rpms/selinux-policy/FC-6 booleans-mls.conf, 1.7, 1.8 policy-20061106.patch, 1.11, 1.12 securetty_types-mls, 1.1, 1.2 selinux-policy.spec, 1.337, 1.338
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jan 25 21:02:19 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv2603
Modified Files:
booleans-mls.conf policy-20061106.patch securetty_types-mls
selinux-policy.spec
Log Message:
* Wed Jan 24 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-31
- Fix clvmd policy
- Fix squid cgi script to run with correct context.
- Maintain proper context on /etc/lvm/.cache file
- Lots of fixes for ricci and friends
- mount.nfs needs sys_resource
- Change gstreamer context for only i386
- Fix libXcomp file_context
Resolves: #224441
Index: booleans-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/booleans-mls.conf,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- booleans-mls.conf 15 Jan 2007 15:55:21 -0000 1.7
+++ booleans-mls.conf 25 Jan 2007 21:02:17 -0000 1.8
@@ -224,3 +224,7 @@
#
allow_netlabel = true
+# Allow ipsec labeled packets to flow
+#
+allow_ipsec_label = true
+
policy-20061106.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 1
config/appconfig-strict-mls/seusers | 1
config/appconfig-strict/seusers | 1
policy/flask/access_vectors | 2
policy/global_tunables | 66 +++
policy/mls | 31 +
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.if | 17
policy/modules/admin/amanda.te | 6
policy/modules/admin/backup.te | 5
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 14
policy/modules/admin/consoletype.te | 21 -
policy/modules/admin/ddcprobe.te | 10
policy/modules/admin/dmesg.te | 7
policy/modules/admin/dmidecode.te | 5
policy/modules/admin/firstboot.if | 6
policy/modules/admin/kudzu.te | 5
policy/modules/admin/logrotate.te | 5
policy/modules/admin/logwatch.te | 6
policy/modules/admin/netutils.te | 10
policy/modules/admin/portage.te | 5
policy/modules/admin/prelink.te | 17
policy/modules/admin/quota.fc | 7
policy/modules/admin/quota.te | 24 -
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 24 +
policy/modules/admin/rpm.te | 49 +-
policy/modules/admin/su.if | 28 +
policy/modules/admin/su.te | 2
policy/modules/admin/sudo.if | 10
policy/modules/admin/tripwire.te | 11
policy/modules/admin/usbmodules.te | 5
policy/modules/admin/usermanage.te | 34 +
policy/modules/admin/vpn.te | 1
policy/modules/apps/ethereal.te | 5
policy/modules/apps/evolution.if | 106 +++++
policy/modules/apps/evolution.te | 1
policy/modules/apps/gnome.fc | 2
policy/modules/apps/gnome.if | 108 +++++
policy/modules/apps/gnome.te | 5
policy/modules/apps/gpg.if | 1
policy/modules/apps/java.fc | 2
policy/modules/apps/java.if | 38 ++
policy/modules/apps/java.te | 2
policy/modules/apps/loadkeys.if | 17
policy/modules/apps/mozilla.if | 209 +++++++++--
policy/modules/apps/mplayer.if | 84 ++++
policy/modules/apps/mplayer.te | 1
policy/modules/apps/slocate.te | 3
policy/modules/apps/thunderbird.if | 80 +++-
policy/modules/apps/userhelper.if | 19 -
policy/modules/apps/webalizer.te | 6
policy/modules/apps/yam.te | 5
policy/modules/kernel/corecommands.fc | 10
policy/modules/kernel/corecommands.if | 77 ++++
policy/modules/kernel/corenetwork.if.in | 99 +++++
policy/modules/kernel/corenetwork.te.in | 17
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 5
policy/modules/kernel/devices.te | 8
policy/modules/kernel/domain.if | 58 +++
policy/modules/kernel/domain.te | 22 +
policy/modules/kernel/files.fc | 2
policy/modules/kernel/files.if | 220 +++++++++++
policy/modules/kernel/filesystem.if | 23 +
policy/modules/kernel/filesystem.te | 13
policy/modules/kernel/kernel.if | 64 +++
policy/modules/kernel/kernel.te | 12
policy/modules/kernel/mls.if | 28 +
policy/modules/kernel/mls.te | 6
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 11
policy/modules/services/apache.te | 23 +
policy/modules/services/apm.te | 3
policy/modules/services/automount.fc | 1
policy/modules/services/automount.te | 9
policy/modules/services/avahi.if | 21 +
policy/modules/services/bind.fc | 1
policy/modules/services/bind.te | 5
policy/modules/services/bluetooth.te | 5
policy/modules/services/ccs.fc | 1
policy/modules/services/ccs.te | 11
policy/modules/services/clamav.te | 2
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 92 ++--
policy/modules/services/cron.te | 48 ++
policy/modules/services/cups.te | 7
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.fc | 1
policy/modules/services/dbus.if | 43 ++
policy/modules/services/dcc.te | 9
policy/modules/services/ftp.te | 14
policy/modules/services/hal.fc | 4
policy/modules/services/hal.if | 57 +++
policy/modules/services/hal.te | 9
policy/modules/services/inetd.te | 28 +
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.if | 3
policy/modules/services/kerberos.te | 11
policy/modules/services/ktalk.fc | 3
policy/modules/services/ktalk.te | 5
policy/modules/services/lpd.if | 56 +-
policy/modules/services/lpd.te | 5
policy/modules/services/mta.if | 1
policy/modules/services/mta.te | 2
policy/modules/services/munin.te | 5
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.fc | 3
policy/modules/services/nis.if | 8
policy/modules/services/nis.te | 15
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 15
policy/modules/services/oav.te | 5
policy/modules/services/oddjob.te | 3
policy/modules/services/openvpn.te | 4
policy/modules/services/pcscd.fc | 9
policy/modules/services/pcscd.if | 62 +++
