[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy/devel policy-20070219.patch, 1.59, 1.60 selinux-policy.spec, 1.443, 1.444



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17581

Modified Files:
	policy-20070219.patch selinux-policy.spec 
Log Message:
* Wed Apr 25 2007 Dan Walsh <dwalsh redhat com> 2.6.1-2
- Fixes for unix_update
- Fix logwatch to be able to search all dirs


policy-20070219.patch:
 Rules.modular                           |   12 +
 VERSION                                 |    2 
 policy/flask/access_vectors             |    4 
 policy/global_booleans                  |    2 
 policy/global_tunables                  |   15 -
 policy/mls                              |   31 ++-
 policy/modules/admin/acct.te            |    1 
 policy/modules/admin/alsa.fc            |    1 
 policy/modules/admin/amtu.fc            |    3 
 policy/modules/admin/amtu.if            |   53 ++++++
 policy/modules/admin/amtu.te            |   56 ++++++
 policy/modules/admin/bootloader.te      |    3 
 policy/modules/admin/consoletype.te     |   10 -
 policy/modules/admin/dmesg.te           |    1 
 policy/modules/admin/kudzu.te           |    6 
 policy/modules/admin/logrotate.te       |    1 
 policy/modules/admin/logwatch.te        |    6 
 policy/modules/admin/netutils.te        |    6 
 policy/modules/admin/readahead.te       |    6 
 policy/modules/admin/rpm.fc             |    3 
 policy/modules/admin/rpm.if             |   85 +++++++--
 policy/modules/admin/rpm.te             |    2 
 policy/modules/admin/su.if              |    6 
 policy/modules/admin/sudo.if            |    1 
 policy/modules/admin/usermanage.if      |    2 
 policy/modules/admin/usermanage.te      |   27 +++
 policy/modules/apps/gnome.if            |   26 ++-
 policy/modules/apps/gpg.fc              |    2 
 policy/modules/apps/loadkeys.if         |   44 +----
 policy/modules/apps/mozilla.if          |    1 
 policy/modules/apps/slocate.te          |    5 
 policy/modules/apps/uml.if              |   27 ---
 policy/modules/kernel/corecommands.fc   |    5 
 policy/modules/kernel/corecommands.if   |   20 ++
 policy/modules/kernel/corenetwork.te.in |   15 +
 policy/modules/kernel/devices.if        |   36 ++++
 policy/modules/kernel/domain.if         |   18 ++
 policy/modules/kernel/domain.te         |   46 +++++
 policy/modules/kernel/files.fc          |    1 
 policy/modules/kernel/files.if          |   83 ++++++++-
 policy/modules/kernel/filesystem.if     |   39 ++++
 policy/modules/kernel/filesystem.te     |   13 +
 policy/modules/kernel/kernel.if         |   42 ++++
 policy/modules/kernel/kernel.te         |    2 
 policy/modules/kernel/mls.if            |   20 ++
 policy/modules/kernel/mls.te            |    3 
 policy/modules/kernel/selinux.if        |   38 ++++
 policy/modules/kernel/storage.if        |    2 
 policy/modules/kernel/terminal.if       |   21 ++
 policy/modules/kernel/terminal.te       |    1 
 policy/modules/services/aide.fc         |    1 
 policy/modules/services/aide.te         |    2 
 policy/modules/services/amavis.if       |   19 ++
 policy/modules/services/amavis.te       |    3 
 policy/modules/services/apache.fc       |   14 -
 policy/modules/services/apache.if       |  171 ++++++++++++++++++-
 policy/modules/services/apache.te       |   79 +++++++++
 policy/modules/services/apcupsd.fc      |    9 +
 policy/modules/services/apcupsd.if      |  108 ++++++++++++
 policy/modules/services/apcupsd.te      |   92 ++++++++++
 policy/modules/services/automount.te    |    2 
 policy/modules/services/avahi.if        |   19 ++
 policy/modules/services/avahi.te        |    4 
 policy/modules/services/bind.te         |    1 
 policy/modules/services/bluetooth.te    |    2 
 policy/modules/services/clamav.te       |    1 
 policy/modules/services/clockspeed.if   |    2 
 policy/modules/services/consolekit.te   |   33 +++
 policy/modules/services/cron.fc         |    1 
 policy/modules/services/cron.if         |   33 +--
 policy/modules/services/cron.te         |   46 ++++-
 policy/modules/services/cups.te         |    6 
 policy/modules/services/cvs.te          |    1 
 policy/modules/services/cyrus.te        |    1 
 policy/modules/services/dbus.if         |   63 +++++++
 policy/modules/services/dhcp.te         |    2 
 policy/modules/services/djbdns.te       |    5 
 policy/modules/services/dovecot.te      |    5 
 policy/modules/services/ftp.te          |    5 
 policy/modules/services/hal.fc          |    8 
 policy/modules/services/hal.if          |   77 ++++++++
