rpms/selinux-policy/devel policy-20070219.patch, 1.46, 1.47 selinux-policy.spec, 1.432, 1.433
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Apr 16 17:11:48 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29353
Modified Files:
policy-20070219.patch selinux-policy.spec
Log Message:
* Fri Apr 12 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-3
- fixes for fusefs
policy-20070219.patch:
Rules.modular | 12 +
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 7
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/bootloader.te | 3
policy/modules/admin/consoletype.te | 10 -
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 6
policy/modules/admin/logwatch.te | 4
policy/modules/admin/netutils.te | 6
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 85 +++++++---
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 4
policy/modules/admin/usermanage.if | 2
policy/modules/admin/usermanage.te | 26 +++
policy/modules/apps/gnome.if | 26 ++-
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/apps/slocate.te | 5
policy/modules/apps/uml.if | 27 ---
policy/modules/kernel/corecommands.fc | 5
policy/modules/kernel/corecommands.if | 20 ++
policy/modules/kernel/corenetwork.te.in | 14 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 46 +++++
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 83 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 13 +
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/amavis.te | 3
policy/modules/services/apache.fc | 14 -
policy/modules/services/apache.if | 171 +++++++++++++++++++-
policy/modules/services/apache.te | 72 ++++++++
policy/modules/services/apcupsd.fc | 9 +
policy/modules/services/apcupsd.if | 108 ++++++++++++
policy/modules/services/apcupsd.te | 91 ++++++++++
policy/modules/services/automount.te | 2
policy/modules/services/avahi.if | 19 ++
policy/modules/services/bluetooth.te | 2
policy/modules/services/consolekit.te | 13 +
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 43 ++++-
policy/modules/services/cups.te | 6
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 65 +++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 5
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 8
policy/modules/services/hal.if | 39 ++++
policy/modules/services/hal.te | 143 ++++++++++++++++-
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 79 ++-------
policy/modules/services/kerberos.te | 36 ++++
policy/modules/services/mailman.if | 19 ++
policy/modules/services/mta.if | 19 ++
policy/modules/services/mta.te | 2
policy/modules/services/nis.if | 4
policy/modules/services/nis.te | 4
policy/modules/services/nscd.te | 10 +
policy/modules/services/ntp.te | 4
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 6
policy/modules/services/postfix.if | 1
policy/modules/services/postfix.te | 8
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 7
policy/modules/services/radius.te | 4
policy/modules/services/rpc.if | 5
policy/modules/services/rsync.te | 1
policy/modules/services/samba.fc | 3
policy/modules/services/samba.if | 86 ++++++++++
policy/modules/services/samba.te | 83 +++++++++
policy/modules/services/sendmail.if | 22 ++
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.te | 15 +
policy/modules/services/spamassassin.te | 7
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 10 -
policy/modules/services/w3c.fc | 2
policy/modules/services/w3c.if | 1
policy/modules/services/w3c.te | 14 +
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 104 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 83 ++++++++-
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 45 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 42 ++++
policy/modules/system/init.te | 35 +++-
policy/modules/system/ipsec.if | 20 ++
policy/modules/system/iptables.te | 4
policy/modules/system/libraries.fc | 2
policy/modules/system/locallogin.te | 7
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 2
policy/modules/system/lvm.te | 6
policy/modules/system/modutils.te | 6
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 64 +++++++
policy/modules/system/raid.te | 1
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 5
policy/modules/system/selinuxutil.te | 52 +++---
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 12 +
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.if | 10 -
policy/modules/system/unconfined.te | 24 ++
policy/modules/system/userdomain.if | 269 +++++++++++++++++++-------------
policy/modules/system/userdomain.te | 46 ++++-
policy/modules/system/xen.te | 35 ++++
policy/support/obj_perm_sets.spt | 12 +
142 files changed, 2806 insertions(+), 435 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- policy-20070219.patch 12 Apr 2007 21:09:34 -0000 1.46
+++ policy-20070219.patch 16 Apr 2007 17:11:45 -0000 1.47
