rpms/selinux-policy/devel policy-20070102.patch,1.16,1.17
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Feb 2 12:20:03 UTC 2007
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.196, 1.197 glibc-fedora.patch, 1.212, 1.213 glibc.spec, 1.294, 1.295 sources, 1.220, 1.221
- Next message (by thread): rpms/tetex/devel tetex-3.0-CVE-2007-0650.patch, NONE, 1.1 tetex.spec, 1.105, 1.106
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4349
Modified Files:
policy-20070102.patch
Log Message:
* Thu Feb 1 2007 Dan Walsh <dwalsh at redhat.com> 2.5.2-4
- Fix spamassisin so crond can update spam files
- Fixes to allow kpasswd to work
- Fixes for bluetooth
policy-20070102.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 1
config/appconfig-strict-mls/seusers | 1
config/appconfig-strict/seusers | 1
man/man8/httpd_selinux.8 | 88 ++--
man/man8/kerberos_selinux.8 | 24 -
man/man8/named_selinux.8 | 21 -
man/man8/rsync_selinux.8 | 19 -
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 128 ++++--
policy/mls | 31 +
policy/modules/admin/acct.te | 1
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 5
policy/modules/admin/consoletype.te | 13
policy/modules/admin/dmesg.te | 1
policy/modules/admin/logwatch.te | 5
policy/modules/admin/netutils.te | 1
policy/modules/admin/prelink.te | 7
policy/modules/admin/quota.fc | 7
policy/modules/admin/quota.te | 20 -
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 24 +
policy/modules/admin/rpm.te | 18
policy/modules/admin/su.if | 28 +
policy/modules/admin/su.te | 2
policy/modules/admin/sudo.if | 11
policy/modules/admin/usermanage.te | 23 +
policy/modules/admin/vpn.te | 1
policy/modules/apps/ethereal.if | 4
policy/modules/apps/evolution.if | 135 ++++++-
policy/modules/apps/games.if | 4
policy/modules/apps/gnome.fc | 2
policy/modules/apps/gnome.if | 98 +++++
policy/modules/apps/gnome.te | 5
policy/modules/apps/gpg.fc | 2
policy/modules/apps/gpg.if | 1
policy/modules/apps/java.if | 33 +
policy/modules/apps/java.te | 2
policy/modules/apps/loadkeys.if | 44 --
policy/modules/apps/loadkeys.te | 13
policy/modules/apps/mozilla.if | 254 +++++++++++--
policy/modules/apps/mplayer.if | 83 ++++
policy/modules/apps/mplayer.te | 1
policy/modules/apps/slocate.if | 20 +
policy/modules/apps/slocate.te | 3
policy/modules/apps/thunderbird.if | 112 ++++-
policy/modules/apps/tvtime.if | 3
policy/modules/apps/uml.if | 5
policy/modules/apps/userhelper.if | 19 -
policy/modules/apps/vmware.if | 4
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corecommands.fc | 10
policy/modules/kernel/corecommands.if | 72 +++
policy/modules/kernel/corenetwork.if.in | 81 ++++
policy/modules/kernel/corenetwork.te.in | 16
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 2
policy/modules/kernel/devices.if | 18
policy/modules/kernel/devices.te | 1
policy/modules/kernel/domain.if | 56 ++
policy/modules/kernel/domain.te | 22 +
policy/modules/kernel/files.if | 198 ++++++++++
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 3
policy/modules/kernel/kernel.if | 64 +++
policy/modules/kernel/kernel.te | 6
policy/modules/kernel/mls.if | 20 +
policy/modules/kernel/mls.te | 3
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 20 +
policy/modules/kernel/terminal.te | 5
policy/modules/services/apache.fc | 15
policy/modules/services/apache.if | 139 +++++++
policy/modules/services/apache.te | 11
policy/modules/services/apm.te | 3
policy/modules/services/automount.fc | 1
policy/modules/services/automount.te | 9
policy/modules/services/bluetooth.te | 3
policy/modules/services/ccs.fc | 1
policy/modules/services/ccs.te | 19 -
policy/modules/services/clamav.te | 2
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 86 ++--
policy/modules/services/cron.te | 44 ++
policy/modules/services/cups.te | 5
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 64 +++
policy/modules/services/dhcp.te | 2
policy/modules/services/ftp.if | 4
policy/modules/services/ftp.te | 13
policy/modules/services/hal.if | 38 ++
policy/modules/services/hal.te | 2
policy/modules/services/inetd.te | 31 +
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.if | 2
policy/modules/services/kerberos.te | 5
policy/modules/services/ktalk.fc | 3
policy/modules/services/ktalk.te | 5
policy/modules/services/lpd.if | 52 +-
policy/modules/services/mta.if | 9
