rpms/selinux-policy/devel policy-20070219.patch, 1.53, 1.54 selinux-policy.spec, 1.438, 1.439
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 19 13:40:34 UTC 2007
- Previous message (by thread): rpms/policycoreutils/devel policycoreutils-gui.patch, 1.13, 1.14 policycoreutils.spec, 1.402, 1.403
- Next message (by thread): rpms/selinux-policy/devel modules-targeted.conf, 1.56, 1.57 policy-20070219.patch, 1.54, 1.55 selinux-policy.spec, 1.439, 1.440
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9111
Modified Files:
policy-20070219.patch selinux-policy.spec
Log Message:
* Thu Apr 19 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-9
- MLS Fixes
policy-20070219.patch:
Rules.modular | 12 +
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 7
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/alsa.fc | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/bootloader.te | 3
policy/modules/admin/consoletype.te | 10 -
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 6
policy/modules/admin/logwatch.te | 4
policy/modules/admin/netutils.te | 6
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 85 +++++++---
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 4
policy/modules/admin/usermanage.if | 2
policy/modules/admin/usermanage.te | 26 +++
policy/modules/apps/gnome.if | 26 ++-
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/apps/slocate.te | 5
policy/modules/apps/uml.if | 27 ---
policy/modules/kernel/corecommands.fc | 5
policy/modules/kernel/corecommands.if | 20 ++
policy/modules/kernel/corenetwork.te.in | 15 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 46 +++++
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 83 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 13 +
policy/modules/kernel/kernel.if | 42 ++++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/aide.fc | 1
policy/modules/services/aide.te | 2
policy/modules/services/amavis.te | 3
policy/modules/services/apache.fc | 14 -
policy/modules/services/apache.if | 171 +++++++++++++++++++-
policy/modules/services/apache.te | 72 ++++++++
policy/modules/services/apcupsd.fc | 9 +
policy/modules/services/apcupsd.if | 108 ++++++++++++
policy/modules/services/apcupsd.te | 91 ++++++++++
policy/modules/services/automount.te | 2
policy/modules/services/avahi.if | 19 ++
policy/modules/services/avahi.te | 4
policy/modules/services/bluetooth.te | 2
policy/modules/services/consolekit.te | 31 ++-
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 43 ++++-
policy/modules/services/cups.te | 6
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 63 +++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 5
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 8
policy/modules/services/hal.if | 39 ++++
policy/modules/services/hal.te | 145 ++++++++++++++++-
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 79 ++-------
policy/modules/services/kerberos.te | 36 ++++
policy/modules/services/mailman.if | 19 ++
policy/modules/services/mta.if | 19 ++
policy/modules/services/mta.te | 2
policy/modules/services/nis.if | 4
policy/modules/services/nis.te | 4
policy/modules/services/nscd.te | 10 +
policy/modules/services/ntp.te | 4
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 6
policy/modules/services/postfix.if | 1
policy/modules/services/postfix.te | 8
policy/modules/services/ppp.te | 2
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 7
policy/modules/services/radius.te | 4
policy/modules/services/rpc.if | 5
policy/modules/services/rsync.te | 1
policy/modules/services/rwho.fc | 3
policy/modules/services/rwho.if | 84 +++++++++
policy/modules/services/rwho.te | 65 +++++++
policy/modules/services/samba.fc | 3
policy/modules/services/samba.if | 86 ++++++++++
policy/modules/services/samba.te | 85 +++++++++-
policy/modules/services/sendmail.if | 22 ++
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.te | 15 +
policy/modules/services/spamassassin.te | 7
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 10 -
policy/modules/services/w3c.fc | 2
policy/modules/services/w3c.if | 1
policy/modules/services/w3c.te | 14 +
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 104 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 83 ++++++++-
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 45 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 42 ++++