policy/modules/services/pcscd.te | 78 ++++
policy/modules/services/pegasus.if | 31 +
policy/modules/services/pegasus.te | 5
policy/modules/services/portmap.te | 5
policy/modules/services/postfix.fc | 1
policy/modules/services/postfix.if | 2
policy/modules/services/postfix.te | 17
policy/modules/services/procmail.te | 16
policy/modules/services/pyzor.te | 4
policy/modules/services/radvd.te | 2
policy/modules/services/rhgb.if | 76 ++++
policy/modules/services/rhgb.te | 3
policy/modules/services/ricci.te | 6
policy/modules/services/rlogin.te | 10
policy/modules/services/rpc.fc | 1
policy/modules/services/rpc.te | 23 +
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 2
policy/modules/services/samba.te | 17
policy/modules/services/sasl.te | 2
policy/modules/services/sendmail.te | 8
policy/modules/services/setroubleshoot.if | 20 +
policy/modules/services/setroubleshoot.te | 1
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.if | 17
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.te | 9
policy/modules/services/squid.fc | 1
policy/modules/services/squid.if | 1
policy/modules/services/squid.te | 11
policy/modules/services/ssh.if | 65 +++
policy/modules/services/ssh.te | 10
policy/modules/services/telnet.te | 1
policy/modules/services/tftp.te | 2
policy/modules/services/uucp.fc | 1
policy/modules/services/uucp.if | 67 +++
policy/modules/services/uucp.te | 44 ++
policy/modules/services/xserver.fc | 2
policy/modules/services/xserver.if | 190 +++++++++-
policy/modules/services/xserver.te | 12
policy/modules/system/authlogin.if | 74 +++
policy/modules/system/authlogin.te | 6
policy/modules/system/clock.te | 13
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 11
policy/modules/system/getty.te | 14
policy/modules/system/hostname.te | 19 -
policy/modules/system/init.if | 23 +
policy/modules/system/init.te | 44 ++
policy/modules/system/ipsec.fc | 5
policy/modules/system/ipsec.if | 80 ++++
policy/modules/system/ipsec.te | 107 +++++
policy/modules/system/iptables.te | 16
policy/modules/system/libraries.fc | 37 +
policy/modules/system/libraries.te | 11
policy/modules/system/locallogin.if | 37 +
policy/modules/system/locallogin.te | 6
policy/modules/system/logging.te | 14
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.if | 21 +
policy/modules/system/lvm.te | 73 +++
policy/modules/system/miscfiles.fc | 3
policy/modules/system/miscfiles.if | 79 ++++
policy/modules/system/modutils.te | 25 +
policy/modules/system/mount.te | 27 -
policy/modules/system/pcmcia.te | 5
policy/modules/system/raid.te | 13
policy/modules/system/selinuxutil.fc | 2
policy/modules/system/selinuxutil.if | 119 ++++++
policy/modules/system/selinuxutil.te | 118 ++----
policy/modules/system/sysnetwork.te | 10
policy/modules/system/tzdata.fc | 3
policy/modules/system/tzdata.if | 23 +
policy/modules/system/tzdata.te | 51 ++
policy/modules/system/unconfined.fc | 4
policy/modules/system/unconfined.if | 19 +
policy/modules/system/unconfined.te | 23 +
policy/modules/system/userdomain.if | 569 ++++++++++++++++++++++++++----
policy/modules/system/userdomain.te | 63 +--
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 35 +
204 files changed, 4475 insertions(+), 576 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.11 -r 1.12 policy-20061106.patch
Index: policy-20061106.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/policy-20061106.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20061106.patch 15 Jan 2007 16:06:37 -0000 1.11
+++ policy-20061106.patch 25 Jan 2007 21:02:17 -0000 1.12
@@ -1,27 +1,27 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.4.6/config/appconfig-strict/seusers
--- nsaserefpolicy/config/appconfig-strict/seusers 2006-11-29 12:04:52.000000000 -0500
-+++ serefpolicy-2.4.6/config/appconfig-strict/seusers 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/config/appconfig-strict/seusers 2007-01-16 11:11:26.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers
--- nsaserefpolicy/config/appconfig-strict-mcs/seusers 2006-11-29 12:04:52.000000000 -0500
-+++ serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/config/appconfig-strict-mcs/seusers 2007-01-16 11:11:26.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u:s0-mcs_systemhigh
root:root:s0-mcs_systemhigh
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.4.6/config/appconfig-strict-mls/seusers
--- nsaserefpolicy/config/appconfig-strict-mls/seusers 2006-11-29 12:04:52.000000000 -0500
-+++ serefpolicy-2.4.6/config/appconfig-strict-mls/seusers 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/config/appconfig-strict-mls/seusers 2007-01-16 11:11:26.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u:s0-mls_systemhigh
root:root:s0-mls_systemhigh
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.6/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/flask/access_vectors 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/flask/access_vectors 2007-01-16 11:11:26.000000000 -0500
@@ -619,6 +619,8 @@
send
recv
@@ -33,7 +33,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.6/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/global_tunables 2007-01-08 15:32:24.000000000 -0500
++++ serefpolicy-2.4.6/policy/global_tunables 2007-01-22 20:15:51.000000000 -0500
@@ -82,6 +82,14 @@
## <desc>
@@ -80,7 +80,7 @@
## Allow mount to mount any file
## </p>
## </desc>
-@@ -596,8 +619,41 @@
