modules/services/xfs.te | 2
policy/modules/services/xserver.if | 24 +
policy/modules/system/hostname.te | 5
policy/modules/system/init.te | 3
policy/modules/system/libraries.fc | 2
policy/modules/system/selinuxutil.te | 4
policy/modules/system/setrans.te | 1
policy/modules/system/userdomain.if | 2
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 2
63 files changed, 1279 insertions(+), 26 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20060915.patch 15 Sep 2006 18:05:07 -0000 1.1
+++ policy-20060915.patch 15 Sep 2006 20:34:40 -0000 1.2
@@ -1,7 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.13/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.14/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.13/policy/global_tunables 2006-09-13 07:00:18.000000000 -0400
-@@ -587,3 +594,12 @@
++++ serefpolicy-2.3.14/policy/global_tunables 2006-09-15 13:59:07.000000000 -0400
+@@ -587,3 +587,12 @@
## </desc>
gen_tunable(spamd_enable_home_dirs,true)
')
@@ -14,9 +14,9 @@
+#
+gen_tunable(allow_domains_use_tty,false)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.13/policy/mcs
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.14/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.13/policy/mcs 2006-09-13 05:16:44.000000000 -0400
++++ serefpolicy-2.3.14/policy/mcs 2006-09-15 13:59:07.000000000 -0400
@@ -139,6 +139,9 @@
mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
( h1 dom h2 );
@@ -27,9 +27,9 @@
# New filesystem object labels must be dominated by the relabeling subject
# clearance, also the objects are single-level.
mlsconstrain file { create relabelto }
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.13/policy/modules/admin/bootloader.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.14/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.fc 2006-09-15 09:56:59.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/bootloader.fc 2006-09-15 13:59:07.000000000 -0400
@@ -6,7 +6,10 @@
/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -42,9 +42,9 @@
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/boot/grub/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.13/policy/modules/admin/bootloader.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.14/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/bootloader.te 2006-09-15 09:55:05.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/bootloader.te 2006-09-15 13:59:07.000000000 -0400
@@ -21,6 +21,13 @@
type bootloader_exec_t;
domain_entry_file(bootloader_t,bootloader_exec_t)
@@ -59,9 +59,9 @@
#
# bootloader_etc_t is the configuration file,
# grub.conf, lilo.conf, etc.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.13/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.14/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/consoletype.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/consoletype.te 2006-09-15 13:59:07.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -76,9 +76,9 @@
mls_file_read_up(consoletype_t)
mls_file_write_down(consoletype_t)
role system_r types consoletype_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.13/policy/modules/admin/firstboot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.14/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/firstboot.te 2006-09-12 07:41:01.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/firstboot.te 2006-09-15 13:59:07.000000000 -0400
@@ -58,6 +58,7 @@
auth_dontaudit_getattr_shadow(firstboot_t)
@@ -87,9 +87,9 @@
files_exec_etc_files(firstboot_t)
files_manage_etc_files(firstboot_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.13/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.14/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/admin/rpm.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/rpm.fc 2006-09-15 13:59:07.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -99,9 +99,24 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.13/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.14/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-09-05 07:41:02.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/admin/usermanage.te 2006-09-15 16:18:55.000000000 -0400
+@@ -442,6 +442,11 @@
+ nis_use_ypbind(sysadm_passwd_t)
+ ')
+
++optional_policy(`
++ nscd_domtrans(sysadm_passwd_t)
++')
++
++
+ ########################################
+ #
+ # Useradd local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.14/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/apps/java.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/apps/java.fc 2006-09-15 13:59:07.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -111,9 +126,9 @@
#
# /usr
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.13/policy/modules/apps/mono.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.14/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/apps/mono.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/apps/mono.te 2006-09-15 13:59:07.000000000 -0400
@@ -7,10 +7,8 @@
#
@@ -136,9 +151,9 @@
+ ')
+
