rpms/selinux-policy/devel .cvsignore, 1.109, 1.110 modules-strict.conf, 1.25, 1.26 modules-targeted.conf, 1.52, 1.53 policy-20070219.patch, 1.33, 1.34 selinux-policy.spec, 1.420, 1.421 sources, 1.115, 1.116
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Apr 2 15:17:53 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1275
Modified Files:
.cvsignore modules-strict.conf modules-targeted.conf
policy-20070219.patch selinux-policy.spec sources
Log Message:
* Mon Mar 26 2007 Dan Walsh <dwalsh at redhat.com> 2.5.11-1
- Update to upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- .cvsignore 23 Mar 2007 17:31:13 -0000 1.109
+++ .cvsignore 2 Apr 2007 15:17:45 -0000 1.110
@@ -111,3 +111,4 @@
serefpolicy-2.5.8.tgz
serefpolicy-2.5.9.tgz
serefpolicy-2.5.10.tgz
+serefpolicy-2.5.11.tgz
Index: modules-strict.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-strict.conf,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- modules-strict.conf 20 Mar 2007 20:21:08 -0000 1.25
+++ modules-strict.conf 2 Apr 2007 15:17:45 -0000 1.26
@@ -1368,3 +1368,10 @@
# File System in Userspace (FUSE) utilities
#
fusermount = base
+
+# Layer: services
+# Module: apcupsd
+#
+# daemon for most APC’s UPS for Linux
+#
+apcupsd = module
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- modules-targeted.conf 20 Mar 2007 20:21:08 -0000 1.52
+++ modules-targeted.conf 2 Apr 2007 15:17:45 -0000 1.53
@@ -1281,8 +1281,6 @@
#
usernetctl = module
-
-
# Layer: system
# Module: xen
#
@@ -1417,3 +1415,9 @@
#
fusermount = base
+# Layer: services
+# Module: apcupsd
+#
+# daemon for most APC’s UPS for Linux
+#
+apcupsd = module
policy-20070219.patch:
Rules.modular | 12 +
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 39 +++-
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/bootloader.te | 2
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 18 ++
policy/modules/admin/kudzu.te | 2
policy/modules/admin/logwatch.te | 2
policy/modules/admin/netutils.te | 1
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 65 +++++++
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.te | 3
policy/modules/admin/usermanage.te | 42 +++--
policy/modules/apps/games.fc | 1
policy/modules/apps/gnome.if | 26 +++
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/apps/slocate.te | 1
policy/modules/apps/usernetctl.te | 10 -
policy/modules/kernel/corecommands.fc | 7
policy/modules/kernel/corecommands.if | 20 ++
policy/modules/kernel/corenetwork.if.in | 54 ++++++
policy/modules/kernel/corenetwork.te.in | 16 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 46 +++++
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 81 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 11 +
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 14 -
policy/modules/services/apache.if | 161 +++++++++++++++++++
policy/modules/services/apache.te | 59 +++++++
policy/modules/services/apcupsd.fc | 9 +
policy/modules/services/apcupsd.if | 111 +++++++++++++
policy/modules/services/apcupsd.te | 81 +++++++++
policy/modules/services/automount.te | 2
policy/modules/services/ccs.te | 12 +
policy/modules/services/consolekit.fc | 1
policy/modules/services/consolekit.te | 22 ++
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +---
policy/modules/services/cron.te | 51 ++++--
policy/modules/services/cvs.te | 2
policy/modules/services/cyrus.te | 5
policy/modules/services/dbus.if | 57 ++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 4
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 6
policy/modules/services/hal.te | 130 +++++++++++++++
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 58 ++-----
policy/modules/services/kerberos.te | 36 ++++
policy/modules/services/mta.if | 19 ++
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.if | 4
policy/modules/services/ntp.te | 1