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.fc | 2
policy/modules/services/nis.if | 5
policy/modules/services/nis.te | 10
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 15
policy/modules/services/openvpn.te | 4
policy/modules/services/pcscd.fc | 9
policy/modules/services/pcscd.if | 58 +++
policy/modules/services/pcscd.te | 78 ++++
policy/modules/services/pegasus.if | 27 +
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.fc | 1
policy/modules/services/postfix.te | 2
policy/modules/services/procmail.te | 4
policy/modules/services/pyzor.if | 4
policy/modules/services/pyzor.te | 4
policy/modules/services/radvd.te | 2
policy/modules/services/razor.if | 9
policy/modules/services/razor.te | 2
policy/modules/services/rhgb.if | 76 ++++
policy/modules/services/rhgb.te | 3
policy/modules/services/ricci.te | 26 +
policy/modules/services/rlogin.te | 10
policy/modules/services/rpc.fc | 1
policy/modules/services/rpc.te | 24 +
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 2
policy/modules/services/sendmail.te | 4
policy/modules/services/setroubleshoot.if | 20 +
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.if | 17
policy/modules/services/snmp.te | 1
policy/modules/services/spamassassin.fc | 1
policy/modules/services/spamassassin.if | 28 +
policy/modules/services/spamassassin.te | 16
policy/modules/services/squid.fc | 1
policy/modules/services/squid.if | 2
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 79 +++-
policy/modules/services/ssh.te | 161 ++++----
policy/modules/services/uucp.te | 2
policy/modules/services/xserver.fc | 2
policy/modules/services/xserver.if | 153 +++++++-
policy/modules/services/xserver.te | 20 -
policy/modules/system/authlogin.if | 91 ++++
policy/modules/system/authlogin.te | 3
policy/modules/system/clock.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 6
policy/modules/system/getty.te | 14
policy/modules/system/hostname.te | 14
policy/modules/system/init.if | 23 +
policy/modules/system/init.te | 37 +
policy/modules/system/ipsec.fc | 6
policy/modules/system/ipsec.if | 100 +++++
policy/modules/system/ipsec.te | 105 +++++
policy/modules/system/iptables.te | 9
policy/modules/system/libraries.fc | 4
policy/modules/system/locallogin.te | 6
policy/modules/system/logging.te | 13
policy/modules/system/lvm.if | 23 +
policy/modules/system/lvm.te | 37 +
policy/modules/system/miscfiles.fc | 2
policy/modules/system/miscfiles.if | 79 ++++
policy/modules/system/modutils.te | 14
policy/modules/system/mount.te | 10
policy/modules/system/raid.te | 4
policy/modules/system/selinuxutil.fc | 2
policy/modules/system/selinuxutil.if | 115 ++++++
policy/modules/system/selinuxutil.te | 138 ++-----
policy/modules/system/sysnetwork.te | 3
policy/modules/system/tzdata.fc | 3
policy/modules/system/tzdata.if | 19 +
policy/modules/system/tzdata.te | 41 ++
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.if | 2
policy/modules/system/unconfined.te | 20 +
policy/modules/system/userdomain.fc | 7
policy/modules/system/userdomain.if | 567 ++++++++++++++++++++++++------
policy/modules/system/userdomain.te | 44 +-
policy/modules/system/xen.te | 25 +
policy/support/obj_perm_sets.spt | 2
189 files changed, 4298 insertions(+), 783 deletions(-)
Index: policy-20070102.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070102.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20070102.patch 1 Feb 2007 21:40:50 -0000 1.16
+++ policy-20070102.patch 2 Feb 2007 12:20:00 -0000 1.17
@@ -4419,7 +4419,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.5.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cron.te 2007-02-01 15:48:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cron.te 2007-02-01 15:59:18.000000000 -0500
@@ -11,9 +11,6 @@
#
attribute cron_spool_type;
@@ -6088,7 +6088,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.5.2/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.fc 2007-02-01 15:45:51.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.fc 2007-02-01 15:50:05.000000000 -0500
@@ -7,6 +7,7 @@
/usr/sbin/spamd -- gen_context(system_u:object_r:spamd_exec_t,s0)
@@ -6099,7 +6099,7 @@
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-2.5.2/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.if 2007-02-01 15:47:38.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.if 2007-02-01 15:53:42.000000000 -0500
