rpms/selinux-policy/devel policy-20070219.patch,1.60,1.61
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 26 00:26:57 UTC 2007
- Previous message (by thread): rpms/jakarta-commons-modeler/devel .cvsignore, 1.4, 1.5 jakarta-commons-modeler.spec, 1.35, 1.36 sources, 1.2, 1.3
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.149, 1.150 policycoreutils.spec, 1.407, 1.408 sources, 1.154, 1.155
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14701
Modified Files:
policy-20070219.patch
Log Message:
* Wed Apr 25 2007 Dan Walsh <dwalsh at redhat.com> 2.6.1-2
- Fixes for unix_update
- Fix logwatch to be able to search all dirs
policy-20070219.patch:
Rules.modular | 12 +
VERSION | 2
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 15 -
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/alsa.fc | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 +++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/bootloader.te | 3
policy/modules/admin/consoletype.te | 10 -
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 6
policy/modules/admin/logrotate.te | 1
policy/modules/admin/logwatch.te | 6
policy/modules/admin/netutils.te | 6
policy/modules/admin/readahead.te | 6
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 85 +++++++--
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.if | 1
policy/modules/admin/usermanage.if | 2
policy/modules/admin/usermanage.te | 27 +++
policy/modules/apps/gnome.if | 26 ++
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +---
policy/modules/apps/mozilla.if | 1
policy/modules/apps/slocate.te | 5
policy/modules/apps/uml.if | 27 ---
policy/modules/kernel/corecommands.fc | 5
policy/modules/kernel/corecommands.if | 20 ++
policy/modules/kernel/corenetwork.te.in | 15 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 46 +++++
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 83 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 19 ++
policy/modules/kernel/kernel.if | 42 ++++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 21 ++
policy/modules/kernel/terminal.te | 1
policy/modules/services/aide.fc | 1
policy/modules/services/aide.te | 2
policy/modules/services/amavis.if | 19 ++
policy/modules/services/amavis.te | 3
policy/modules/services/apache.fc | 14 -
policy/modules/services/apache.if | 171 ++++++++++++++++++-
policy/modules/services/apache.te | 79 ++++++++
policy/modules/services/apcupsd.fc | 9 +
policy/modules/services/apcupsd.if | 108 ++++++++++++
policy/modules/services/apcupsd.te | 92 ++++++++++
policy/modules/services/automount.te | 2
policy/modules/services/avahi.if | 19 ++
policy/modules/services/avahi.te | 4
policy/modules/services/bind.te | 1
policy/modules/services/bluetooth.te | 2
policy/modules/services/clamav.te | 1
policy/modules/services/clockspeed.if | 2
policy/modules/services/consolekit.te | 33 ++-
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 46 ++++-
policy/modules/services/cups.te | 6
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 63 +++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 5
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 8
policy/modules/services/hal.if | 77 ++++++++
policy/modules/services/hal.te | 147 ++++++++++++++++
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 79 ++------
policy/modules/services/kerberos.te | 34 +++
policy/modules/services/mailman.if | 19 ++
policy/modules/services/mta.if | 19 ++
policy/modules/services/mta.te | 2
policy/modules/services/nis.if | 4
policy/modules/services/nis.te | 4
policy/modules/services/nscd.te | 10 +
policy/modules/services/ntp.te | 4