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 2
policy/modules/services/ppp.te | 9 -
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 1
policy/modules/services/radius.te | 4
policy/modules/services/rpc.if | 5
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 44 +++++
policy/modules/services/samba.te | 50 +++++-
policy/modules/services/sasl.te | 11 +
policy/modules/services/sendmail.if | 20 ++
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.te | 10 +
policy/modules/services/spamassassin.te | 7
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 5
policy/modules/services/xserver.te | 10 -
policy/modules/services/zabbix.fc | 4
policy/modules/services/zabbix.if | 87 ++++++++++
policy/modules/services/zabbix.te | 64 +++++++
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 104 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 83 ++++++++--
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 +++++
policy/modules/system/fusermount.te | 45 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 3
policy/modules/system/init.te | 35 +++-
policy/modules/system/ipsec.if | 20 ++
policy/modules/system/iptables.te | 4
policy/modules/system/libraries.fc | 7
policy/modules/system/libraries.te | 20 ++
policy/modules/system/locallogin.te | 7
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 1
policy/modules/system/lvm.te | 5
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 64 +++++++
policy/modules/system/raid.te | 1
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 5
policy/modules/system/selinuxutil.te | 68 +++-----
policy/modules/system/udev.fc | 2
policy/modules/system/udev.te | 6
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.if | 10 -
policy/modules/system/unconfined.te | 24 ++
policy/modules/system/userdomain.if | 246 ++++++++++++++++--------------
policy/modules/system/userdomain.te | 46 ++++-
policy/modules/system/xen.te | 27 +++
policy/support/obj_perm_sets.spt | 12 +
142 files changed, 2778 insertions(+), 416 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.33 -r 1.34 policy-20070219.patch
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- policy-20070219.patch 23 Mar 2007 17:26:52 -0000 1.33
+++ policy-20070219.patch 2 Apr 2007 15:17:45 -0000 1.34
@@ -1,155 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.5.10/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/ftpd_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -39,14 +39,10 @@
- ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
- .TP
- setsebool -P ftpd_is_daemon 1
--.TP
--You can disable SELinux protection for the ftpd daemon by executing:
--.TP
--setsebool -P ftpd_disable_trans 1
- .br
- service vsftpd restart
- .TP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.10/man/man8/httpd_selinux.8
---- nsaserefpolicy/man/man8/httpd_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/httpd_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -110,22 +110,7 @@
- .EE
-
- .PP
--You can disable suexec transition, set httpd_suexec_disable_trans deny this
--
--.EX
--setsebool -P httpd_suexec_disable_trans 1
--.EE
--
--.PP
--You can disable SELinux protection for the httpd daemon by executing:
--
--.EX
--setsebool -P httpd_disable_trans 1
--service httpd restart
--.EE
--
--.PP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.10/man/man8/kerberos_selinux.8
---- nsaserefpolicy/man/man8/kerberos_selinux.8 2007-02-26 14:42:44.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/kerberos_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -18,16 +18,9 @@
- You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
- .EX
- setsebool -P allow_kerberos 1
--.EE
--If you are running Kerberos daemons kadmind or krb5kdc you can disable the SELinux protection on these daemons by setting the krb5kdc_disable_trans and kadmind_disable_trans booleans.
