rpms/selinux-policy/devel policy-20060915.patch, 1.20, 1.21 selinux-policy.spec, 1.300, 1.301
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 29 18:12:20 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31625
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-9
- Remove bluetooth-helper transition
- Add selinux_validate for semanage
- Require new version of libsemanage
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.fc | 1
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.if | 2
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/apps/slocate.te | 1
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 15 -
policy/modules/kernel/corenetwork.te.in | 13
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/devices.if | 20 +
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/files.if | 24 +
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 21 +
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.te | 19 +
policy/modules/services/cups.te | 3
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 9
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 99 ++++++
policy/modules/services/oddjob.te | 86 +++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/sendmail.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/smartmon.te | 3
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 3
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 6
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 5
policy/modules/system/mount.fc | 1
policy/modules/system/mount.if | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 5
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 2
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 1
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 10
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 86 +++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.te | 1
policy/users | 14
106 files changed, 1630 insertions(+), 157 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- policy-20060915.patch 29 Sep 2006 14:22:55 -0000 1.20
+++ policy-20060915.patch 29 Sep 2006 18:12:18 -0000 1.21
@@ -681,7 +681,18 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.16/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/kernel/files.if 2006-09-27 17:07:37.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/kernel/files.if 2006-09-29 13:48:53.000000000 -0400
+@@ -896,8 +896,8 @@
+ allow $1 { file_type $2 }:lnk_file { getattr relabelfrom relabelto };
+ allow $1 { file_type $2 }:fifo_file { getattr relabelfrom relabelto };
+ allow $1 { file_type $2 }:sock_file { getattr relabelfrom relabelto };
+- allow $1 { file_type $2 }:blk_file { getattr relabelfrom };
+- allow $1 { file_type $2 }:chr_file { getattr relabelfrom };
++ allow $1 { file_type $2 }:blk_file { getattr relabelfrom relabelto };
++ allow $1 { file_type $2 }:chr_file { getattr relabelfrom relabelto };
+
+ # satisfy the assertions:
+ seutil_relabelto_bin_policy($1)
@@ -4541,3 +4541,23 @@
typealias etc_runtime_t alias $1;
@@ -2716,7 +2727,7 @@
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.16/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/logging.te 2006-09-28 09:40:54.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/logging.te 2006-09-29 11:18:36.000000000 -0400
@@ -18,6 +18,7 @@
type auditd_log_t;
@@ -2725,7 +2736,15 @@
type auditd_t;
# real declaration moved to mls until
-@@ -94,6 +95,8 @@
+@@ -74,6 +75,7 @@
+ allow auditctl_t auditd_etc_t:file r_file_perms;
+
+ # Needed for adding watches
++fs_getattr_all_fs(auditctl_t)
+ files_getattr_all_dirs(auditctl_t)
+ files_read_etc_files(auditctl_t)
+
+@@ -94,6 +96,8 @@
logging_send_syslog_msg(auditctl_t)
@@ -2734,7 +2753,7 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(auditctl_t)
term_use_unallocated_ttys(auditctl_t)
-@@ -163,6 +166,7 @@
+@@ -163,6 +167,7 @@
mls_file_read_up(auditd_t)
mls_file_write_down(auditd_t) # Need to be able to write to /var/run/ directory
mls_rangetrans_target(auditd_t)
@@ -2820,7 +2839,7 @@
# /root
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.16/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/selinuxutil.te 2006-09-27 16:54:31.000000000 -0400
++++ serefpolicy-2.3.16/policy/modules/system/selinuxutil.te 2006-09-29 13:23:46.000000000 -0400
@@ -274,6 +274,7 @@
mls_file_upgrade(newrole_t)
mls_file_downgrade(newrole_t)
@@ -2829,6 +2848,14 @@
selinux_get_fs_mount(newrole_t)
selinux_validate_context(newrole_t)
+@@ -587,6 +588,7 @@
+ mls_rangetrans_target(semanage_t)
+ mls_file_read_up(semanage_t)
+
++selinux_validate_context(semanage_t)
+ selinux_get_enforce_mode(semanage_t)
+ # for setsebool:
+ selinux_set_boolean(semanage_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.3.16/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.16/policy/modules/system/setrans.fc 2006-09-26 09:53:18.000000000 -0400
@@ -2861,8 +2888,19 @@
corenet_unconfined($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.16/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.16/policy/modules/system/unconfined.te 2006-09-27 16:57:39.000000000 -0400
-@@ -185,6 +185,8 @@
++++ serefpolicy-2.3.16/policy/modules/system/unconfined.te 2006-09-29 12:11:13.000000000 -0400
+@@ -64,10 +64,6 @@
+ ')
+
+ optional_policy(`
+- bluetooth_domtrans_helper(unconfined_t)
+- ')
+-
+- optional_policy(`
+ bootloader_domtrans(unconfined_t)
+ ')
+
+@@ -185,6 +181,8 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
')
@@ -2871,7 +2909,7 @@
')
########################################
-@@ -193,6 +195,10 @@
+@@ -193,6 +191,10 @@
#
ifdef(`targeted_policy',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -r1.300 -r1.301
--- selinux-policy.spec 29 Sep 2006 14:22:55 -0000 1.300
+++ selinux-policy.spec 29 Sep 2006 18:12:18 -0000 1.301
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.16
-Release: 8
+Release: 9
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -38,7 +38,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER}
-PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.16-2
+PreReq: policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 1.6.17-1
Obsoletes: policy
%description
@@ -349,6 +349,11 @@
%endif
%changelog
+* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-9
+- Remove bluetooth-helper transition
+- Add selinux_validate for semanage
+- Require new version of libsemanage
+
* Fri Sep 28 2006 Dan Walsh <dwalsh at redhat.com> 2.3.16-8
- Fix prelink
More information about the fedora-cvs-commits
mailing list