+@@ -596,8 +619,49 @@
## <desc>
## <p>
@@ -116,16 +116,24 @@
+ifdef(`mls_policy',`
+## <desc>
+## <p>
-+## Allow netlabel packets to work on system
++## Allow all domains to use netlabel labeled packets
+## </p>
+## </desc>
+gen_tunable(allow_netlabel,true)
++
++## <desc>
++## <p>
++## Allow all domains to use ipsec labeled packets
++## </p>
++## </desc>
++gen_tunable(allow_ipsec_label,true)
')
+
+
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.4.6/policy/mls
--- nsaserefpolicy/policy/mls 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/mls 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/mls 2007-01-16 11:11:26.000000000 -0500
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -199,7 +207,7 @@
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.6/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2007-01-16 11:11:26.000000000 -0500
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -210,7 +218,7 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.4.6/policy/modules/admin/amanda.if
--- nsaserefpolicy/policy/modules/admin/amanda.if 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2007-01-16 11:11:26.000000000 -0500
@@ -127,4 +127,21 @@
allow $1 amanda_log_t:file ra_file_perms;
')
@@ -235,7 +243,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.6/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-01-15 09:29:39.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2007-01-16 11:11:26.000000000 -0500
@@ -75,6 +75,7 @@
allow amanda_t self:unix_dgram_socket create_socket_perms;
allow amanda_t self:tcp_socket create_stream_socket_perms;
@@ -255,7 +263,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/backup.te serefpolicy-2.4.6/policy/modules/admin/backup.te
--- nsaserefpolicy/policy/modules/admin/backup.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/backup.te 2007-01-15 09:34:00.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/backup.te 2007-01-16 11:11:26.000000000 -0500
@@ -82,3 +82,8 @@
optional_policy(`
nis_use_ypbind(backup_t)
@@ -267,7 +275,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.4.6/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/bootloader.fc 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/bootloader.fc 2007-01-16 11:11:26.000000000 -0500
@@ -2,11 +2,6 @@
/etc/lilo\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
@@ -282,7 +290,7 @@
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.4.6/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2007-01-15 09:34:41.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2007-01-16 11:11:26.000000000 -0500
@@ -93,6 +93,8 @@
fs_manage_dos_files(bootloader_t)
@@ -317,7 +325,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4.6/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/consoletype.te 2007-01-10 15:39:52.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/consoletype.te 2007-01-16 11:11:26.000000000 -0500
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -373,7 +381,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ddcprobe.te serefpolicy-2.4.6/policy/modules/admin/ddcprobe.te
--- nsaserefpolicy/policy/modules/admin/ddcprobe.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/ddcprobe.te 2007-01-15 09:41:31.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/ddcprobe.te 2007-01-16 11:11:26.000000000 -0500
@@ -53,3 +53,13 @@
#reh why? this does not seem even necessary to function properly
@@ -390,7 +398,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4.6/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-29 12:04:49.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/dmesg.te 2007-01-15 11:02:21.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/dmesg.te 2007-01-16 11:11:26.000000000 -0500
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -412,7 +420,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmidecode.te serefpolicy-2.4.6/policy/modules/admin/dmidecode.te
--- nsaserefpolicy/policy/modules/admin/dmidecode.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-01-15 09:41:55.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/dmidecode.te 2007-01-16 11:11:26.000000000 -0500
@@ -38,3 +38,8 @@
term_use_generic_ptys(dmidecode_t)
term_use_unallocated_ttys(dmidecode_t)
@@ -424,7 +432,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-2.4.6/policy/modules/admin/firstboot.if
--- nsaserefpolicy/policy/modules/admin/firstboot.if 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/firstboot.if 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/firstboot.if 2007-01-16 11:11:26.000000000 -0500
@@ -96,7 +96,7 @@
########################################
@@ -449,7 +457,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.4.6/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2006-11-29 12:04:49.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/kudzu.te 2007-01-15 09:47:24.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/kudzu.te 2007-01-16 11:11:26.000000000 -0500
@@ -167,3 +167,8 @@
')
allow kudzu_t cupsd_rw_etc_t:dir r_dir_perms;
@@ -461,7 +469,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.4.6/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2006-11-29 12:04:48.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/logrotate.te 2007-01-15 09:46:15.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/logrotate.te 2007-01-16 11:11:26.000000000 -0500
@@ -210,3 +210,8 @@
[...2606 lines suppressed...]