 policy/modules/services/hal.te          |  147 ++++++++++++++++-
 policy/modules/services/inetd.te        |    5 
 policy/modules/services/kerberos.if     |   79 ++-------
 policy/modules/services/kerberos.te     |   34 +++
 policy/modules/services/mailman.if      |   19 ++
 policy/modules/services/mta.if          |   19 ++
 policy/modules/services/mta.te          |    2 
 policy/modules/services/nis.if          |    4 
 policy/modules/services/nis.te          |    4 
 policy/modules/services/nscd.te         |   10 +
 policy/modules/services/ntp.te          |    4 
 policy/modules/services/pegasus.if      |   18 ++
 policy/modules/services/pegasus.te      |    6 
 policy/modules/services/postfix.if      |    1 
 policy/modules/services/postfix.te      |    8 
 policy/modules/services/ppp.te          |    2 
 policy/modules/services/procmail.te     |    1 
 policy/modules/services/pyzor.te        |    7 
 policy/modules/services/radius.te       |    4 
 policy/modules/services/rlogin.te       |    1 
 policy/modules/services/rpc.if          |    5 
 policy/modules/services/rpc.te          |    1 
 policy/modules/services/rpcbind.fc      |    6 
 policy/modules/services/rpcbind.if      |  104 ++++++++++++
 policy/modules/services/rpcbind.te      |   83 +++++++++
 policy/modules/services/rsync.te        |    1 
 policy/modules/services/rwho.fc         |    3 
 policy/modules/services/rwho.if         |   84 +++++++++
 policy/modules/services/rwho.te         |   61 +++++++
 policy/modules/services/samba.fc        |    3 
 policy/modules/services/samba.if        |   86 ++++++++++
 policy/modules/services/samba.te        |   87 +++++++++-
 policy/modules/services/sasl.te         |    1 
 policy/modules/services/sendmail.if     |   22 ++
 policy/modules/services/smartmon.te     |    1 
 policy/modules/services/snmp.te         |   15 +
 policy/modules/services/spamassassin.te |    7 
 policy/modules/services/squid.fc        |    2 
 policy/modules/services/squid.if        |   22 ++
 policy/modules/services/squid.te        |   12 +
 policy/modules/services/ssh.if          |   39 ++++
 policy/modules/services/ssh.te          |    9 -
 policy/modules/services/w3c.fc          |    2 
 policy/modules/services/w3c.if          |    1 
 policy/modules/services/w3c.te          |   14 +
 policy/modules/system/application.fc    |    1 
 policy/modules/system/application.if    |  104 ++++++++++++
 policy/modules/system/application.te    |   14 +
 policy/modules/system/authlogin.fc      |    1 
 policy/modules/system/authlogin.if      |  142 ++++++++++++++--
 policy/modules/system/authlogin.te      |   36 ++++
 policy/modules/system/fstools.fc        |    1 
 policy/modules/system/fstools.te        |    1 
 policy/modules/system/fusermount.fc     |    6 
 policy/modules/system/fusermount.if     |   41 ++++
 policy/modules/system/fusermount.te     |   50 +++++
 policy/modules/system/getty.te          |    3 
 policy/modules/system/hostname.te       |   14 +
 policy/modules/system/init.if           |   42 ++++
 policy/modules/system/init.te           |   35 +++-
 policy/modules/system/ipsec.if          |   20 ++
 policy/modules/system/ipsec.te          |    3 
 policy/modules/system/iptables.te       |    5 
 policy/modules/system/libraries.fc      |    5 
 policy/modules/system/libraries.te      |    4 
 policy/modules/system/locallogin.te     |   12 +
 policy/modules/system/logging.if        |   21 ++
 policy/modules/system/logging.te        |    2 
 policy/modules/system/lvm.fc            |    1 
 policy/modules/system/lvm.te            |    8 
 policy/modules/system/modutils.te       |    7 
 policy/modules/system/mount.fc          |    3 
 policy/modules/system/mount.if          |   37 ++++
 policy/modules/system/mount.te          |   70 +++++++-
 policy/modules/system/raid.te           |    1 
 policy/modules/system/selinuxutil.fc    |    1 
 policy/modules/system/selinuxutil.if    |    6 
 policy/modules/system/selinuxutil.te    |   70 +++++---
 policy/modules/system/sysnetwork.te     |    3 
 policy/modules/system/udev.te           |   12 +
 policy/modules/system/unconfined.fc     |    1 
 policy/modules/system/unconfined.if     |   10 -
 policy/modules/system/unconfined.te     |   24 ++
 policy/modules/system/userdomain.if     |  275 ++++++++++++++++++--------------
 policy/modules/system/userdomain.te     |   73 ++++++--
 policy/modules/system/xen.te            |   35 +++-
 policy/support/obj_perm_sets.spt        |   12 +
 168 files changed, 3471 insertions(+), 457 deletions(-)