@@ -35,6 +35,12 @@
# toggled on activation of spamc, and similarly for spamd.
template(`spamassassin_per_role_template',`
@@ -6141,7 +6141,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.5.2/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.te 2007-02-01 15:45:17.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.te 2007-02-02 06:40:31.000000000 -0500
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -6180,7 +6180,7 @@
+files_read_var_lib_files(spamd_t)
+
+# var/lib files for spamd
-+read_dirs_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
++allow spamd_t spamd_var_lib_t:dir r_dir_perms;
+read_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
init_use_fds(spamd_t)
@@ -7738,7 +7738,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.5.2/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/lvm.te 2007-01-26 11:17:11.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/lvm.te 2007-02-01 16:31:20.000000000 -0500
@@ -44,14 +44,20 @@
# Cluster LVM daemon local policy
#
@@ -7773,15 +7773,16 @@
corecmd_read_sbin_symlinks(clvmd_t)
corenet_non_ipsec_sendrecv(clvmd_t)
-@@ -89,6 +97,7 @@
+@@ -89,6 +97,8 @@
fs_getattr_all_fs(clvmd_t)
fs_search_auto_mountpoints(clvmd_t)
+fs_dontaudit_list_tmpfs(clvmd_t)
++fs_dontaudit_read_removable_files(clvmd_t)
term_dontaudit_use_console(clvmd_t)
-@@ -132,6 +141,10 @@
+@@ -132,6 +142,10 @@
')
optional_policy(`
@@ -7792,7 +7793,7 @@
ricci_dontaudit_rw_modcluster_pipes(clvmd_t)
ricci_dontaudit_use_modcluster_fds(clvmd_t)
')
-@@ -147,7 +160,9 @@
+@@ -147,7 +161,9 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
# rawio needed for dmraid
@@ -7803,7 +7804,7 @@
dontaudit lvm_t self:capability sys_tty_config;
allow lvm_t self:process { sigchld sigkill sigstop signull signal };
# LVM will complain a lot if it cannot set its priority.
-@@ -156,6 +171,7 @@
+@@ -156,6 +172,7 @@
allow lvm_t self:fifo_file rw_file_perms;
allow lvm_t self:unix_dgram_socket create_socket_perms;
allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -7811,7 +7812,7 @@
manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
manage_files_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
-@@ -203,6 +219,7 @@
+@@ -203,6 +220,7 @@
selinux_compute_user_contexts(lvm_t)
dev_create_generic_chr_files(lvm_t)
@@ -7819,7 +7820,7 @@
dev_read_rand(lvm_t)
dev_read_urand(lvm_t)
dev_rw_lvm_control(lvm_t)
-@@ -228,6 +245,7 @@
+@@ -228,6 +246,7 @@
fs_list_tmpfs(lvm_t)
fs_read_tmpfs_symlinks(lvm_t)
fs_dontaudit_read_removable_files(lvm_t)
@@ -7827,7 +7828,7 @@
storage_relabel_fixed_disk(lvm_t)
storage_dontaudit_read_removable_device(lvm_t)
-@@ -240,8 +258,8 @@
+@@ -240,8 +259,8 @@
# Access raw devices and old /dev/lvm (c 109,0). Is this needed?
storage_manage_fixed_disk(lvm_t)
@@ -7838,7 +7839,7 @@
corecmd_exec_sbin(lvm_t)
-@@ -274,8 +292,8 @@
+@@ -274,8 +293,8 @@
')
ifdef(`targeted_policy', `
@@ -7849,7 +7850,7 @@
files_dontaudit_read_root_files(lvm_t)
')
-@@ -289,6 +307,12 @@
+@@ -289,6 +308,12 @@
')
optional_policy(`
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.196, 1.197 glibc-fedora.patch, 1.212, 1.213 glibc.spec, 1.294, 1.295 sources, 1.220, 1.221
- Next message (by thread): rpms/tetex/devel tetex-3.0-CVE-2007-0650.patch, NONE, 1.1 tetex.spec, 1.105, 1.106
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list