--.EX
--setsebool -P krb5kdc_disable_trans 1
--service krb5kdc restart
--setsebool -P kadmind_disable_trans 1
--service kadmind restart
- .EE
- .PP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.10/man/man8/named_selinux.8
---- nsaserefpolicy/man/man8/named_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/named_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -20,13 +20,7 @@
- setsebool -P named_write_master_zones 1
- .EE
- .PP
--You can disable SELinux protection for the named daemon by executing:
--.EX
--setsebool -P named_disable_trans 1
--service named restart
--.EE
--.PP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.5.10/man/man8/nfs_selinux.8
---- nsaserefpolicy/man/man8/nfs_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/nfs_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -22,7 +22,7 @@
- .TP
- setsebool -P use_nfs_home_dirs 1
- .TP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.10/man/man8/rsync_selinux.8
---- nsaserefpolicy/man/man8/rsync_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/rsync_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -36,13 +36,7 @@
-
- .SH BOOLEANS
- .TP
--You can disable SELinux protection for the rsync daemon by executing:
--.EX
--setsebool -P rsync_disable_trans 1
--service xinetd restart
--.EE
--.TP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.5.10/man/man8/samba_selinux.8
---- nsaserefpolicy/man/man8/samba_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/samba_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -41,17 +41,7 @@
-
- setsebool -P use_samba_home_dirs 1
- .TP
--You can disable SELinux protection for the samba daemon by executing:
--.br
--
--setsebool -P smbd_disable_trans 1
--.br
--service smb restart
--.TP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
--
--
--
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
-
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.5.10/man/man8/ypbind_selinux.8
---- nsaserefpolicy/man/man8/ypbind_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.10/man/man8/ypbind_selinux.8 2007-03-22 15:06:58.000000000 -0400
-@@ -11,7 +11,7 @@
- .TP
- setsebool -P allow_ypbind 1
- .TP
--system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+system-config-selinux is a GUI tool available to customize SELinux policy settings.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.10/policy/flask/access_vectors
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.11/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.5.10/policy/flask/access_vectors 2007-03-22 15:06:58.000000000 -0400
++++ serefpolicy-2.5.11/policy/flask/access_vectors 2007-04-02 11:16:11.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -168,9 +19,9 @@
}
class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.10/policy/global_booleans
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.11/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.10/policy/global_booleans 2007-03-22 15:06:58.000000000 -0400
++++ serefpolicy-2.5.11/policy/global_booleans 2007-04-02 11:16:11.000000000 -0400
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -187,69 +38,56 @@
## <desc>
## <p>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.10/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.10/policy/global_tunables 2007-03-22 15:06:58.000000000 -0400
-@@ -278,6 +278,20 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.11/policy/global_tunables
+--- nsaserefpolicy/policy/global_tunables 2007-03-26 16:24:14.000000000 -0400
++++ serefpolicy-2.5.11/policy/global_tunables 2007-04-02 11:16:11.000000000 -0400
+@@ -49,6 +49,14 @@
## <desc>
## <p>
-+## Allow httpd to read nfs files
-+## </p>
-+## </desc>
-+gen_tunable(httpd_use_nfs,false)
-+
-+## <desc>
-+## <p>
[...4275 lines suppressed...]
+ ## <p>
+ ## Allow sysadm to ptrace all processes
+@@ -58,7 +57,6 @@
+ ## </p>
+ ## </desc>
+ gen_tunable(user_ttyfile_stat,false)
+-')
+
+ # admin users terminals (tty and pty)
+ attribute admin_terminal;
+@@ -69,6 +67,9 @@
# users home directory contents
attribute home_type;
@@ -5861,7 +5740,7 @@
# The privhome attribute identifies every domain that can create files under
# regular user home directories in the regular context (IE act on behalf of
# a user in writing regular files)
-@@ -56,10 +59,10 @@
+@@ -101,10 +102,10 @@
# Local policy
#
@@ -5873,7 +5752,7 @@
# user role change rules:
# sysadm_r can change to user roles
-@@ -112,6 +115,11 @@
+@@ -157,6 +158,11 @@
init_exec(sysadm_t)
@@ -5885,7 +5764,7 @@
# Following for sending reboot and wall messages
userdom_use_unpriv_users_ptys(sysadm_t)
userdom_use_unpriv_users_ttys(sysadm_t)
-@@ -182,6 +190,10 @@
+@@ -227,6 +233,10 @@
')
optional_policy(`
@@ -5896,7 +5775,7 @@
apache_run_helper(sysadm_t,sysadm_r,admin_terminal)
#apache_run_all_scripts(sysadm_t,sysadm_r)
#apache_domtrans_sys_script(sysadm_t)
-@@ -339,6 +351,10 @@
+@@ -384,6 +394,10 @@
')
optional_policy(`
@@ -5907,7 +5786,7 @@
netutils_run(sysadm_t,sysadm_r,admin_terminal)
netutils_run_ping(sysadm_t,sysadm_r,admin_terminal)
netutils_run_traceroute(sysadm_t,sysadm_r,admin_terminal)
-@@ -397,6 +413,9 @@
+@@ -442,6 +456,9 @@
ifdef(`enable_mls',`
userdom_security_admin_template(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
@@ -5917,7 +5796,7 @@
', `
userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -449,15 +468,15 @@
+@@ -494,15 +511,15 @@
unconfined_alias_domain(sysadm_t)
