rpms/selinux-policy/devel policy-20070102.patch, 1.27, 1.28 selinux-policy.spec, 1.396, 1.397
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Feb 16 19:55:50 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv328
Modified Files:
policy-20070102.patch selinux-policy.spec
Log Message:
* Thu Feb 15 2007 Dan Walsh <dwalsh at redhat.com> 2.5.3-3
- Add sepolgen support
- Add bugzilla policy
policy-20070102.patch:
Changelog | 0
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 1
config/appconfig-strict-mls/seusers | 1
config/appconfig-strict/seusers | 1
man/man8/httpd_selinux.8 | 88 ++--
man/man8/kerberos_selinux.8 | 26 -
man/man8/named_selinux.8 | 21 -
man/man8/rsync_selinux.8 | 19 -
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 128 ++++--
policy/mls | 31 +
policy/modules/admin/acct.te | 2
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 5
policy/modules/admin/consoletype.te | 13
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 3
policy/modules/admin/logwatch.te | 5
policy/modules/admin/netutils.te | 1
policy/modules/admin/prelink.te | 8
policy/modules/admin/quota.fc | 7
policy/modules/admin/quota.te | 20 -
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 44 ++
policy/modules/admin/rpm.te | 18
policy/modules/admin/su.if | 28 +
policy/modules/admin/su.te | 2
policy/modules/admin/sudo.if | 11
policy/modules/admin/usermanage.te | 25 +
policy/modules/admin/vpn.te | 1
policy/modules/apps/ethereal.if | 4
policy/modules/apps/evolution.if | 136 ++++++-
policy/modules/apps/games.fc | 4
policy/modules/apps/games.if | 4
policy/modules/apps/gnome.fc | 2
policy/modules/apps/gnome.if | 98 +++++
policy/modules/apps/gnome.te | 5
policy/modules/apps/gpg.fc | 2
policy/modules/apps/gpg.if | 1
policy/modules/apps/java.if | 33 +
policy/modules/apps/java.te | 2
policy/modules/apps/loadkeys.if | 44 --
policy/modules/apps/loadkeys.te | 13
policy/modules/apps/mozilla.if | 255 +++++++++++--
policy/modules/apps/mplayer.if | 83 ++++
policy/modules/apps/mplayer.te | 1
policy/modules/apps/slocate.if | 20 +
policy/modules/apps/slocate.te | 3
policy/modules/apps/thunderbird.if | 113 +++++
policy/modules/apps/tvtime.if | 3
policy/modules/apps/uml.if | 5
policy/modules/apps/userhelper.if | 19 -
policy/modules/apps/vmware.if | 4
policy/modules/apps/webalizer.te | 1
policy/modules/apps/wine.fc | 1
policy/modules/kernel/corecommands.fc | 9
policy/modules/kernel/corecommands.if | 72 +++
policy/modules/kernel/corenetwork.if.in | 81 ++++
policy/modules/kernel/corenetwork.te.in | 17
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 2
policy/modules/kernel/devices.if | 18
policy/modules/kernel/devices.te | 1
policy/modules/kernel/domain.if | 56 ++
policy/modules/kernel/domain.te | 22 +
policy/modules/kernel/files.if | 236 ++++++++++++
policy/modules/kernel/filesystem.if | 41 ++
policy/modules/kernel/filesystem.te | 3
policy/modules/kernel/kernel.if | 64 +++
policy/modules/kernel/kernel.te | 6
policy/modules/kernel/mls.if | 20 +
policy/modules/kernel/mls.te | 3
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 22 +
policy/modules/kernel/terminal.te | 5
policy/modules/services/apache.fc | 20 -
policy/modules/services/apache.if | 158 ++++++++
policy/modules/services/apache.te | 27 +
policy/modules/services/apm.te | 3
policy/modules/services/automount.fc | 1
policy/modules/services/automount.te | 10
policy/modules/services/bind.te | 2
policy/modules/services/bluetooth.te | 4
policy/modules/services/ccs.fc | 1
policy/modules/services/ccs.te | 19 -
policy/modules/services/clamav.te | 2
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 86 ++--
policy/modules/services/cron.te | 44 ++
policy/modules/services/cups.te | 7
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 64 +++