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.13/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.14/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-09-06 13:04:50.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/corecommands.fc 2006-09-13 07:56:57.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/corecommands.fc 2006-09-15 13:59:07.000000000 -0400
@@ -125,7 +125,7 @@
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
@@ -148,9 +163,9 @@
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.in
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.14/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-09-06 13:04:50.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.in 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/corenetwork.te.in 2006-09-15 13:59:07.000000000 -0400
@@ -67,6 +67,7 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -168,9 +183,9 @@
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
network_port(router, udp,520,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.m4
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-2.3.14/policy/modules/kernel/corenetwork.te.m4
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/corenetwork.te.m4 2006-09-06 13:05:34.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/corenetwork.te.m4 2006-09-15 13:59:07.000000000 -0400
@@ -32,6 +32,19 @@
declare_nodes($1_node_t,shift($*))
')
@@ -191,9 +206,9 @@
define(`declare_ports',`dnl
ifelse(eval($3 < 1024),1,`
typeattribute $1 reserved_port_type;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.3.13/policy/modules/kernel/domain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.3.14/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-07-14 17:04:30.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/domain.te 2006-09-13 06:59:41.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/domain.te 2006-09-15 13:59:07.000000000 -0400
@@ -144,3 +144,11 @@
# act on all domains keys
@@ -206,9 +221,9 @@
+ ')
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.13/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.14/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-09-05 07:41:00.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/files.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/files.fc 2006-09-15 13:59:07.000000000 -0400
@@ -32,6 +32,7 @@
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
/boot/lost\+found/.* <<none>>
@@ -217,9 +232,9 @@
#
# /emul
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.13/policy/modules/kernel/files.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.14/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/files.if 2006-09-12 07:40:51.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/files.if 2006-09-15 13:59:07.000000000 -0400
@@ -386,7 +386,7 @@
attribute file_type, security_file_type;
')
@@ -229,7 +244,7 @@
')
########################################
-@@ -4476,3 +4417,47 @@
+@@ -4476,3 +4476,47 @@
typeattribute $1 files_unconfined_type;
')
@@ -277,10 +292,10 @@
+
+ typealias etc_runtime_t alias $1;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.13/policy/modules/kernel/filesystem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.14/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/filesystem.if 2006-09-08 12:02:39.000000000 -0400
-@@ -3363,3 +3303,22 @@
++++ serefpolicy-2.3.14/policy/modules/kernel/filesystem.if 2006-09-15 13:59:07.000000000 -0400
+@@ -3363,3 +3363,22 @@
allow $1 noxattrfs:blk_file { getattr relabelfrom };
allow $1 noxattrfs:chr_file { getattr relabelfrom };
')
@@ -303,9 +318,9 @@
+ allow $1 rpc_pipefs_t:fifo_file { read write };
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.13/policy/modules/kernel/mcs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.14/policy/modules/kernel/mcs.te
--- nsaserefpolicy/policy/modules/kernel/mcs.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/mcs.te 2006-09-15 12:09:44.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/kernel/mcs.te 2006-09-15 13:59:07.000000000 -0400
@@ -43,6 +43,7 @@
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
@@ -314,10 +329,10 @@
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.13/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.14/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/kernel/terminal.if 2006-09-11 10:49:59.000000000 -0400
-@@ -917,7 +906,7 @@
++++ serefpolicy-2.3.14/policy/modules/kernel/terminal.if 2006-09-15 13:59:07.000000000 -0400
+@@ -917,7 +917,7 @@
type tty_device_t;
')
@@ -326,9 +341,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.13/policy/modules/services/amavis.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.14/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/amavis.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/amavis.te 2006-09-15 13:59:07.000000000 -0400
@@ -156,6 +156,7 @@
ifdef(`targeted_policy',`
@@ -337,9 +352,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.13/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.14/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/apache.fc 2006-09-11 11:16:19.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/apache.fc 2006-09-15 13:59:07.000000000 -0400
