rpms/selinux-policy/devel policy-20060915.patch, 1.16, 1.17 selinux-policy.spec, 1.296, 1.297

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Sep 27 23:56:24 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv525

Modified Files:
	policy-20060915.patch selinux-policy.spec 
Log Message:
* Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-5
- Support for fuse
- fix vigr


policy-20060915.patch:
 Rules.modular                                |   10 
 config/appconfig-strict-mcs/seusers          |    3 
 config/appconfig-strict-mls/initrc_context   |    2 
 config/appconfig-strict-mls/seusers          |    3 
 config/appconfig-strict/seusers              |    1 
 config/appconfig-targeted-mcs/seusers        |    3 
 config/appconfig-targeted-mls/initrc_context |    2 
 config/appconfig-targeted-mls/seusers        |    3 
 config/appconfig-targeted/seusers            |    1 
 policy/global_tunables                       |   15 +
 policy/mcs                                   |    6 
 policy/mls                                   |   36 +-
 policy/modules/admin/acct.te                 |    1 
 policy/modules/admin/amanda.te               |    2 
 policy/modules/admin/bootloader.fc           |    1 
 policy/modules/admin/bootloader.te           |    7 
 policy/modules/admin/consoletype.te          |    8 
 policy/modules/admin/dmesg.te                |    1 
 policy/modules/admin/netutils.te             |    2 
 policy/modules/admin/prelink.if              |    2 
 policy/modules/admin/readahead.te            |    1 
 policy/modules/admin/rpm.fc                  |    2 
 policy/modules/admin/rpm.te                  |    5 
 policy/modules/admin/su.if                   |    2 
 policy/modules/admin/usermanage.te           |    2 
 policy/modules/apps/java.fc                  |    2 
 policy/modules/apps/java.te                  |    2 
 policy/modules/apps/slocate.te               |    1 
 policy/modules/kernel/corecommands.if        |   14 
 policy/modules/kernel/corenetwork.te.in      |   13 
 policy/modules/kernel/devices.fc             |    8 
 policy/modules/kernel/devices.if             |   20 +
 policy/modules/kernel/files.fc               |   27 -
 policy/modules/kernel/files.if               |   20 +
 policy/modules/kernel/filesystem.if          |   22 +
 policy/modules/kernel/filesystem.te          |    1 
 policy/modules/kernel/kernel.te              |   25 -
 policy/modules/kernel/mcs.te                 |   18 -
 policy/modules/kernel/mls.te                 |   10 
 policy/modules/kernel/selinux.te             |    2 
 policy/modules/kernel/storage.fc             |   49 +--
 policy/modules/kernel/storage.if             |    1 
 policy/modules/kernel/terminal.fc            |    2 
 policy/modules/services/apache.fc            |    9 
 policy/modules/services/automount.te         |    4 
 policy/modules/services/ccs.fc               |    8 
 policy/modules/services/ccs.if               |   65 ++++
 policy/modules/services/ccs.te               |   87 ++++++
 policy/modules/services/cron.te              |   19 +
 policy/modules/services/cups.te              |    3 
 policy/modules/services/cvs.te               |    1 
 policy/modules/services/dbus.if              |    1 
 policy/modules/services/dovecot.te           |    2 
 policy/modules/services/hal.te               |    1 
 policy/modules/services/lpd.fc               |    9 
 policy/modules/services/mta.te               |    1 
 policy/modules/services/nscd.if              |   20 +
 policy/modules/services/oddjob.fc            |    8 
 policy/modules/services/oddjob.if            |   99 ++++++
 policy/modules/services/oddjob.te            |   86 +++++
 policy/modules/services/pegasus.if           |   31 ++
 policy/modules/services/pegasus.te           |    5 
 policy/modules/services/procmail.te          |    1 
 policy/modules/services/ricci.fc             |   20 +
 policy/modules/services/ricci.if             |  184 ++++++++++++
 policy/modules/services/ricci.te             |  388 +++++++++++++++++++++++++++
 policy/modules/services/rsync.te             |    1 
 policy/modules/services/sendmail.te          |    1 
 policy/modules/services/setroubleshoot.te    |    2 
 policy/modules/services/smartmon.te          |    3 
 policy/modules/services/spamassassin.te      |    4 
 policy/modules/services/ssh.te               |    2 
 policy/modules/services/xserver.te           |    2 
 policy/modules/system/authlogin.if           |    2 
 policy/modules/system/fstools.te             |    3 
 policy/modules/system/hostname.te            |    6 
 policy/modules/system/init.fc                |    3 
 policy/modules/system/init.te                |    6 
 policy/modules/system/iscsi.fc               |    7 
 policy/modules/system/iscsi.if               |   24 +
 policy/modules/system/iscsi.te               |   74 +++++
 policy/modules/system/libraries.fc           |    1 
 policy/modules/system/logging.fc             |    8 
 policy/modules/system/logging.te             |    2 
 policy/modules/system/mount.fc               |    1 
 policy/modules/system/mount.if               |    1 
 policy/modules/system/mount.te               |    1 
 policy/modules/system/raid.te                |    2 
 policy/modules/system/selinuxutil.fc         |    6 
 policy/modules/system/selinuxutil.te         |    1 
 policy/modules/system/setrans.fc             |    2 
 policy/modules/system/setrans.te             |    1 
 policy/modules/system/unconfined.if          |    1 
 policy/modules/system/unconfined.te          |    6 
 policy/modules/system/userdomain.fc          |    2 
 policy/modules/system/userdomain.if          |   42 ++
 policy/modules/system/userdomain.te          |    6 
 policy/users                                 |   14 
 98 files changed, 1511 insertions(+), 136 deletions(-)

Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20060915.patch	27 Sep 2006 20:59:46 -0000	1.16
+++ policy-20060915.patch	27 Sep 2006 23:56:21 -0000	1.17
@@ -58,8 +58,8 @@
  __default__:user_u:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.16/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.16/policy/global_tunables	2006-09-27 10:16:52.000000000 -0400
-@@ -594,3 +594,11 @@
++++ serefpolicy-2.3.16/policy/global_tunables	2006-09-27 17:30:35.000000000 -0400
+@@ -594,3 +594,18 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs,true)
  ')
@@ -71,6 +71,13 @@
 +## </desc>
 +gen_tunable(allow_polyinstantiation,false)
 +
++
++## <desc>
++## <p>
++## Allow unconfined to dyntrans to unconfined_execmem
++## </p>
++## </desc>
++gen_tunable(allow_unconfined_execmem_dyntrans,false)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.16/policy/mcs
 --- nsaserefpolicy/policy/mcs	2006-09-22 14:07:08.000000000 -0400
 +++ serefpolicy-2.3.16/policy/mcs	2006-09-26 09:53:18.000000000 -0400
@@ -313,6 +320,25 @@
  		fs_mount_xattr_fs($1_su_t)
  		fs_unmount_xattr_fs($1_su_t)
  	')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.16/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-09-22 14:07:08.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/admin/usermanage.te	2006-09-27 17:08:00.000000000 -0400
+@@ -379,6 +379,7 @@
+ allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
+ files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
+ files_search_var(sysadm_passwd_t)
++files_dontaudit_search_home(sysadm_passwd_t)
+ 
+ kernel_read_kernel_sysctls(sysadm_passwd_t)
+ # for /proc/meminfo
+@@ -444,6 +445,7 @@
+ 
+ optional_policy(`
+ 	nscd_domtrans(sysadm_passwd_t)
++	nscd_socket_use(sysadm_passwd_t)
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.16/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-08-29 09:00:26.000000000 -0400
 +++ serefpolicy-2.3.16/policy/modules/apps/java.fc	2006-09-26 09:53:18.000000000 -0400
@@ -580,7 +606,7 @@
  /var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.16/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/files.if	2006-09-27 15:11:17.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/files.if	2006-09-27 17:07:37.000000000 -0400
 @@ -4541,3 +4541,23 @@
  