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.59 -r 1.60 policy-20070219.patch
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- policy-20070219.patch	23 Apr 2007 17:12:14 -0000	1.59
+++ policy-20070219.patch	25 Apr 2007 18:31:32 -0000	1.60
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.1/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.6.1/policy/flask/access_vectors	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/flask/access_vectors	2007-04-23 13:12:09.000000000 -0400
 @@ -598,6 +598,8 @@
  	shmempwd
  	shmemgrp
@@ -21,7 +21,7 @@
  class key
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.6.1/policy/global_booleans
 --- nsaserefpolicy/policy/global_booleans	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.1/policy/global_booleans	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/global_booleans	2007-04-23 13:12:09.000000000 -0400
 @@ -4,7 +4,6 @@
  # file should be used.
  #
@@ -40,7 +40,7 @@
  ## <p>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.6.1/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2007-03-26 16:24:14.000000000 -0400
-+++ serefpolicy-2.6.1/policy/global_tunables	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/global_tunables	2007-04-25 10:03:25.000000000 -0400
 @@ -102,12 +102,6 @@
  ## </desc>
  gen_tunable(use_samba_home_dirs,false)
@@ -54,14 +54,22 @@
  ## <desc>
  ## <p>
  ## Allow email client to various content.
-@@ -143,4 +137,3 @@
+@@ -143,4 +137,11 @@
  ## </p>
  ## </desc>
  gen_tunable(write_untrusted_content,false)
 -')
++
++## <desc>
++## <p>
++## Allow users to connect to console (s390)
++## </p>
++## </desc>
++gen_tunable(allow_console_login,false)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.1/policy/mls
 --- nsaserefpolicy/policy/mls	2007-03-09 13:02:20.000000000 -0500
-+++ serefpolicy-2.6.1/policy/mls	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/mls	2007-04-23 13:12:09.000000000 -0400
 @@ -89,12 +89,14 @@
  mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
  	(( l1 eq l2 ) or
@@ -135,7 +143,7 @@
  mlsconstrain association { polmatch }
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.6.1/policy/modules/admin/acct.te
 --- nsaserefpolicy/policy/modules/admin/acct.te	2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/acct.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/acct.te	2007-04-23 13:12:09.000000000 -0400
 @@ -9,6 +9,7 @@
  type acct_t;
  type acct_exec_t;
@@ -146,7 +154,7 @@
  logging_log_file(acct_data_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.1/policy/modules/admin/alsa.fc
 --- nsaserefpolicy/policy/modules/admin/alsa.fc	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/alsa.fc	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/alsa.fc	2007-04-23 13:12:09.000000000 -0400
 @@ -1,4 +1,5 @@
  