@@ -80,3 +80,12 @@
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -353,18 +368,18 @@
+/opt/fortitude/modules.local(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
+/opt/fortitude/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.13/policy/modules/services/apache.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.14/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/apache.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/apache.te 2006-09-15 13:59:07.000000000 -0400
@@ -712,4 +712,5 @@
ifdef(`targeted_policy',`
term_dontaudit_use_generic_ptys(httpd_rotatelogs_t)
+ term_dontaudit_use_unallocated_ttys(httpd_rotatelogs_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.13/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.14/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/automount.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/automount.te 2006-09-15 13:59:07.000000000 -0400
@@ -74,6 +74,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -373,9 +388,9 @@
fs_mount_all_fs(automount_t)
fs_unmount_all_fs(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.13/policy/modules/services/bluetooth.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.14/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/bluetooth.fc 2006-09-13 05:11:32.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/bluetooth.fc 2006-09-15 13:59:07.000000000 -0400
@@ -7,7 +7,7 @@
#
# /usr
@@ -393,9 +408,9 @@
#
# /var
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.13/policy/modules/services/bluetooth.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.14/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/bluetooth.te 2006-09-13 05:10:19.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/bluetooth.te 2006-09-15 13:59:07.000000000 -0400
@@ -217,14 +217,18 @@
fs_rw_tmpfs_files(bluetooth_helper_t)
@@ -425,9 +440,9 @@
+ ppp_domtrans(bluetooth_t)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.13/policy/modules/services/ccs.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.14/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ccs.fc 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -437,9 +452,9 @@
+/sbin/ccsd -- gen_context(system_u:object_r:ccs_exec_t,s0)
+/var/run/cluster(/.*)? gen_context(system_u:object_r:ccs_var_run_t,s0)
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.13/policy/modules/services/ccs.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.14/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ccs.if 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,65 @@
+## <summary>policy for ccs</summary>
+
@@ -506,9 +521,9 @@
+ allow $1 cluster_conf_t:file { getattr read };
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.13/policy/modules/services/ccs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.14/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ccs.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ccs.te 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,87 @@
+policy_module(ccs,1.0.0)
+
@@ -597,9 +612,9 @@
+
+allow ccs_t cluster_conf_t:dir r_dir_perms;
+allow ccs_t cluster_conf_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.3.13/policy/modules/services/clamav.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.3.14/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/clamav.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/clamav.te 2006-09-15 13:59:07.000000000 -0400
@@ -121,6 +121,7 @@
cron_rw_pipes(clamd_t)
@@ -608,9 +623,9 @@
term_dontaudit_use_generic_ptys(clamd_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.13/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.14/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/cups.te 2006-09-15 11:18:54.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/cups.te 2006-09-15 13:59:07.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(cups,1.3.13)
@@ -677,9 +692,9 @@
dontaudit hplip_t self:capability sys_tty_config;
allow hplip_t self:fifo_file rw_file_perms;
allow hplip_t self:process signal_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.13/policy/modules/services/dbus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.14/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/dbus.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/dbus.if 2006-09-15 13:59:07.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -688,9 +703,23 @@
corecmd_list_bin($1_dbusd_t)
corecmd_read_bin_symlinks($1_dbusd_t)
corecmd_read_bin_files($1_dbusd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.13/policy/modules/services/lpd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.3.14/policy/modules/services/dhcp.te
+--- nsaserefpolicy/policy/modules/services/dhcp.te 2006-07-14 17:04:40.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/dhcp.te 2006-09-15 16:12:57.000000000 -0400
+@@ -138,3 +138,10 @@
+ optional_policy(`
+ udev_read_db(dhcpd_t)
+ ')
++
++optional_policy(`
++ dbus_system_bus_client_template(dhcpd,dhcpd_t)
++ dbus_connect_system_bus(dhcpd_t)