policy/modules/system/init.te | 35 +++-
policy/modules/system/ipsec.if | 20 ++
policy/modules/system/ipsec.te | 3
policy/modules/system/iptables.te | 4
policy/modules/system/libraries.fc | 3
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 7
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 2
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 6
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 64 +++++++
policy/modules/system/raid.te | 1
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 5
policy/modules/system/selinuxutil.te | 59 +++---
policy/modules/system/setrans.if | 1
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 12 +
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.if | 10 -
policy/modules/system/unconfined.te | 24 ++
policy/modules/system/userdomain.if | 271 +++++++++++++++++++-------------
policy/modules/system/userdomain.te | 46 ++++-
policy/modules/system/xen.te | 35 ++++
policy/support/obj_perm_sets.spt | 12 +
154 files changed, 3021 insertions(+), 442 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- policy-20070219.patch 18 Apr 2007 21:00:52 -0000 1.53
+++ policy-20070219.patch 19 Apr 2007 13:40:31 -0000 1.54
@@ -1579,6 +1579,26 @@
fs_type(devpts_t)
fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.fc serefpolicy-2.5.12/policy/modules/services/aide.fc
+--- nsaserefpolicy/policy/modules/services/aide.fc 2006-11-16 17:15:21.000000000 -0500
++++ serefpolicy-2.5.12/policy/modules/services/aide.fc 2007-04-18 22:31:58.000000000 -0400
+@@ -3,3 +3,4 @@
+ /var/lib/aide(/.*) gen_context(system_u:object_r:aide_db_t,mls_systemhigh)
+
+ /var/log/aide.log -- gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
++/var/log/aide(/.*)? gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.te serefpolicy-2.5.12/policy/modules/services/aide.te
+--- nsaserefpolicy/policy/modules/services/aide.te 2007-01-02 12:57:43.000000000 -0500
++++ serefpolicy-2.5.12/policy/modules/services/aide.te 2007-04-18 22:31:08.000000000 -0400
+@@ -32,7 +32,7 @@
+ manage_files_pattern(aide_t,aide_db_t,aide_db_t)
+
+ # logs
+-allow aide_t aide_log_t:file manage_file_perms;
++manage_files_pattern(aide_t, aide_log_t, aide_log_t)
+ logging_log_filetrans(aide_t,aide_log_t,file)
+
+ files_read_all_files(aide_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.5.12/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2007-03-26 10:39:04.000000000 -0400
+++ serefpolicy-2.5.12/policy/modules/services/amavis.te 2007-04-11 17:07:34.000000000 -0400
@@ -5834,7 +5854,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.12/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-03-26 16:24:13.000000000 -0400
-+++ serefpolicy-2.5.12/policy/modules/system/userdomain.if 2007-04-18 15:31:48.000000000 -0400
++++ serefpolicy-2.5.12/policy/modules/system/userdomain.if 2007-04-18 22:32:59.000000000 -0400
@@ -114,6 +114,10 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -5863,6 +5883,15 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
+@@ -1126,7 +1131,7 @@
+ # $1_t local policy
+ #
+
+- allow $1_t self:capability ~sys_module;
++ allow $1_t self:capability ~{ sys_module audit_control };
+ allow $1_t self:process { setexec setfscreate };
+
+ # Set password information for other users.
@@ -1369,11 +1374,7 @@
## <rolecap/>
#
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.438
retrieving revision 1.439
diff -u -r1.438 -r1.439
--- selinux-policy.spec 18 Apr 2007 21:00:52 -0000 1.438
+++ selinux-policy.spec 19 Apr 2007 13:40:31 -0000 1.439
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.5.12
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -358,6 +358,9 @@
%endif
%changelog
+* Thu Apr 19 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-9
+- MLS Fixes
+
* Wed Apr 18 2007 Dan Walsh <dwalsh at redhat.com> 2.5.12-8
- Fix path of /etc/lvm/cache directory
- Fixes for alsactl and pppd_t
- Previous message (by thread): rpms/policycoreutils/devel policycoreutils-gui.patch, 1.13, 1.14 policycoreutils.spec, 1.402, 1.403
- Next message (by thread): rpms/selinux-policy/devel modules-targeted.conf, 1.56, 1.57 policy-20070219.patch, 1.54, 1.55 selinux-policy.spec, 1.439, 1.440
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list