# User home directory type.
@@ -5942,7 +5821,7 @@
# compatibility for switching from strict
# dominance { role secadm_r { role system_r; }}
-@@ -493,4 +512,9 @@
+@@ -538,4 +555,9 @@
optional_policy(`
samba_per_role_template(user)
')
@@ -5952,17 +5831,18 @@
+ ')
+
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.10/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2007-03-20 23:38:28.000000000 -0400
-+++ serefpolicy-2.5.10/policy/modules/system/xen.te 2007-03-22 15:09:40.000000000 -0400
-@@ -1,5 +1,5 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.11/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2007-03-26 10:39:07.000000000 -0400
++++ serefpolicy-2.5.11/policy/modules/system/xen.te 2007-04-02 11:16:11.000000000 -0400
+@@ -88,6 +88,7 @@
+ allow xend_t xen_image_t:dir list_dir_perms;
+ manage_dirs_pattern(xend_t,xen_image_t,xen_image_t)
+ manage_files_pattern(xend_t,xen_image_t,xen_image_t)
++read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
+ rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
--policy_module(xen,1.2.1)
-+policy_module(xen,1.2.0)
-
- ########################################
- #
-@@ -166,8 +166,13 @@
+ allow xend_t xenctl_t:fifo_file manage_file_perms;
+@@ -165,8 +166,13 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
files_read_usr_files(xend_t)
@@ -5977,7 +5857,7 @@
storage_raw_read_removable_device(xend_t)
term_getattr_all_user_ptys(xend_t)
-@@ -285,6 +290,12 @@
+@@ -284,6 +290,12 @@
files_read_usr_files(xenstored_t)
@@ -5990,7 +5870,7 @@
term_use_generic_ptys(xenstored_t)
term_use_console(xenconsoled_t)
-@@ -318,6 +329,11 @@
+@@ -317,6 +329,11 @@
allow xm_t xen_image_t:dir rw_dir_perms;
allow xm_t xen_image_t:file read_file_perms;
@@ -6002,7 +5882,7 @@
kernel_read_system_state(xm_t)
kernel_read_kernel_sysctls(xm_t)
-@@ -354,3 +370,11 @@
+@@ -352,3 +369,11 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
@@ -6014,9 +5894,9 @@
+fs_read_nfs_files(xend_t)
+fs_getattr_all_fs(xend_t)
+fs_read_dos_files(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.10/policy/support/obj_perm_sets.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.11/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.10/policy/support/obj_perm_sets.spt 2007-03-22 15:06:59.000000000 -0400
++++ serefpolicy-2.5.11/policy/support/obj_perm_sets.spt 2007-04-02 11:16:11.000000000 -0400
@@ -215,7 +215,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -6026,22 +5906,23 @@
define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
define(`append_file_perms',`{ getattr append lock ioctl }')
define(`write_file_perms',`{ getattr write append lock ioctl }')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.10/Rules.modular
---- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400
-+++ serefpolicy-2.5.10/Rules.modular 2007-03-22 15:06:59.000000000 -0400
-@@ -91,10 +91,10 @@
+@@ -324,3 +324,13 @@
#
- # Create a base module package
- #
--$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers
-+$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts)
- @echo "Creating $(NAME) base module package"
- @test -d $(builddir) || mkdir -p $(builddir)
-- $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
-+ $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts)
-
- $(base_mod): $(base_conf)
- @echo "Compiling $(NAME) base module"
+ define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
+ define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
++
++define(`all_capabilities', `{ chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control }
++')
++