++ dbus_send_system_bus(dhcpd_t)
++')
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.14/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/lpd.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/lpd.fc 2006-09-15 13:59:07.000000000 -0400
@@ -9,6 +9,7 @@
/usr/sbin/checkpc -- gen_context(system_u:object_r:checkpc_exec_t,s0)
/usr/sbin/lpd -- gen_context(system_u:object_r:lpd_exec_t,s0)
@@ -699,17 +728,29 @@
/usr/bin/lpr(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
/usr/bin/lpq(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
/usr/bin/lprm(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.3.13/policy/modules/services/networkmanager.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.3.14/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/networkmanager.fc 2006-09-13 22:49:46.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/networkmanager.fc 2006-09-15 13:59:07.000000000 -0400
@@ -3,3 +3,4 @@
/var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/wpa_supplicant-global -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.13/policy/modules/services/ntp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.14/policy/modules/services/networkmanager.te
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-09-05 07:41:01.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/networkmanager.te 2006-09-15 16:11:09.000000000 -0400
+@@ -21,7 +21,7 @@
+ # networkmanager will ptrace itself if gdb is installed
+ # and it receives a unexpected signal (rh bug #204161)
+ allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock};
+-dontaudit NetworkManager_t self:capability sys_tty_config;
++dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
+ allow NetworkManager_t self:process { ptrace setcap getsched signal_perms };
+ allow NetworkManager_t self:fifo_file rw_file_perms;
+ allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.14/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/ntp.te 2006-09-13 22:36:57.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ntp.te 2006-09-15 13:59:07.000000000 -0400
@@ -122,6 +122,9 @@
term_dontaudit_use_unallocated_ttys(ntpd_t)
term_dontaudit_use_generic_ptys(ntpd_t)
@@ -720,9 +761,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.13/policy/modules/services/oddjob.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.14/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob.fc 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,8 @@
+# oddjob executable will have:
+# label: system_u:object_r:oddjob_exec_t
@@ -732,9 +773,9 @@
+/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
+/var/run/oddjobd.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
+/usr/lib/oddjobd gen_context(system_u:object_r:oddjob_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.13/policy/modules/services/oddjob.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.14/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob.if 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,76 @@
+## <summary>policy for oddjob</summary>
+
@@ -812,9 +853,9 @@
+ allow $1 oddjob_t:dbus send_msg;
+ allow oddjob_t $1:dbus send_msg;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.fc
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.fc 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,6 @@
+# oddjob_mkhomedir executable will have:
+# label: system_u:object_r:oddjob_mkhomedir_exec_t
@@ -822,9 +863,9 @@
+# MCS categories: <none>
+
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.if
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.if 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>policy for oddjob_mkhomedir</summary>
+
@@ -850,9 +891,9 @@
+ allow oddjob_mkhomedir_t $1:fifo_file rw_file_perms;
+ allow oddjob_mkhomedir_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.te
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob_mkhomedir.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob_mkhomedir.te 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,29 @@
+policy_module(oddjob_mkhomedir,1.0.0)
+
@@ -883,9 +924,9 @@
+oddjob_system_entry(oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t)
+domain_auto_trans(unconfined_t,oddjob_mkhomedir_exec_t,oddjob_mkhomedir_t)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.13/policy/modules/services/oddjob.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.14/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/oddjob.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/oddjob.te 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,73 @@
+policy_module(oddjob,1.0.0)
+
@@ -960,9 +1001,9 @@
+ term_dontaudit_use_unallocated_ttys(oddjob_t)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.13/policy/modules/services/pegasus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.14/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/pegasus.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/pegasus.if 2006-09-15 13:59:07.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -996,9 +1037,9 @@
+ allow pegasus_t $1:fifo_file rw_file_perms;