policy/modules/services/dbus.te | 1
policy/modules/services/dhcp.te | 2
policy/modules/services/dovecot.te | 1
policy/modules/services/ftp.if | 4
policy/modules/services/ftp.te | 14
policy/modules/services/gpm.te | 1
policy/modules/services/hal.fc | 2
policy/modules/services/hal.if | 38 ++
policy/modules/services/hal.te | 11
policy/modules/services/inetd.te | 31 +
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.if | 2
policy/modules/services/kerberos.te | 5
policy/modules/services/ktalk.fc | 3
policy/modules/services/ktalk.te | 5
policy/modules/services/lpd.if | 52 +-
policy/modules/services/mta.if | 9
policy/modules/services/mta.te | 3
policy/modules/services/networkmanager.fc | 3
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.fc | 2
policy/modules/services/nis.if | 5
policy/modules/services/nis.te | 24 +
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 16
policy/modules/services/ntp.te | 1
policy/modules/services/openca.if | 4
policy/modules/services/openca.te | 2
policy/modules/services/openvpn.te | 4
policy/modules/services/pcscd.fc | 9
policy/modules/services/pcscd.if | 58 +++
policy/modules/services/pcscd.te | 78 ++++
policy/modules/services/pegasus.if | 27 +
policy/modules/services/pegasus.te | 5
policy/modules/services/portmap.te | 1
policy/modules/services/postfix.fc | 1
policy/modules/services/postfix.te | 4
policy/modules/services/procmail.te | 13
policy/modules/services/pyzor.if | 22 +
policy/modules/services/pyzor.te | 11
policy/modules/services/radvd.te | 2
policy/modules/services/razor.if | 9
policy/modules/services/razor.te | 2
policy/modules/services/rdisc.te | 1
policy/modules/services/rhgb.if | 76 ++++
policy/modules/services/rhgb.te | 3
policy/modules/services/ricci.te | 26 +
policy/modules/services/rlogin.te | 10
policy/modules/services/rpc.fc | 1
policy/modules/services/rpc.te | 29 +
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 6
policy/modules/services/sasl.te | 1
policy/modules/services/sendmail.te | 4
policy/modules/services/setroubleshoot.if | 20 +
policy/modules/services/setroubleshoot.te | 5
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.if | 17
policy/modules/services/snmp.te | 2
policy/modules/services/spamassassin.fc | 1
policy/modules/services/spamassassin.if | 47 ++
policy/modules/services/spamassassin.te | 19 -
policy/modules/services/squid.fc | 1
policy/modules/services/squid.if | 2
policy/modules/services/squid.te | 12
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 79 +++-
policy/modules/services/ssh.te | 161 ++++----
policy/modules/services/uucp.te | 2
policy/modules/services/xfs.te | 1
policy/modules/services/xserver.fc | 2
policy/modules/services/xserver.if | 155 ++++++++
policy/modules/services/xserver.te | 20 -
policy/modules/system/authlogin.if | 93 ++++
policy/modules/system/authlogin.te | 3
policy/modules/system/clock.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 6
policy/modules/system/getty.te | 14
policy/modules/system/hostname.te | 14
policy/modules/system/hotplug.te | 1
policy/modules/system/init.if | 62 +++
policy/modules/system/init.te | 39 +-
policy/modules/system/ipsec.fc | 6
policy/modules/system/ipsec.if | 100 +++++
policy/modules/system/ipsec.te | 105 +++++
policy/modules/system/iptables.te | 16
policy/modules/system/libraries.fc | 9
policy/modules/system/locallogin.te | 6
policy/modules/system/logging.te | 18
policy/modules/system/lvm.if | 23 +
policy/modules/system/lvm.te | 40 +-
policy/modules/system/miscfiles.fc | 2
policy/modules/system/miscfiles.if | 79 ++++
policy/modules/system/modutils.te | 14
policy/modules/system/mount.te | 10
policy/modules/system/raid.te | 4
policy/modules/system/selinuxutil.fc | 2
