rpms/selinux-policy/devel policy-20060915.patch, 1.16, 1.17 selinux-policy.spec, 1.296, 1.297
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Sep 27 23:56:24 UTC 2006
- Previous message (by thread): rpms/openais/devel revision-1246.patch, NONE, 1.1 openais.spec, 1.13, 1.14
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.339, 1.340 anaconda.spec, 1.465, 1.466 sources, 1.462, 1.463
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv525
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-5
- Support for fuse
- fix vigr
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.if | 2
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 2
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/slocate.te | 1
policy/modules/kernel/corecommands.if | 14
policy/modules/kernel/corenetwork.te.in | 13
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/devices.if | 20 +
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/files.if | 20 +
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.te | 19 +
policy/modules/services/cups.te | 3
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 9
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 99 ++++++
policy/modules/services/oddjob.te | 86 +++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/sendmail.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/smartmon.te | 3
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 6
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 2
policy/modules/system/mount.fc | 1
policy/modules/system/mount.if | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 1
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 6
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 42 ++
policy/modules/system/userdomain.te | 6
policy/users | 14
98 files changed, 1511 insertions(+), 136 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20060915.patch 27 Sep 2006 20:59:46 -0000 1.16
+++ policy-20060915.patch 27 Sep 2006 23:56:21 -0000 1.17
@@ -58,8 +58,8 @@
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.16/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.16/policy/global_tunables 2006-09-27 10:16:52.000000000 -0400
-@@ -594,3 +594,11 @@
++++ serefpolicy-2.3.16/policy/global_tunables 2006-09-27 17:30:35.000000000 -0400
+@@ -594,3 +594,18 @@
## </desc>
gen_tunable(spamd_enable_home_dirs,true)
')
@@ -71,6 +71,13 @@
+## </desc>
+gen_tunable(allow_polyinstantiation,false)
+
++
++## <desc>
++## <p>
++## Allow unconfined to dyntrans to unconfined_execmem
++## </p>
++## </desc>
++gen_tunable(allow_unconfined_execmem_dyntrans,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.16/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-09-22 14:07:08.000000000 -0400
+++ serefpolicy-2.3.16/policy/mcs 2006-09-26 09:53:18.000000000 -0400
@@ -313,6 +320,25 @@
fs_mount_xattr_fs($1_su_t)
fs_unmount_xattr_fs($1_su_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.16/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-09-22 14:07:08.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/admin/usermanage.te 2006-09-27 17:08:00.000000000 -0400
+@@ -379,6 +379,7 @@
+ allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
+ files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
+ files_search_var(sysadm_passwd_t)
++files_dontaudit_search_home(sysadm_passwd_t)
+
+ kernel_read_kernel_sysctls(sysadm_passwd_t)
+ # for /proc/meminfo
+@@ -444,6 +445,7 @@
+
+ optional_policy(`
+ nscd_domtrans(sysadm_passwd_t)
++ nscd_socket_use(sysadm_passwd_t)
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.16/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/apps/java.fc 2006-09-26 09:53:18.000000000 -0400
@@ -580,7 +606,7 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.16/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/files.if 2006-09-27 15:11:17.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/files.if 2006-09-27 17:07:37.000000000 -0400
@@ -4541,3 +4541,23 @@
typealias etc_runtime_t alias $1;
@@ -634,6 +660,17 @@
+ allow $1 autofs_t:lnk_file create_lnk_perms;
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.16/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-09-25 15:11:10.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/filesystem.te 2006-09-27 17:19:21.000000000 -0400
+@@ -21,6 +21,7 @@
+
+ # Use xattrs for the following filesystem types.
+ # Requires that a security xattr handler exist for the filesystem.
++fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0);
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.16/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-09-22 09:35:44.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/kernel/kernel.te 2006-09-26 09:53:18.000000000 -0400
@@ -766,8 +803,8 @@
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.16/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/storage.fc 2006-09-26 09:53:18.000000000 -0400
-@@ -5,36 +5,36 @@
++++ serefpolicy-2.3.16/policy/modules/kernel/storage.fc 2006-09-27 17:18:45.000000000 -0400
+@@ -5,36 +5,37 @@
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?tpqic[12].* -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -784,6 +821,7 @@
/dev/fd[^/]+ -b gen_context(system_u:object_r:removable_device_t,s0)
-/dev/flash[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
+/dev/flash[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c1023)
++/dev/fuse -c gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c1023)
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/ht[0-1] -b gen_context(system_u:object_r:tape_device_t,s0)
@@ -818,7 +856,7 @@
')
/dev/s(cd|r)[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/sbpcd.* -b gen_context(system_u:object_r:removable_device_t,s0)
-@@ -42,25 +42,25 @@
+@@ -42,25 +43,25 @@
/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/tape.* -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -2484,6 +2522,15 @@
seutil_dontaudit_read_config(auditd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.3.16/policy/modules/system/mount.fc
+--- nsaserefpolicy/policy/modules/system/mount.fc 2006-07-14 17:04:43.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/mount.fc 2006-09-27 17:50:25.000000000 -0400
+@@ -4,4 +4,5 @@
+ # mount file contexts
+ #
+ /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
++/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
+ /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.3.16/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2006-09-15 13:14:26.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/system/mount.if 2006-09-27 16:28:49.000000000 -0400
@@ -2585,7 +2632,7 @@
corenet_unconfined($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.16/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/unconfined.te 2006-09-27 14:30:34.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/unconfined.te 2006-09-27 16:57:39.000000000 -0400
@@ -185,6 +185,8 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
@@ -2595,6 +2642,17 @@
')
########################################
+@@ -193,6 +195,10 @@
+ #
+
+ ifdef(`targeted_policy',`
++ tunable_policy(`allow_unconfined_execmem_dyntrans',`
++ allow unconfined_t unconfined_execmem_t:process dyntransition;
++ ')
++
+ allow unconfined_execmem_t self:process { execstack execmem };
+ unconfined_domain_noaudit(unconfined_execmem_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.3.16/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/system/userdomain.fc 2006-09-26 09:53:18.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.296
retrieving revision 1.297
diff -u -r1.296 -r1.297
--- selinux-policy.spec 27 Sep 2006 20:59:46 -0000 1.296
+++ selinux-policy.spec 27 Sep 2006 23:56:21 -0000 1.297
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.16
-Release: 4
+Release: 5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,10 @@
%endif
%changelog
+* Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-5
+- Support for fuse
+- fix vigr
+
* Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-4
- Fix dovecot, amanda
- Fix mls
- Previous message (by thread): rpms/openais/devel revision-1246.patch, NONE, 1.1 openais.spec, 1.13, 1.14
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.339, 1.340 anaconda.spec, 1.465, 1.466 sources, 1.462, 1.463
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list