@@ -270,7 +270,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.5.12/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.12/policy/modules/admin/bootloader.te 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/admin/bootloader.te 2007-04-16 11:36:34.000000000 -0400
@@ -65,6 +65,8 @@
files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
@@ -280,6 +280,14 @@
kernel_getattr_core_if(bootloader_t)
kernel_read_network_state(bootloader_t)
+@@ -187,6 +189,7 @@
+
+ optional_policy(`
+ hal_dontaudit_append_lib_files(bootloader_t)
++ hal_write_log(bootloader_t)
+ ')
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.12/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-02-19 11:32:54.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/admin/consoletype.te 2007-04-11 17:07:34.000000000 -0400
@@ -544,9 +552,19 @@
ifdef(`TODO',`
allow $1_su_t $1_home_t:file manage_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-2.5.12/policy/modules/admin/usermanage.if
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-03-26 10:39:08.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/admin/usermanage.if 2007-04-13 07:09:32.000000000 -0400
+@@ -278,5 +278,5 @@
+ type crack_db_t;
+ ')
+
+- allow $1 crack_db_t:file read_file_perms;
++ read_files_pattern($1,crack_db_t,crack_db_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.5.12/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/admin/usermanage.te 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/admin/usermanage.te 2007-04-16 09:39:28.000000000 -0400
@@ -252,8 +252,13 @@
')
@@ -570,7 +588,15 @@
# allow vipw to exec the editor
corecmd_exec_bin(sysadm_passwd_t)
corecmd_exec_shell(sysadm_passwd_t)
-@@ -508,6 +515,9 @@
+@@ -433,6 +440,7 @@
+
+ optional_policy(`
+ nscd_socket_use(sysadm_passwd_t)
++ nscd_domtrans(sysadm_passwd_t)
+ ')
+
+ ########################################
+@@ -508,6 +516,9 @@
seutil_read_default_contexts(useradd_t)
seutil_domtrans_semanage(useradd_t)
seutil_domtrans_restorecon(useradd_t)
@@ -580,7 +606,7 @@
userdom_use_unpriv_users_fds(useradd_t)
# for when /root is the cwd
-@@ -521,11 +531,26 @@
+@@ -521,11 +532,26 @@
mta_manage_spool(useradd_t)
optional_policy(`
@@ -755,8 +781,8 @@
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.5.12/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.5.12/policy/modules/apps/slocate.te 2007-04-11 17:07:34.000000000 -0400
-@@ -42,9 +42,7 @@
++++ serefpolicy-2.5.12/policy/modules/apps/slocate.te 2007-04-16 12:08:09.000000000 -0400
+@@ -42,9 +42,8 @@
files_read_etc_runtime_files(locate_t)
files_read_etc_files(locate_t)
@@ -764,6 +790,7 @@
-fs_getattr_rpc_pipefs(locate_t)
-fs_getattr_rpc_dirs(locate_t)
+fs_getattr_all_fs(locate_t)
++fs_getattr_all_dirs(locate_t)
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
@@ -1288,8 +1315,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.5.12/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-03-26 16:24:09.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/kernel/filesystem.te 2007-04-11 17:07:34.000000000 -0400
-@@ -54,17 +54,29 @@
++++ serefpolicy-2.5.12/policy/modules/kernel/filesystem.te 2007-04-13 10:53:14.000000000 -0400
+@@ -54,17 +54,30 @@
type capifs_t;
fs_type(capifs_t)
@@ -1312,6 +1339,7 @@
+type fusefs_t;
+fs_type(fusefs_t)
++fs_noxattr_type(fusefs_t)
+allow fusefs_t self:filesystem associate;
+genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
+genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0)
@@ -1321,7 +1349,7 @@
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.5.12/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.12/policy/modules/kernel/kernel.if 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/kernel/kernel.if 2007-04-16 11:51:04.000000000 -0400
@@ -1830,6 +1830,26 @@
########################################
@@ -2529,7 +2557,13 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.5.12/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-03-26 10:39:04.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/services/dbus.if 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/services/dbus.if 2007-04-16 12:03:35.000000000 -0400
+@@ -1,4 +1,4 @@
+-## <summary>Desktop messaging bus</summary>
++# <summary>Desktop messaging bus</summary>
+
+ ########################################
+ ## <summary>
@@ -49,6 +49,12 @@
## </param>
#
@@ -2708,8 +2742,8 @@
+/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.5.12/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.12/policy/modules/services/hal.if 2007-04-11 17:07:34.000000000 -0400
-@@ -208,3 +208,22 @@
++++ serefpolicy-2.5.12/policy/modules/services/hal.if 2007-04-16 11:36:25.000000000 -0400
+@@ -208,3 +208,42 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
')
@@ -2732,9 +2766,29 @@
+