  /etc/alsa/pcm(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -155,14 +163,14 @@
  /usr/bin/ainit 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.1/policy/modules/admin/amtu.fc
 --- nsaserefpolicy/policy/modules/admin/amtu.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/amtu.fc	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/amtu.fc	2007-04-23 13:12:09.000000000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/bin/amtu    --    gen_context(system_u:object_r:amtu_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.6.1/policy/modules/admin/amtu.if
 --- nsaserefpolicy/policy/modules/admin/amtu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/amtu.if	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/amtu.if	2007-04-23 13:12:09.000000000 -0400
 @@ -0,0 +1,53 @@
 +## <summary>
 +##	abstract Machine Test Utility 
@@ -219,7 +227,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.1/policy/modules/admin/amtu.te
 --- nsaserefpolicy/policy/modules/admin/amtu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/amtu.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/amtu.te	2007-04-23 13:12:09.000000000 -0400
 @@ -0,0 +1,56 @@
 +policy_module(amtu,1.0.23)
 +
@@ -279,7 +287,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.1/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/bootloader.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/bootloader.te	2007-04-23 13:12:09.000000000 -0400
 @@ -65,6 +65,8 @@
  files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
  # for tune2fs (cjp: ?)
@@ -299,7 +307,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.1/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/consoletype.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/consoletype.te	2007-04-23 13:12:09.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -333,7 +341,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.1/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/dmesg.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/dmesg.te	2007-04-23 13:12:09.000000000 -0400
 @@ -10,6 +10,7 @@
  	type dmesg_t;
  	type dmesg_exec_t;
@@ -344,7 +352,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.1/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/kudzu.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/kudzu.te	2007-04-23 13:12:09.000000000 -0400
 @@ -21,8 +21,8 @@
  # Local policy
  #
@@ -365,10 +373,30 @@
  # kudzu will telinit to make init re-read
  # the inittab after configuring serial consoles
  init_telinit(kudzu_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.1/policy/modules/admin/logrotate.te
+--- nsaserefpolicy/policy/modules/admin/logrotate.te	2007-03-26 10:39:08.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/logrotate.te	2007-04-23 15:49:39.000000000 -0400
+@@ -75,6 +75,7 @@
+ mls_file_read_up(logrotate_t)
+ mls_file_write_down(logrotate_t)
+ mls_file_upgrade(logrotate_t)
++mls_process_write_down(logrotate_t)
+ 
+ selinux_get_fs_mount(logrotate_t)
+ selinux_get_enforce_mode(logrotate_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.1/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/logwatch.te	2007-04-23 09:53:18.000000000 -0400
-@@ -95,6 +95,10 @@
++++ serefpolicy-2.6.1/policy/modules/admin/logwatch.te	2007-04-25 14:29:50.000000000 -0400
+@@ -63,6 +63,8 @@
+ files_search_mnt(logwatch_t)
+ files_dontaudit_search_home(logwatch_t)
+ files_dontaudit_search_boot(logwatch_t)
++# Execs df and if file system mounted with a context avc raised
++files_search_all_dirs(logwatch_t)
+ 
+ fs_getattr_all_fs(logwatch_t)
+ fs_dontaudit_list_auto_mountpoints(logwatch_t)
+@@ -95,6 +97,10 @@
  ')
  