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 6
policy/modules/services/postfix.if | 1
policy/modules/services/postfix.te | 8
policy/modules/services/ppp.te | 2
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 7
policy/modules/services/radius.te | 4
policy/modules/services/rlogin.te | 1
policy/modules/services/rpc.if | 5
policy/modules/services/rpc.te | 1
policy/modules/services/rpcbind.fc | 6
policy/modules/services/rpcbind.if | 104 +++++++++++
policy/modules/services/rpcbind.te | 83 +++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/rwho.fc | 3
policy/modules/services/rwho.if | 84 +++++++++
policy/modules/services/rwho.te | 61 ++++++
policy/modules/services/samba.fc | 3
policy/modules/services/samba.if | 86 +++++++++
policy/modules/services/samba.te | 87 +++++++++
policy/modules/services/sasl.te | 1
policy/modules/services/sendmail.if | 22 ++
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.te | 15 +
policy/modules/services/spamassassin.te | 11 -
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 9 -
policy/modules/services/w3c.fc | 2
policy/modules/services/w3c.if | 1
policy/modules/services/w3c.te | 14 +
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 104 +++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.fc | 1
policy/modules/system/authlogin.if | 141 ++++++++++++++-
policy/modules/system/authlogin.te | 36 ++++
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 50 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 42 ++++
policy/modules/system/init.te | 35 +++
policy/modules/system/ipsec.if | 20 ++
policy/modules/system/ipsec.te | 3
policy/modules/system/iptables.te | 5
policy/modules/system/libraries.fc | 5
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 12 +
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 2
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 8
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 70 +++++++
policy/modules/system/raid.te | 1
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 6
policy/modules/system/selinuxutil.te | 70 ++++---
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 12 +
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.if | 10 -
policy/modules/system/unconfined.te | 24 ++
policy/modules/system/userdomain.if | 284 +++++++++++++++++++-------------
policy/modules/system/userdomain.te | 81 +++++----
policy/modules/system/xen.te | 35 +++
policy/support/obj_perm_sets.spt | 12 +
168 files changed, 3489 insertions(+), 465 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- policy-20070219.patch 25 Apr 2007 18:31:32 -0000 1.60
+++ policy-20070219.patch 26 Apr 2007 00:26:55 -0000 1.61
@@ -386,13 +386,13 @@
selinux_get_enforce_mode(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.1/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/admin/logwatch.te 2007-04-25 14:29:50.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/admin/logwatch.te 2007-04-25 19:20:38.000000000 -0400
@@ -63,6 +63,8 @@
files_search_mnt(logwatch_t)
files_dontaudit_search_home(logwatch_t)
files_dontaudit_search_boot(logwatch_t)
+# Execs df and if file system mounted with a context avc raised
-+files_search_all_dirs(logwatch_t)
++files_search_all(logwatch_t)
fs_getattr_all_fs(logwatch_t)
fs_dontaudit_list_auto_mountpoints(logwatch_t)
@@ -1410,7 +1410,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.1/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-04-23 09:35:56.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/kernel/filesystem.te 2007-04-23 13:12:09.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/kernel/filesystem.te 2007-04-25 20:11:39.000000000 -0400