policy/modules/system/selinuxutil.if | 115 ++++++
policy/modules/system/selinuxutil.te | 140 ++-----
policy/modules/system/setrans.te | 1
policy/modules/system/sysnetwork.te | 3
policy/modules/system/tzdata.fc | 3
policy/modules/system/tzdata.if | 19 +
policy/modules/system/tzdata.te | 41 ++
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.if | 2
policy/modules/system/unconfined.te | 22 +
policy/modules/system/userdomain.fc | 7
policy/modules/system/userdomain.if | 567 ++++++++++++++++++++++++------
policy/modules/system/userdomain.te | 66 +--
policy/modules/system/xen.te | 26 +
policy/support/obj_perm_sets.spt | 2
208 files changed, 4629 insertions(+), 807 deletions(-)
Index: policy-20070102.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070102.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20070102.patch 15 Feb 2007 20:46:02 -0000 1.27
+++ policy-20070102.patch 16 Feb 2007 19:55:47 -0000 1.28
@@ -3097,7 +3097,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.5.3/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/kernel/corenetwork.te.in 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/kernel/corenetwork.te.in 2007-02-16 10:54:04.000000000 -0500
@@ -43,11 +43,16 @@
sid port gen_context(system_u:object_r:port_t,s0)
@@ -3125,7 +3125,15 @@
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
-@@ -157,8 +162,11 @@
+@@ -140,6 +145,7 @@
+ network_port(soundd, tcp,8000,s0, tcp,9433,s0)
+ type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
+ type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
++network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0, )
+ network_port(swat, tcp,901,s0)
+ network_port(syslogd, udp,514,s0)
+ network_port(telnetd, tcp,23,s0)
+@@ -157,8 +163,11 @@
# Defaults for reserved ports. Earlier portcon entries take precedence;
# these entries just cover any remaining reserved ports not otherwise declared.
@@ -3206,7 +3214,7 @@
# Type for /dev/mapper/control
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.5.3/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/kernel/domain.if 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/kernel/domain.if 2007-02-16 14:15:33.000000000 -0500
@@ -1217,3 +1217,59 @@
typeattribute $1 can_change_object_identity;
typeattribute $1 set_curr_context;
@@ -3896,7 +3904,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.5.3/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/kernel/terminal.if 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/kernel/terminal.if 2007-02-16 10:17:36.000000000 -0500
@@ -636,6 +636,8 @@
attribute ptynode;
')
@@ -5512,6 +5520,16 @@
# apache should set close-on-exec
apache_dontaudit_append_log(system_mail_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.5.3/policy/modules/services/networkmanager.fc
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2006-11-16 17:15:20.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/services/networkmanager.fc 2007-02-16 09:48:32.000000000 -0500
+@@ -3,4 +3,5 @@
+ /var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+-/var/run/wpa_supplicant-global -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++/var/run/wpa_supplicant-global gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.5.3/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-2.5.3/policy/modules/services/networkmanager.te 2007-02-12 11:27:31.000000000 -0500
@@ -6004,16 +6022,20 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.5.3/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/services/procmail.te 2007-02-15 12:02:01.000000000 -0500
-@@ -10,6 +10,7 @@
++++ serefpolicy-2.5.3/policy/modules/services/procmail.te 2007-02-16 11:46:49.000000000 -0500
+@@ -10,15 +10,19 @@
type procmail_exec_t;
domain_type(procmail_t)