+ dontaudit $1 hald_log_t:file { append write };
+')
++
++########################################
++## <summary>
++## Allow attempts to write the hal
++## log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit
++## </summary>
++## </param>
++#
++interface(`hal_write_log',`
++ gen_require(`
++ type hald_log_t;
++ ')
++
++ logging_search_logs($1)
++ allow $1 hald_log_t:file rw_file_perms;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.5.12/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-03-20 23:38:00.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/services/hal.te 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/services/hal.te 2007-04-13 11:13:52.000000000 -0400
@@ -16,9 +16,33 @@
type hald_var_run_t;
files_pid_file(hald_var_run_t)
@@ -2839,7 +2893,7 @@
libs_use_ld_so(hald_t)
libs_use_shared_libs(hald_t)
-@@ -245,3 +281,101 @@
+@@ -245,3 +281,102 @@
optional_policy(`
vbetool_domtrans(hald_t)
')
@@ -2924,6 +2978,7 @@
+allow hald_t hald_sonypic_t : process signal;
+allow hald_sonypic_t hald_t : unix_stream_socket connectto;
+
++dev_read_video_dev(hald_sonypic_t)
+dev_write_video_dev(hald_sonypic_t)
+
+files_search_var_lib(hald_sonypic_t)
@@ -3166,6 +3221,35 @@
+ pcscd_stream_connect(kerberosclient)
+ ')
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.5.12/policy/modules/services/mailman.if
+--- nsaserefpolicy/policy/modules/services/mailman.if 2007-01-02 12:57:43.000000000 -0500
++++ serefpolicy-2.5.12/policy/modules/services/mailman.if 2007-04-16 10:22:15.000000000 -0400
+@@ -275,6 +275,25 @@
+
+ #######################################
+ ## <summary>
++## append
++## mailman logs.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`mailman_append_log',`
++ gen_require(`
++ type mailman_log_t;
++ ')
++
++ append_files_pattern($1,mailman_log_t,mailman_log_t)
++')
++
++#######################################
++## <summary>
+ ## Allow domain to read mailman archive files.
+ ## </summary>
+ ## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.5.12/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-03-26 10:39:04.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/mta.if 2007-04-11 17:07:34.000000000 -0400
@@ -3594,7 +3678,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.5.12/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-03-26 16:24:12.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/services/samba.te 2007-04-12 14:55:44.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/services/samba.te 2007-04-16 11:08:25.000000000 -0400
@@ -28,10 +28,39 @@
## </desc>
gen_tunable(samba_share_nfs,false)
@@ -3711,7 +3795,15 @@
read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
allow nmbd_t samba_log_t:dir setattr;
-@@ -457,6 +516,7 @@
+@@ -391,6 +450,7 @@
+ corenet_udp_bind_nmbd_port(nmbd_t)
+ corenet_sendrecv_nmbd_server_packets(nmbd_t)
+ corenet_sendrecv_nmbd_client_packets(nmbd_t)
++corenet_tcp_connect_smbd_port(nmbd_t)
+
+ dev_read_sysfs(nmbd_t)
+ dev_getattr_mtrr_dev(nmbd_t)
+@@ -457,6 +517,7 @@
allow smbmount_t samba_secrets_t:file manage_file_perms;
@@ -3719,7 +3811,7 @@
allow smbmount_t samba_var_t:dir rw_dir_perms;
manage_files_pattern(smbmount_t,samba_var_t,samba_var_t)
manage_lnk_files_pattern(smbmount_t,samba_var_t,samba_var_t)
-@@ -514,7 +574,7 @@
+@@ -514,7 +575,7 @@
userdom_use_sysadm_ttys(smbmount_t)
optional_policy(`
@@ -3728,7 +3820,7 @@
')
optional_policy(`
-@@ -625,6 +685,8 @@
+@@ -625,6 +686,8 @@
# Winbind local policy
#
@@ -3737,7 +3829,7 @@
dontaudit winbind_t self:capability sys_tty_config;
allow winbind_t self:process signal_perms;
allow winbind_t self:fifo_file { read write };
-@@ -634,6 +696,9 @@
+@@ -634,6 +697,9 @@
allow winbind_t self:tcp_socket create_stream_socket_perms;
allow winbind_t self:udp_socket create_socket_perms;
@@ -3747,7 +3839,7 @@
allow winbind_t samba_etc_t:dir list_dir_perms;
read_files_pattern(winbind_t,samba_etc_t,samba_etc_t)
read_lnk_files_pattern(winbind_t,samba_etc_t,samba_etc_t)
-@@ -645,6 +710,7 @@
+@@ -645,6 +711,7 @@
manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
@@ -3755,7 +3847,7 @@
manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
-@@ -736,6 +802,7 @@
+@@ -736,6 +803,7 @@
read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
@@ -3763,7 +3855,7 @@
allow winbind_helper_t samba_var_t:dir search;
stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -764,3 +831,14 @@
+@@ -764,3 +832,14 @@
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
')
@@ -4033,7 +4125,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.5.12/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2007-03-26 16:24:12.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/services/ssh.te 2007-04-11 17:07:34.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/services/ssh.te 2007-04-13 07:08:39.000000000 -0400