@@ -54,17 +54,30 @@
type capifs_t;
@@ -1442,6 +1442,19 @@
type futexfs_t;
fs_type(futexfs_t)
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
+@@ -83,6 +96,12 @@
+ fs_type(inotifyfs_t)
+ genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
+
++type mvfs_t;
++fs_type(mvfs_t)
++fs_noxattr_type(mvfs_t)
++allow mvfs_t self:filesystem associate;
++genfscon mvfs / gen_context(system_u:object_r:mvfs_t,s0)
++
+ type nfsd_fs_t;
+ fs_type(nfsd_fs_t)
+ genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.1/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-02-19 11:32:51.000000000 -0500
+++ serefpolicy-2.6.1/policy/modules/kernel/kernel.if 2007-04-23 13:12:09.000000000 -0400
@@ -4618,12 +4631,12 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.6.1/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-04-23 09:36:01.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/services/sasl.te 2007-04-25 08:58:33.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/services/sasl.te 2007-04-25 20:21:04.000000000 -0400
@@ -63,6 +63,7 @@
selinux_compute_access_vector(saslauthd_t)
auth_domtrans_chk_passwd(saslauthd_t)
-+auth_domtrans_udp_passwd(saslauthd_t)
++auth_domtrans_upd_passwd(saslauthd_t)
auth_use_nsswitch(saslauthd_t)
domain_use_interactive_fds(saslauthd_t)
@@ -4714,7 +4727,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.6.1/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-04-23 09:36:01.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/services/spamassassin.te 2007-04-23 13:12:09.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/services/spamassassin.te 2007-04-25 19:53:11.000000000 -0400
@@ -6,14 +6,12 @@
# Declarations
#
@@ -4756,6 +4769,17 @@
corenet_sendrecv_razor_client_packets(spamd_t)
corenet_sendrecv_spamd_server_packets(spamd_t)
# spamassassin 3.1 needs this for its
+@@ -192,6 +191,10 @@
+ ')
+
+ optional_policy(`
++ mysql_stream_connect(spamd_t)
++')
++
++optional_policy(`
+ nis_use_ypbind(spamd_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.6.1/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500
+++ serefpolicy-2.6.1/policy/modules/services/squid.fc 2007-04-23 13:12:09.000000000 -0400
@@ -5089,7 +5113,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.1/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-03-26 10:39:07.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/authlogin.if 2007-04-24 09:13:47.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/authlogin.if 2007-04-25 20:19:29.000000000 -0400
@@ -152,21 +152,12 @@
## </param>
#
@@ -5137,7 +5161,7 @@
# for SSP/ProPolice
dev_read_urand($1)
-@@ -211,9 +208,12 @@
+@@ -211,9 +208,11 @@
auth_read_login_records($1)
auth_append_login_records($1)
auth_rw_lastlog($1)
@@ -5145,13 +5169,12 @@
+ auth_rw_faillog($1)
auth_exec_pam($1)
-+ files_dontaudit_rw_etc_dirs($1)
+ auth_domtrans_upd_passwd($1)
+
init_rw_utmp($1)
logging_send_syslog_msg($1)
-@@ -221,6 +221,7 @@
+@@ -221,6 +220,7 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -5159,7 +5182,7 @@
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -1391,3 +1392,114 @@
+@@ -1391,3 +1391,114 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -5239,7 +5262,7 @@
+ allow updpwd_t $1:fd use;
+ allow updpwd_t $1:fifo_file rw_file_perms;
+ allow updpwd_t $1:process sigchld;
-+ dontaudit $2 shadow_t:file { getattr read };
++ auth_dontaudit_read_shadow($1)
+
+')
+
@@ -6509,8 +6532,8 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/userdomain.if 2007-04-23 13:12:09.000000000 -0400
-@@ -114,6 +114,10 @@