domain_entry_file(procmail_t,procmail_exec_t)
+userdom_executable_file(procmail_exec_t)
role system_r types procmail_t;
++type procmail_tmp_t;
++files_tmp_file(procmail_tmp_t)
++
########################################
-@@ -18,7 +19,7 @@
+ #
+ # Local policy
#
allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
@@ -6022,23 +6044,30 @@
allow procmail_t self:fifo_file rw_fifo_file_perms;
allow procmail_t self:unix_stream_socket create_socket_perms;
allow procmail_t self:unix_dgram_socket create_socket_perms;
-@@ -50,6 +51,7 @@
+@@ -50,6 +54,10 @@
corecmd_exec_bin(procmail_t)
corecmd_exec_shell(procmail_t)
corecmd_dontaudit_search_sbin(procmail_t)
+corecmd_exec_ls(procmail_t)
++
++allow procmail_t procmail_tmp_t:file create_file_perms;
++files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
files_read_etc_files(procmail_t)
files_read_etc_runtime_files(procmail_t)
-@@ -119,4 +121,5 @@
+@@ -115,8 +123,7 @@
+ optional_policy(`
+ corenet_udp_bind_generic_port(procmail_t)
+- files_getattr_tmp_dirs(procmail_t)
+-
spamassassin_exec(procmail_t)
spamassassin_exec_client(procmail_t)
+ spamassassin_read_lib_files(procmail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-2.5.3/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/services/pyzor.if 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/services/pyzor.if 2007-02-16 09:02:23.000000000 -0500
@@ -64,6 +64,10 @@
## </param>
#
@@ -6050,10 +6079,53 @@
type $1_pyzor_home_t;
userdom_user_home_content($1,$1_pyzor_home_t)
+@@ -73,3 +77,21 @@
+ userdom_search_user_home_dirs($1,pyzord_t)
+ userdom_user_home_dir_filetrans($1,pyzord_t,$1_pyzor_home_t,{ dir file lnk_file })
+ ')
++
++########################################
++## <summary>
++## Send generic signals to pyzor
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`pyzor_signal',`
++ gen_require(`
++ type pyzor_t;
++ ')
++
++ allow pyzor_t $1:process signal;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.5.3/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/services/pyzor.te 2007-02-12 11:27:31.000000000 -0500
-@@ -65,6 +65,10 @@
++++ serefpolicy-2.5.3/policy/modules/services/pyzor.te 2007-02-16 09:14:19.000000000 -0500
+@@ -26,6 +26,9 @@
+ type pyzor_var_lib_t;
+ files_type(pyzor_var_lib_t)
+
++type pyzor_tmp_t;
++files_tmp_file(pyzor_tmp_t)
++
+ ########################################
+ #
+ # Pyzor local policy
+@@ -37,6 +40,10 @@
+ read_files_pattern(pyzor_t,pyzor_var_lib_t,pyzor_var_lib_t)
+ files_search_var_lib(pyzor_t)
+
++allow pyzor_t pyzor_tmp_t:dir create_dir_perms;
++allow pyzor_t pyzor_tmp_t:file create_file_perms;
++files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
++
+ kernel_read_kernel_sysctls(pyzor_t)
+ kernel_read_system_state(pyzor_t)
+
+@@ -65,6 +72,10 @@
amavis_manage_spool_files(pyzor_t)
')
@@ -6697,7 +6769,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.5.3/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/services/spamassassin.te 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/services/spamassassin.te 2007-02-16 09:02:38.000000000 -0500
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -6763,6 +6835,14 @@
userdom_manage_generic_user_home_content_dirs(spamd_t)
userdom_manage_generic_user_home_content_files(spamd_t)
userdom_manage_generic_user_home_content_symlinks(spamd_t)
+@@ -183,6 +195,7 @@
+
+ optional_policy(`
+ pyzor_domtrans(spamd_t)
++ pyzor_signal(spamd_t)
+ ')
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.5.3/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500
+++ serefpolicy-2.5.3/policy/modules/services/squid.fc 2007-02-12 11:27:31.000000000 -0500
@@ -6785,8 +6865,25 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.5.3/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/services/squid.te 2007-02-12 11:27:31.000000000 -0500