  optional_policy(`
@@ -381,7 +409,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.1/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/netutils.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/netutils.te	2007-04-23 13:12:09.000000000 -0400
 @@ -31,6 +31,7 @@
  type traceroute_t;
  type traceroute_exec_t;
@@ -418,7 +446,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.1/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/readahead.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/readahead.te	2007-04-23 13:12:09.000000000 -0400
 @@ -36,7 +36,7 @@
  dev_dontaudit_read_all_blk_files(readahead_t)
  dev_dontaudit_getattr_memory_dev(readahead_t)
@@ -438,7 +466,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.6.1/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/admin/rpm.fc	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/rpm.fc	2007-04-23 13:12:09.000000000 -0400
 @@ -21,6 +21,9 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -451,7 +479,7 @@
[...1642 lines suppressed...]
  ')
-@@ -637,6 +637,8 @@
+@@ -637,6 +638,8 @@
  		type selinux_config_t;
  	')
  
@@ -5907,7 +6167,7 @@
  	files_search_etc($1)
  	allow $1 selinux_config_t:dir list_dir_perms;
  	read_files_pattern($1,selinux_config_t,selinux_config_t)
-@@ -682,6 +684,7 @@
+@@ -682,6 +685,7 @@
  	')
  
  	files_search_etc($1)
@@ -5917,7 +6177,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.6.1/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/selinuxutil.te	2007-04-23 09:55:33.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/selinuxutil.te	2007-04-23 16:56:36.000000000 -0400
 @@ -1,10 +1,8 @@
  
  policy_module(selinuxutil,1.5.0)
@@ -6004,7 +6264,15 @@
  	')
  ')
  
-@@ -310,15 +310,13 @@
+@@ -281,6 +281,7 @@
+ term_dontaudit_use_unallocated_ttys(newrole_t)
+ 
+ auth_domtrans_chk_passwd(newrole_t)
++auth_domtrans_upd_passwd(newrole_t)
+ auth_rw_faillog(newrole_t)
+ 
+ corecmd_list_bin(newrole_t)
+@@ -310,15 +311,13 @@
  userdom_dontaudit_search_all_users_home_content(newrole_t)
  userdom_search_all_users_home_dirs(newrole_t)
  
@@ -6027,7 +6295,7 @@
  
  tunable_policy(`allow_polyinstantiation',`
  	files_polyinstantiate_all(newrole_t)
-@@ -426,6 +424,10 @@
+@@ -426,6 +425,10 @@
  	hotplug_use_fds(restorecon_t)
  ')
  
@@ -6038,7 +6306,15 @@
  ########################################
  #
  # Restorecond local policy
-@@ -571,7 +573,10 @@
+@@ -504,6 +507,7 @@
+ term_dontaudit_list_ptys(run_init_t)
+ 
+ auth_domtrans_chk_passwd(run_init_t)
++auth_domtrans_upd_passwd(run_init_t)
+ auth_dontaudit_read_shadow(run_init_t)
+ 
+ corecmd_exec_bin(run_init_t)
+@@ -571,7 +575,10 @@
  kernel_read_system_state(semanage_t)
  kernel_read_kernel_sysctls(semanage_t)
  
@@ -6049,7 +6325,7 @@
  
  dev_read_urand(semanage_t)
  
-@@ -621,6 +626,15 @@
+@@ -621,6 +628,15 @@
  
  userdom_search_sysadm_home_dirs(semanage_t)
  