++++ serefpolicy-2.6.1/policy/modules/system/userdomain.if 2007-04-25 19:40:17.000000000 -0400
+@@ -114,6 +114,18 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
')
@@ -6518,18 +6541,27 @@
+ optional_policy(`
+ ssh_rw_stream_sockets($1_t)
+ ')
++
++ optional_policy(`
++ consoletype_exec($1_t)
++ ')
++
++ optional_policy(`
++ hostname_exec($1_t)
++ ')
')
#######################################
-@@ -764,6 +768,7 @@
+@@ -764,6 +776,8 @@
auth_search_pam_console_data($1_t)
auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
++ auth_run_upd_passwd($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+ auth_read_key($1_t)
init_read_utmp($1_t)
# The library functions always try to open read-write first,
-@@ -992,7 +997,7 @@
+@@ -992,7 +1006,7 @@
manage_fifo_files_pattern(privhome,{ $1_home_dir_t $1_home_t },$1_home_t)
filetrans_pattern(privhome,$1_home_dir_t,$1_home_t,{ dir file lnk_file sock_file fifo_file })
@@ -6538,7 +6570,7 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-@@ -1059,10 +1064,6 @@
+@@ -1059,10 +1073,6 @@
dontaudit xdm_t $1_home_t:file rw_file_perms;
')
@@ -6549,7 +6581,7 @@
') dnl end TODO
')
-@@ -1126,7 +1127,7 @@
+@@ -1126,7 +1136,7 @@
# $1_t local policy
#
@@ -6558,7 +6590,7 @@
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
-@@ -1353,11 +1354,7 @@
+@@ -1353,11 +1363,7 @@
## <rolecap/>
#
template(`userdom_role_change_generic_user',`
@@ -6571,7 +6603,7 @@
')
########################################
-@@ -1384,11 +1381,7 @@
+@@ -1384,11 +1390,7 @@
## <rolecap/>
#
template(`userdom_role_change_from_generic_user',`
@@ -6584,7 +6616,7 @@
')
########################################
-@@ -1414,11 +1407,7 @@
+@@ -1414,11 +1416,7 @@
## <rolecap/>
#
template(`userdom_role_change_staff',`
@@ -6597,7 +6629,7 @@
')
########################################
-@@ -1445,11 +1434,7 @@
+@@ -1445,11 +1443,7 @@
## <rolecap/>
#
template(`userdom_role_change_from_staff',`
@@ -6610,7 +6642,7 @@
')
########################################
-@@ -1475,11 +1460,7 @@
+@@ -1475,11 +1469,7 @@
## <rolecap/>
#
template(`userdom_role_change_sysadm',`
@@ -6623,7 +6655,7 @@
')
########################################
-@@ -1506,11 +1487,7 @@
+@@ -1506,11 +1496,7 @@
## <rolecap/>
#
template(`userdom_role_change_from_sysadm',`
@@ -6636,7 +6668,7 @@
')
########################################
-@@ -1698,13 +1675,11 @@
+@@ -1698,13 +1684,11 @@
## </param>
#
template(`userdom_setattr_user_ptys',`
@@ -6654,7 +6686,7 @@
')
########################################
-@@ -1733,13 +1708,11 @@
+@@ -1733,13 +1717,11 @@
## </param>
#
template(`userdom_create_user_pty',`
@@ -6672,7 +6704,7 @@
')
########################################
-@@ -3624,13 +3597,12 @@
+@@ -3624,13 +3606,12 @@
template(`userdom_setattr_user_ttys',`
ifdef(`targeted_policy',`
term_setattr_unallocated_ttys($2)
@@ -6691,7 +6723,7 @@
')
########################################
-@@ -3661,13 +3633,12 @@
+@@ -3661,13 +3642,12 @@
template(`userdom_use_user_ttys',`
ifdef(`targeted_policy',`
term_use_unallocated_ttys($2)
@@ -6710,7 +6742,7 @@
')
########################################
-@@ -3696,18 +3667,13 @@
+@@ -3696,18 +3676,13 @@
## </param>
#
template(`userdom_use_user_terminals',`
@@ -6735,7 +6767,7 @@
')
########################################
-@@ -5353,14 +5319,13 @@
+@@ -5353,14 +5328,13 @@
interface(`userdom_use_unpriv_users_ptys',`
ifdef(`targeted_policy',`
term_use_generic_ptys($1)
@@ -6756,7 +6788,7 @@
')
########################################
-@@ -5377,13 +5342,13 @@
+@@ -5377,13 +5351,13 @@
interface(`userdom_dontaudit_use_unpriv_users_ptys',`