@@ -24,11 +24,11 @@
# Type for the ssh-agent executable.
@@ -4056,6 +4148,22 @@
')
tunable_policy(`ssh_sysadm_login',`
+@@ -122,6 +123,10 @@
+ rssh_read_all_users_ro_content(sshd_t)
+ ')
+
++optional_policy(`
++ usermanage_read_crack_db(sshd_t)
++')
++
+ ifdef(`TODO',`
+ tunable_policy(`ssh_sysadm_login',`
+ # Relabel and access ptys created by sshd
+@@ -252,3 +257,4 @@
+ optional_policy(`
+ udev_read_db(ssh_keygen_t)
+ ')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-2.5.12/policy/modules/services/w3c.fc
--- nsaserefpolicy/policy/modules/services/w3c.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.5.12/policy/modules/services/w3c.fc 2007-04-11 17:07:34.000000000 -0400
@@ -5211,8 +5319,17 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.5.12/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2007-03-26 10:39:07.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/system/sysnetwork.te 2007-04-11 17:07:34.000000000 -0400
-@@ -221,6 +221,7 @@
++++ serefpolicy-2.5.12/policy/modules/system/sysnetwork.te 2007-04-16 12:03:06.000000000 -0400
+@@ -164,6 +164,8 @@
+ dbus_connect_system_bus(dhcpc_t)
+ dbus_send_system_bus(dhcpc_t)
+
++ dbus_dontaudit_rw_system_selinux_socket(dhcpc_t)
++
+ optional_policy(`
+ networkmanager_dbus_chat(dhcpc_t)
+ ')
+@@ -221,6 +223,7 @@
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
@@ -5222,8 +5339,20 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.5.12/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-04-11 15:52:54.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/system/udev.te 2007-04-11 17:07:34.000000000 -0400
-@@ -89,6 +89,7 @@
++++ serefpolicy-2.5.12/policy/modules/system/udev.te 2007-04-16 11:54:18.000000000 -0400
+@@ -83,12 +83,19 @@
+ kernel_dgram_send(udev_t)
+ kernel_signal(udev_t)
+
++#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
++kernel_read_net_sysctls(udev_t)
++kernel_read_network_state(udev_t)
++sysnet_read_dhcpc_pid(udev_t)
++sysnet_delete_dhcpc_pid(udev_t)
++
+ corecmd_exec_all_executables(udev_t)
+
+ dev_rw_sysfs(udev_t)
dev_manage_all_dev_nodes(udev_t)
dev_rw_generic_files(udev_t)
dev_delete_generic_files(udev_t)
@@ -5231,7 +5360,7 @@
domain_read_all_domains_state(udev_t)
domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-@@ -194,5 +195,10 @@
+@@ -194,5 +201,10 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.432
retrieving revision 1.433
diff -u -r1.432 -r1.433
--- selinux-policy.spec 12 Apr 2007 21:09:34 -0000 1.432
+++ selinux-policy.spec 16 Apr 2007 17:11:45 -0000 1.433
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.5.12
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -358,6 +358,9 @@
%endif
%changelog
+* Fri Apr 12 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-3
+- fixes for fusefs
+
* Thu Apr 12 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-2
- Fix samba_net to allow it to view samba_var_t
More information about the fedora-cvs-commits
mailing list