@@ -6065,7 +6341,7 @@
  # cjp: need a more general way to handle this:
  ifdef(`enable_mls',`
  	# read secadm tmp files
-@@ -700,6 +714,8 @@
+@@ -700,6 +716,8 @@
  ifdef(`hide_broken_symptoms',`
  	# cjp: cover up stray file descriptors.
  	optional_policy(`
@@ -6077,7 +6353,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.6.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/sysnetwork.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/sysnetwork.te	2007-04-23 13:12:09.000000000 -0400
 @@ -164,6 +164,8 @@
  	dbus_connect_system_bus(dhcpc_t)
  	dbus_send_system_bus(dhcpc_t)
@@ -6097,7 +6373,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.1/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/udev.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/udev.te	2007-04-23 13:12:09.000000000 -0400
 @@ -83,12 +83,19 @@
  kernel_dgram_send(udev_t)
  kernel_signal(udev_t)
@@ -6131,7 +6407,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.6.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/system/unconfined.fc	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/unconfined.fc	2007-04-23 13:12:09.000000000 -0400
 @@ -10,4 +10,5 @@
  /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
  /usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -6140,7 +6416,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.6.1/policy/modules/system/unconfined.if	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/unconfined.if	2007-04-23 13:12:09.000000000 -0400
 @@ -18,7 +18,7 @@
  	')
  
@@ -6167,7 +6443,7 @@
  	corenet_unconfined($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/unconfined.te	2007-04-23 09:55:46.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/unconfined.te	2007-04-23 13:12:09.000000000 -0400
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -6233,7 +6509,7 @@
  		init_dbus_chat_script(unconfined_execmem_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/userdomain.if	2007-04-23 12:53:48.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/userdomain.if	2007-04-23 13:12:09.000000000 -0400
 @@ -114,6 +114,10 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
@@ -6689,7 +6965,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.1/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/userdomain.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/userdomain.te	2007-04-25 10:05:02.000000000 -0400
 @@ -15,7 +15,6 @@
  # Declarations
  #
@@ -6844,7 +7120,7 @@
  
  	# compatibility for switching from strict
  #	dominance { role secadm_r { role system_r; }}
-@@ -548,4 +572,9 @@
+@@ -548,4 +572,13 @@
  	optional_policy(`
  		samba_per_role_template(user)
  	')
@@ -6853,10 +7129,14 @@
 +		gnome_per_role_template(user, user_t, user_r)
 +	')
 +
++')
++
++tunable_policy(`allow_console_login', `
++	term_use_console(userdomain)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.1/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/xen.te	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/xen.te	2007-04-23 13:12:09.000000000 -0400
 @@ -25,6 +25,10 @@
  domain_type(xend_t)
  init_daemon_domain(xend_t, xend_exec_t)
@@ -6941,7 +7221,7 @@
 +fs_read_dos_files(xend_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.6.1/policy/support/obj_perm_sets.spt	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/policy/support/obj_perm_sets.spt	2007-04-23 13:12:09.000000000 -0400
 @@ -215,7 +215,7 @@
  define(`getattr_file_perms',`{ getattr }')
  define(`setattr_file_perms',`{ setattr }')
@@ -6967,7 +7247,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.1/Rules.modular
 --- nsaserefpolicy/Rules.modular	2007-03-22 14:30:10.000000000 -0400
-+++ serefpolicy-2.6.1/Rules.modular	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/Rules.modular	2007-04-23 13:12:09.000000000 -0400
 @@ -167,7 +167,7 @@
  # these have to run individually because order matters:
  	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -6996,7 +7276,7 @@
  clean:
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/VERSION serefpolicy-2.6.1/VERSION
 --- nsaserefpolicy/VERSION	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/VERSION	2007-04-23 09:53:18.000000000 -0400
++++ serefpolicy-2.6.1/VERSION	2007-04-23 13:12:09.000000000 -0400
 @@ -1 +1 @@
 -20070417
 +20061212


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.443
retrieving revision 1.444
diff -u -r1.443 -r1.444
--- selinux-policy.spec	23 Apr 2007 17:00:48 -0000	1.443
+++ selinux-policy.spec	25 Apr 2007 18:31:32 -0000	1.444
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -358,6 +358,10 @@
 %endif
 
 %changelog
+* Wed Apr 25 2007 Dan Walsh <dwalsh redhat com> 2.6.1-2
+- Fixes for unix_update
+- Fix logwatch to be able to search all dirs
+
 * Mon Apr 23 2007 Dan Walsh <dwalsh redhat com> 2.6.1-1
 - Upstream bumped the version
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]