ifdef(`targeted_policy',`
term_dontaudit_use_generic_ptys($1)
@@ -6775,7 +6807,7 @@
')
########################################
-@@ -5436,13 +5401,12 @@
+@@ -5436,13 +5410,12 @@
interface(`userdom_list_unpriv_users_tmp',`
ifdef(`targeted_policy',`
files_list_tmp($1)
@@ -6794,7 +6826,7 @@
')
########################################
-@@ -5458,13 +5422,12 @@
+@@ -5458,13 +5431,12 @@
interface(`userdom_read_unpriv_users_tmp_files',`
ifdef(`targeted_policy',`
files_read_generic_tmp_files($1)
@@ -6813,7 +6845,7 @@
')
########################################
-@@ -5480,13 +5443,12 @@
+@@ -5480,13 +5452,12 @@
interface(`userdom_read_unpriv_users_tmp_symlinks',`
ifdef(`targeted_policy',`
files_read_generic_tmp_symlinks($1)
@@ -6832,7 +6864,7 @@
')
########################################
-@@ -5520,13 +5482,12 @@
+@@ -5520,13 +5491,12 @@
interface(`userdom_use_unpriv_users_ttys',`
ifdef(`targeted_policy',`
term_use_unallocated_ttys($1)
@@ -6851,7 +6883,7 @@
')
########################################
-@@ -5543,13 +5504,12 @@
+@@ -5543,13 +5513,12 @@
interface(`userdom_dontaudit_use_unpriv_users_ttys',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys($1)
@@ -6870,7 +6902,7 @@
')
########################################
-@@ -5721,3 +5681,92 @@
+@@ -5721,3 +5690,92 @@
allow $1 user_home_dir_t:dir manage_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -6965,7 +6997,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.1/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.1/policy/modules/system/userdomain.te 2007-04-25 10:05:02.000000000 -0400
++++ serefpolicy-2.6.1/policy/modules/system/userdomain.te 2007-04-25 19:18:21.000000000 -0400
@@ -15,7 +15,6 @@
# Declarations
#
@@ -7044,10 +7076,18 @@
apache_run_helper(sysadm_t,sysadm_r,admin_terminal)
#apache_run_all_scripts(sysadm_t,sysadm_r)
#apache_domtrans_sys_script(sysadm_t)
-@@ -294,10 +321,6 @@
+@@ -286,18 +313,6 @@
')
optional_policy(`
+- consoletype_exec(sysadm_t)
+-
+- ifdef(`enable_mls',`
+- consoletype_exec(auditadm_t)
+- ')
+- ')
+-
+- optional_policy(`
- cron_admin_template(sysadm,sysadm_t,sysadm_r)
- ')
-
@@ -7055,7 +7095,7 @@
dcc_run_cdcc(sysadm_t,sysadm_r,admin_terminal)
dcc_run_client(sysadm_t,sysadm_r,admin_terminal)
dcc_run_dbclean(sysadm_t,sysadm_r,admin_terminal)
-@@ -325,7 +348,6 @@
+@@ -325,7 +340,6 @@
optional_policy(`
ethereal_run_tethereal(sysadm_t,sysadm_r,admin_terminal)
@@ -7063,7 +7103,7 @@
')
optional_policy(`
-@@ -368,7 +390,6 @@
+@@ -368,7 +382,6 @@
optional_policy(`
lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal)
@@ -7071,7 +7111,7 @@
')
optional_policy(`
-@@ -386,11 +407,11 @@
+@@ -386,11 +399,11 @@
')
optional_policy(`
@@ -7085,7 +7125,7 @@
')
optional_policy(`
-@@ -452,6 +473,9 @@
+@@ -452,6 +465,9 @@
ifdef(`enable_mls',`
userdom_security_admin_template(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
@@ -7095,7 +7135,7 @@
', `
userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -504,15 +528,15 @@
+@@ -504,15 +520,15 @@
unconfined_alias_domain(sysadm_t)
# User home directory type.
@@ -7120,7 +7160,7 @@
# compatibility for switching from strict
# dominance { role secadm_r { role system_r; }}
-@@ -548,4 +572,13 @@
+@@ -548,4 +564,13 @@
optional_policy(`
samba_per_role_template(user)
')
- Previous message (by thread): rpms/jakarta-commons-modeler/devel .cvsignore, 1.4, 1.5 jakarta-commons-modeler.spec, 1.35, 1.36 sources, 1.2, 1.3
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.149, 1.150 policycoreutils.spec, 1.407, 1.408 sources, 1.154, 1.155
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list