+ allow pegasus_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.13/policy/modules/services/pegasus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.14/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/pegasus.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/pegasus.te 2006-09-15 13:59:07.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1015,9 +1056,9 @@
files_read_var_lib_symlinks(pegasus_t)
hostname_exec(pegasus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.13/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.14/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/postfix.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/postfix.te 2006-09-15 13:59:07.000000000 -0400
@@ -171,6 +171,11 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -1038,9 +1079,9 @@
term_dontaudit_use_generic_ptys(postfix_map_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-2.3.13/policy/modules/services/ppp.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-2.3.14/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/ppp.fc 2006-09-14 09:52:48.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.fc 2006-09-15 13:59:07.000000000 -0400
@@ -2,7 +2,8 @@
# /etc
#
@@ -1059,9 +1100,9 @@
/usr/sbin/pptp -- gen_context(system_u:object_r:pptp_exec_t,s0)
/usr/sbin/ipppd -- gen_context(system_u:object_r:pppd_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.3.13/policy/modules/services/ppp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.3.14/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/ppp.te 2006-09-14 10:01:52.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ppp.te 2006-09-15 13:59:07.000000000 -0400
@@ -64,7 +64,7 @@
allow pppd_t self:socket create_socket_perms;
allow pppd_t self:unix_dgram_socket create_socket_perms;
@@ -1097,9 +1138,9 @@
+ consoletype_exec(pppd_t)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.13/policy/modules/services/ricci.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.14/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ricci.fc 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1121,9 +1162,9 @@
+/usr/sbin/ricci-modservice -- gen_context(system_u:object_r:ricci_modservice_exec_t,s0)
+/usr/sbin/ricci-modstorage -- gen_context(system_u:object_r:ricci_modstorage_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.13/policy/modules/services/ricci.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.14/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ricci.if 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1309,9 +1350,9 @@
+ allow $1 ricci_modcluster_var_run_t:sock_file write;
+ allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.13/policy/modules/services/ricci.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.14/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.13/policy/modules/services/ricci.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/ricci.te 2006-09-15 13:59:07.000000000 -0400
@@ -0,0 +1,386 @@
+policy_module(ricci,1.0.0)
+
@@ -1699,9 +1740,9 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.13/policy/modules/services/rpc.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.14/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/rpc.te 2006-09-12 14:40:17.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/rpc.te 2006-09-15 13:59:07.000000000 -0400
@@ -53,6 +53,7 @@
fs_read_rpc_files(rpcd_t)
fs_read_rpc_symlinks(rpcd_t)
@@ -1718,9 +1759,9 @@
files_list_tmp(gssd_t)
files_read_generic_tmp_files(gssd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.13/policy/modules/services/setroubleshoot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.14/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/setroubleshoot.te 2006-09-14 09:39:25.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/setroubleshoot.te 2006-09-15 13:59:07.000000000 -0400
@@ -55,6 +55,8 @@
kernel_read_kernel_sysctls(setroubleshootd_t)
kernel_read_system_state(setroubleshootd_t)
@@ -1746,9 +1787,9 @@
+optional_policy(`
+ nis_use_ypbind(setroubleshootd_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.te serefpolicy-2.3.13/policy/modules/services/xfs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.te serefpolicy-2.3.14/policy/modules/services/xfs.te
--- nsaserefpolicy/policy/modules/services/xfs.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/xfs.te 2006-09-15 10:13:16.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/xfs.te 2006-09-15 13:59:07.000000000 -0400
@@ -21,7 +21,7 @@
# Local policy
#
@@ -1758,9 +1799,9 @@
dontaudit xfs_t self:capability sys_tty_config;
allow xfs_t self:process { signal_perms setpgid };
allow xfs_t self:unix_stream_socket create_stream_socket_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.13/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.14/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/services/xserver.if 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/services/xserver.if 2006-09-15 13:59:07.000000000 -0400
@@ -1152,3 +1152,27 @@
allow $1 xdm_xserver_tmp_t:sock_file write;
allow $1 xdm_xserver_t:unix_stream_socket connectto;