  	typealias etc_runtime_t alias $1;
@@ -634,6 +660,17 @@
 +	allow $1 autofs_t:lnk_file create_lnk_perms;
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.16/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te	2006-09-25 15:11:10.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/filesystem.te	2006-09-27 17:19:21.000000000 -0400
+@@ -21,6 +21,7 @@
+ 
+ # Use xattrs for the following filesystem types.
+ # Requires that a security xattr handler exist for the filesystem.
++fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0);
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.16/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2006-09-22 09:35:44.000000000 -0400
 +++ serefpolicy-2.3.16/policy/modules/kernel/kernel.te	2006-09-26 09:53:18.000000000 -0400
@@ -766,8 +803,8 @@
  neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.16/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/storage.fc	2006-09-26 09:53:18.000000000 -0400
-@@ -5,36 +5,36 @@
++++ serefpolicy-2.3.16/policy/modules/kernel/storage.fc	2006-09-27 17:18:45.000000000 -0400
+@@ -5,36 +5,37 @@
  /dev/n?osst[0-3].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/n?pt[0-9]+		-c	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/n?tpqic[12].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
@@ -784,6 +821,7 @@
  /dev/fd[^/]+		-b	gen_context(system_u:object_r:removable_device_t,s0)
 -/dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
 +/dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c1023)
++/dev/fuse		-c	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c1023)
  /dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/hitcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/ht[0-1]		-b	gen_context(system_u:object_r:tape_device_t,s0)
@@ -818,7 +856,7 @@
  ')
  /dev/s(cd|r)[^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/sbpcd.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
-@@ -42,25 +42,25 @@
+@@ -42,25 +43,25 @@
  /dev/sjcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/sonycd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/tape.*		-c	gen_context(system_u:object_r:tape_device_t,s0)
@@ -2484,6 +2522,15 @@
  
  seutil_dontaudit_read_config(auditd_t)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.3.16/policy/modules/system/mount.fc
+--- nsaserefpolicy/policy/modules/system/mount.fc	2006-07-14 17:04:43.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/mount.fc	2006-09-27 17:50:25.000000000 -0400
+@@ -4,4 +4,5 @@
+ # mount file contexts
+ #
+ /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
++/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
+ /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.3.16/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2006-09-15 13:14:26.000000000 -0400
 +++ serefpolicy-2.3.16/policy/modules/system/mount.if	2006-09-27 16:28:49.000000000 -0400
@@ -2585,7 +2632,7 @@
  	corenet_unconfined($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.16/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/unconfined.te	2006-09-27 14:30:34.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/unconfined.te	2006-09-27 16:57:39.000000000 -0400
 @@ -185,6 +185,8 @@
  	optional_policy(`
  		xserver_domtrans_xdm_xserver(unconfined_t)
@@ -2595,6 +2642,17 @@
  ')
  
  ########################################
+@@ -193,6 +195,10 @@
+ #
+ 
+ ifdef(`targeted_policy',`
++	tunable_policy(`allow_unconfined_execmem_dyntrans',`
++		allow unconfined_t unconfined_execmem_t:process dyntransition;
++	')
++
+ 	allow unconfined_execmem_t self:process { execstack execmem };
+ 	unconfined_domain_noaudit(unconfined_execmem_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.3.16/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2006-07-14 17:04:44.000000000 -0400
 +++ serefpolicy-2.3.16/policy/modules/system/userdomain.fc	2006-09-26 09:53:18.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.296
retrieving revision 1.297
diff -u -r1.296 -r1.297
--- selinux-policy.spec	27 Sep 2006 20:59:46 -0000	1.296
+++ selinux-policy.spec	27 Sep 2006 23:56:21 -0000	1.297
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.3.16
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,10 @@
 %endif
 
 %changelog
+* Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-5
+- Support for fuse
+- fix vigr
+
 * Wed Sep 27 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-4
 - Fix dovecot, amanda
 - Fix mls

More information about the fedora-cvs-commits mailing list