++define(`all_nscd', `{ getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost } ')
++define(`all_dbus', `{ acquire_svc send_msg } ')
++define(`all_passwd', `{ passwd chfn chsh rootok crontab } ')
++define(`all_association', `{ sendto recvfrom setcontext polmatch } ')
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.11/Rules.modular
+--- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400
++++ serefpolicy-2.5.11/Rules.modular 2007-04-02 11:16:11.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -6068,15 +5949,3 @@
# Clean the sources
#
clean:
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-2.5.10/Rules.monolithic
---- nsaserefpolicy/Rules.monolithic 2007-03-22 14:30:10.000000000 -0400
-+++ serefpolicy-2.5.10/Rules.monolithic 2007-03-22 15:06:59.000000000 -0400
-@@ -50,7 +50,7 @@
-
- policy: $(polver)
-
--install: $(loadpath) $(fcpath) $(appfiles)
-+install: $(loadpath) $(fcpath) $(ncpath) $(appfiles)
-
- load: $(tmpdir)/load
-
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.420
retrieving revision 1.421
diff -u -r1.420 -r1.421
--- selinux-policy.spec 23 Mar 2007 15:42:50 -0000 1.420
+++ selinux-policy.spec 2 Apr 2007 15:17:45 -0000 1.421
@@ -11,13 +11,13 @@
%define BUILD_MLS 1
%endif
%define POLICYVER 21
-%define libsepolver 1.12.26-1
+%define libsepolver 2.0.1-2
%define POLICYCOREUTILSVER 2.0.7-5
-%define CHECKPOLICYVER 1.30.11-1
+%define CHECKPOLICYVER 2.0.1-2
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.5.10
-Release: 2%{?dist}
+Version: 2.5.11
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -166,7 +166,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2215.
+Based off of reference policy: Checked out revision 2247.
%prep
%setup -q -n serefpolicy-%{version}
@@ -187,15 +187,6 @@
# Install devel
make clean
-make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
-mkdir %{buildroot}%{_usr}/share/selinux/devel/
-mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
-install -m 755 ${RPM_SOURCE_DIR}/policygentool %{buildroot}%{_usr}/share/selinux/devel/
-install -m 644 ${RPM_SOURCE_DIR}/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
-install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
-echo "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
-chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
-
%if %{BUILD_TARGETED}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
@@ -218,6 +209,16 @@
%installCmds mls strict-mls y y
%endif
+make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
+mkdir %{buildroot}%{_usr}/share/selinux/devel/
+mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
+install -m 755 ${RPM_SOURCE_DIR}/policygentool %{buildroot}%{_usr}/share/selinux/devel/
+install -m 644 ${RPM_SOURCE_DIR}/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
+install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
+echo "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
+chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
+
+
%clean
%{__rm} -fR %{buildroot}
@@ -356,6 +357,9 @@
%endif
%changelog
+* Mon Mar 26 2007 Dan Walsh <dwalsh at redhat.com> 2.5.11-1
+- Update to upstream
+
* Fri Mar 23 2007 Dan Walsh <dwalsh at redhat.com> 2.5.10-2
- Allow samba to run groupadd
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -r1.115 -r1.116
--- sources 23 Mar 2007 17:31:13 -0000 1.115
+++ sources 2 Apr 2007 15:17:45 -0000 1.116
@@ -1 +1 @@
-167cc1db2323e43bbb9af6520604d195 serefpolicy-2.5.10.tgz
+a40f265b7c28bbb4229ff896f1d145f1 serefpolicy-2.5.11.tgz
More information about the fedora-cvs-commits
mailing list