@@ -1789,9 +1830,9 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.13/policy/modules/system/hostname.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.14/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/hostname.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/hostname.te 2006-09-15 13:59:07.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -1804,9 +1845,9 @@
role system_r types hostname_t;
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.13/policy/modules/system/init.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.14/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/init.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/init.te 2006-09-15 13:59:07.000000000 -0400
@@ -361,7 +361,8 @@
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -1817,9 +1858,9 @@
# slapd needs to read cert files from its initscript
miscfiles_read_certs(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.13/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.14/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/libraries.fc 2006-09-11 11:27:41.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/libraries.fc 2006-09-15 13:59:07.000000000 -0400
@@ -128,6 +128,7 @@
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -1836,9 +1877,9 @@
/usr/local/matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.13/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.14/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/selinuxutil.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/selinuxutil.te 2006-09-15 16:09:38.000000000 -0400
@@ -450,6 +450,7 @@
selinux_compute_user_contexts(restorecond_t)
@@ -1847,18 +1888,21 @@
auth_relabel_all_files_except_shadow(restorecond_t )
auth_read_all_files_except_shadow(restorecond_t)
-@@ -622,6 +623,8 @@
+@@ -621,9 +622,10 @@
+ ifdef(`targeted_policy',`
# Handle pp files created in homedir and /tmp
files_read_generic_tmp_files(semanage_t)
- userdom_read_generic_user_home_content_files(semanage_t)
-+',`
-+ userdom_read_admin_tmp_files(semanage_t)
+- userdom_read_generic_user_home_content_files(semanage_t)
')
++userdom_read_generic_user_home_content_files(semanage_t)
++
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.13/policy/modules/system/setrans.te
+ #
+ # Setfiles local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.14/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/setrans.te 2006-09-14 10:04:18.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/setrans.te 2006-09-15 13:59:08.000000000 -0400
@@ -43,6 +43,7 @@
# allow performing getpidcon() on all processes
@@ -1867,9 +1911,18 @@
domain_getattr_all_domains(setrans_t)
domain_getsession_all_domains(setrans_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.3.13/policy/modules/system/xen.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.14/policy/modules/system/userdomain.if
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-09-15 13:14:26.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/userdomain.if 2006-09-15 16:02:22.000000000 -0400
+@@ -5314,3 +5314,5 @@
+ allow $1 user_home_dir_t:dir create_dir_perms;
+ files_home_filetrans($1,user_home_dir_t,dir)
+ ')
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.3.14/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/xen.fc 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/xen.fc 2006-09-15 13:59:08.000000000 -0400
@@ -7,6 +7,7 @@
/var/lib/xend(/.*)? gen_context(system_u:object_r:xend_var_lib_t,s0)
/var/lib/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_lib_t,s0)
@@ -1878,9 +1931,9 @@
/var/log/xen-hotplug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
/var/log/xend\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
/var/log/xend-debug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.13/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.14/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.13/policy/modules/system/xen.te 2006-09-08 12:02:39.000000000 -0400
++++ serefpolicy-2.3.14/policy/modules/system/xen.te 2006-09-15 13:59:08.000000000 -0400
@@ -68,7 +68,7 @@
# xend local policy
#
@@ -1890,9 +1943,10 @@
dontaudit xend_t self:capability { sys_ptrace };
allow xend_t self:process { signal sigkill };
dontaudit xend_t self:process ptrace;
---- nsaserefpolicy/Rules.modular 2006-08-31 14:57:06.000000000 -0400
-+++ serefpolicy-2.3.13/Rules.modular 2006-09-08 12:02:39.000000000 -0400
-@@ -218,6 +218,16 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.14/Rules.modular
+--- nsaserefpolicy/Rules.modular 2006-09-15 13:14:28.000000000 -0400
++++ serefpolicy-2.3.14/Rules.modular 2006-09-15 13:59:08.000000000 -0400
+@@ -212,6 +212,16 @@
########################################
#
- Previous message (by thread): rpms/firstboot/devel .cvsignore, 1.63, 1.64 firstboot.spec, 1.84, 1.85 sources, 1.80, 1.81
- Next message (by thread): rpms/iscsi-initiator-utils/devel iscsi-initiator-utils-fix-session-mixup-on-restart.patch, NONE, 1.1 .cvsignore, 1.10, 1.11 iscsi-initiator-utils.spec, 1.19, 1.20 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list