rpms/selinux-policy/devel policy-20060915.patch, 1.19, 1.20 selinux-policy.spec, 1.299, 1.300
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 29 14:22:57 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15351
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-8
- Fix prelink
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.if | 2
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/apps/slocate.te | 1
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 15 -
policy/modules/kernel/corenetwork.te.in | 13
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/devices.if | 20 +
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/files.if | 20 +
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 21 +
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.te | 19 +
policy/modules/services/cups.te | 3
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 9
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 99 ++++++
policy/modules/services/oddjob.te | 86 +++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/sendmail.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/smartmon.te | 3
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 3
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 6
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 4
policy/modules/system/mount.fc | 1
policy/modules/system/mount.if | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 5
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 1
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 6
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 86 +++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.te | 1
policy/users | 14
106 files changed, 1626 insertions(+), 151 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- policy-20060915.patch 29 Sep 2006 05:33:37 -0000 1.19
+++ policy-20060915.patch 29 Sep 2006 14:22:55 -0000 1.20
@@ -443,7 +443,7 @@
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.16/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/corecommands.if 2006-09-27 16:23:12.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/corecommands.if 2006-09-29 09:56:57.000000000 -0400
@@ -928,7 +928,19 @@
type bin_t, sbin_t;
')
@@ -465,6 +465,14 @@
allow $1 { bin_t sbin_t }:dir list_dir_perms;
allow $1 { bin_t sbin_t }:lnk_file read_file_perms;
')
+@@ -950,6 +962,7 @@
+ type bin_t, sbin_t;
+ ')
+
++ userdom_manage_user_executables($1)
+ allow $1 exec_type:file manage_file_perms;
+ allow $1 { bin_t sbin_t }:dir rw_dir_perms;
+ allow $1 { bin_t sbin_t }:lnk_file create_lnk_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.16/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-09-25 15:11:10.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/kernel/corenetwork.te.in 2006-09-26 09:53:18.000000000 -0400
@@ -982,6 +990,44 @@
/dev/tts/[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.16/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-09-22 14:07:03.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/terminal.if 2006-09-29 10:05:27.000000000 -0400
+@@ -447,7 +447,6 @@
+ ## </summary>
+ ## </param>
+ #
+-# dwalsh: added for rhgb
+ interface(`term_dontaudit_setattr_generic_ptys',`
+ gen_require(`
+ type devpts_t;
+@@ -458,6 +457,26 @@
+
+ ########################################
+ ## <summary>
++## Allow setting the attributes of
++## generic pty devices.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++# dwalsh: added for rhgb
++interface(`term_setattr_generic_ptys',`
++ gen_require(`
++ type devpts_t;
++ ')
++
++ allow $1 devpts_t:chr_file setattr;
++')
++
++########################################
++## <summary>
+ ## Read and write the generic pty
+ ## type. This is generally only used in
+ ## the targeted policy.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.16/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/services/apache.fc 2006-09-28 09:32:38.000000000 -0400
@@ -2849,7 +2895,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.16/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/userdomain.if 2006-09-28 09:56:24.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/userdomain.if 2006-09-29 09:56:59.000000000 -0400
@@ -3896,12 +3896,7 @@
#
interface(`userdom_manage_staff_home_dirs',`
@@ -2864,7 +2910,7 @@
',`
gen_require(`
type staff_home_dir_t;
-@@ -5338,3 +5333,64 @@
+@@ -5338,3 +5333,82 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -2929,6 +2975,24 @@
+ allow $1 user_home_dir_t:dir manage_dir_perms;
+')
+
++########################################
++## <summary>
++## Create, read, write, and all executable files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`userdom_manage_user_executables',`
++ gen_require(`
++ attribute user_exec_type;
++ ')
++ allow $1 user_exec_type:file manage_file_perms;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.16/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-09-25 15:11:11.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/system/userdomain.te 2006-09-27 14:48:29.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.299
retrieving revision 1.300
diff -u -r1.299 -r1.300
--- selinux-policy.spec 29 Sep 2006 05:33:37 -0000 1.299
+++ selinux-policy.spec 29 Sep 2006 14:22:55 -0000 1.300
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.16
-Release: 7
+Release: 8
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,9 @@
%endif
%changelog
+* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-8
+- Fix prelink
+
* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-7
- Fix rhgb
More information about the fedora-cvs-commits
mailing list