-@@ -178,3 +178,12 @@
++++ serefpolicy-2.5.3/policy/modules/services/squid.te 2007-02-16 10:49:06.000000000 -0500
+@@ -81,6 +81,8 @@
+ corenet_tcp_bind_ftp_port(squid_t)
+ corenet_tcp_bind_gopher_port(squid_t)
+ corenet_udp_bind_gopher_port(squid_t)
++corenet_tcp_bind_squid_port(squid_t)
++corenet_udp_bind_squid_port(squid_t)
+ corenet_tcp_connect_ftp_port(squid_t)
+ corenet_tcp_connect_gopher_port(squid_t)
+ corenet_tcp_connect_http_port(squid_t)
+@@ -90,6 +92,7 @@
+ corenet_sendrecv_gopher_client_packets(squid_t)
+ corenet_sendrecv_http_cache_server_packets(squid_t)
+ corenet_sendrecv_http_cache_client_packets(squid_t)
++corenet_sendrecv_squid_client_packets(squid_t)
+
+ dev_read_sysfs(squid_t)
+ dev_read_urand(squid_t)
+@@ -178,3 +181,12 @@
#squid requires the following when run in diskd mode, the recommended setting
allow squid_t tmpfs_t:file { read write };
') dnl end TODO
@@ -7883,7 +7980,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.5.3/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/system/init.te 2007-02-12 11:27:31.000000000 -0500
++++ serefpolicy-2.5.3/policy/modules/system/init.te 2007-02-16 14:17:32.000000000 -0500
@@ -125,6 +125,7 @@
# file descriptors inherited from the rootfs:
files_dontaudit_rw_root_files(init_t)
@@ -7942,7 +8039,7 @@
# slapd needs to read cert files from its initscript
miscfiles_read_certs(initrc_t)
-@@ -491,6 +501,10 @@
+@@ -491,6 +501,12 @@
')
')
@@ -7950,10 +8047,12 @@
+ rhgb_use_ptys(daemon)
+')
+
++domain_dontaudit_use_interactive_fds(daemon)
++
ifdef(`targeted_policy',`
domain_subj_id_change_exemption(initrc_t)
unconfined_domain(initrc_t)
-@@ -503,11 +517,21 @@
+@@ -503,11 +519,21 @@
tunable_policy(`allow_daemons_use_tty',`
term_use_unallocated_ttys(daemon)
term_use_generic_ptys(daemon)
@@ -7977,7 +8076,7 @@
',`
# cjp: require doesnt work in the else of optionals :\
# this also would result in a type transition
-@@ -718,6 +742,9 @@
+@@ -718,6 +744,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -9278,8 +9377,17 @@
# Allow making the stack executable via mprotect.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.3/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.3/policy/modules/system/unconfined.te 2007-02-12 11:27:31.000000000 -0500
-@@ -63,6 +63,10 @@
++++ serefpolicy-2.5.3/policy/modules/system/unconfined.te 2007-02-16 10:18:36.000000000 -0500
+@@ -50,6 +50,8 @@
+ userdom_unconfined(unconfined_t)
+ userdom_priveleged_home_dir_manager(unconfined_t)
+
++ term_user_pty(unconfined_t, devpts_t)
++
+ optional_policy(`
+ ada_domtrans(unconfined_t)
+ ')
+@@ -63,6 +65,10 @@
')
optional_policy(`
@@ -9290,7 +9398,7 @@
init_dbus_chat_script(unconfined_t)
dbus_stub(unconfined_t)
-@@ -145,6 +149,8 @@
+@@ -145,6 +151,8 @@
optional_policy(`
rpm_domtrans(unconfined_t)
@@ -9299,7 +9407,7 @@
')
optional_policy(`
-@@ -180,6 +186,12 @@
+@@ -180,6 +188,12 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
')
@@ -9312,7 +9420,7 @@
')
########################################
-@@ -188,10 +200,18 @@
+@@ -188,10 +202,18 @@
#
ifdef(`targeted_policy',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.396
retrieving revision 1.397
diff -u -r1.396 -r1.397
--- selinux-policy.spec 15 Feb 2007 20:46:02 -0000 1.396
+++ selinux-policy.spec 16 Feb 2007 19:55:48 -0000 1.397
@@ -171,7 +171,6 @@
%prep
%setup -q -n serefpolicy-%{version}
%patch -p1
-%patch -p2
%install
# Build targeted policy
@@ -357,7 +356,7 @@
%endif
%changelog
-* THu Feb 15 2007 Dan Walsh <dwalsh at redhat.com> 2.5.3-3
+* Thu Feb 15 2007 Dan Walsh <dwalsh at redhat.com> 2.5.3-3
- Add sepolgen support
- Add bugzilla policy
More information about the fedora-cvs-commits
mailing list