init_use_fds(restorecond_t)
init_dontaudit_use_script_ptys(restorecond_t)
-@@ -549,82 +568,11 @@
+@@ -549,82 +574,11 @@
########################################
#
@@ -7953,7 +8470,7 @@
########################################
#
-@@ -672,6 +620,7 @@
+@@ -672,6 +626,7 @@
init_use_fds(setfiles_t)
init_use_script_fds(setfiles_t)
init_use_script_ptys(setfiles_t)
@@ -7961,7 +8478,7 @@
domain_use_interactive_fds(setfiles_t)
-@@ -691,3 +640,16 @@
+@@ -691,3 +646,16 @@
userdom_use_all_users_fds(setfiles_t)
# for config files in a home directory
userdom_read_all_users_home_content_files(setfiles_t)
@@ -7980,7 +8497,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.4.6/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2007-01-15 09:54:44.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2007-01-16 11:11:26.000000000 -0500
@@ -333,6 +333,9 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(ifconfig_t)
@@ -8004,14 +8521,14 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.fc serefpolicy-2.4.6/policy/modules/system/tzdata.fc
--- nsaserefpolicy/policy/modules/system/tzdata.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/tzdata.fc 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/tzdata.fc 2007-01-16 11:11:26.000000000 -0500
@@ -0,0 +1,3 @@
+# tzdata executable will have:
+
+/usr/sbin/tzdata-update -- gen_context(system_u:object_r:tzdata_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.if serefpolicy-2.4.6/policy/modules/system/tzdata.if
--- nsaserefpolicy/policy/modules/system/tzdata.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/tzdata.if 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/tzdata.if 2007-01-16 11:11:26.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>policy for tzdata</summary>
+
@@ -8038,8 +8555,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.te serefpolicy-2.4.6/policy/modules/system/tzdata.te
--- nsaserefpolicy/policy/modules/system/tzdata.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/tzdata.te 2007-01-15 09:31:50.000000000 -0500
-@@ -0,0 +1,43 @@
++++ serefpolicy-2.4.6/policy/modules/system/tzdata.te 2007-01-25 08:08:47.000000000 -0500
+@@ -0,0 +1,51 @@
+policy_module(tzdata,1.0.0)
+
+########################################
@@ -8056,11 +8573,15 @@
+#
+# tzdata local policy
+#
++allow tzdata_t self:capability dac_override;
+
+# Some common macros (you might be able to remove some)
+files_read_etc_files(tzdata_t)
+libs_use_ld_so(tzdata_t)
+libs_use_shared_libs(tzdata_t)
++
++locallogin_dontaudit_use_fds(tzdata_t)
++
+miscfiles_read_localization(tzdata_t)
+
+files_search_spool(tzdata_t)
@@ -8080,12 +8601,16 @@
+')
+
+optional_policy(`
++ locallogin_dontaudit_use_fds(tzdata_t)
++')
++
++optional_policy(`
+ ssh_sigchld(tzdata_t)
+ ssh_rw_stream_sockets(tzdata_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.4.6/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.fc 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.fc 2007-01-16 11:11:26.000000000 -0500
@@ -7,6 +7,8 @@
ifdef(`targeted_policy',`
/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -8098,7 +8623,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.4.6/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2007-01-15 10:46:48.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2007-01-16 11:11:26.000000000 -0500
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -8134,8 +8659,19 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-01-05 15:23:37.000000000 -0500
-@@ -83,6 +83,9 @@
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2007-01-23 15:59:13.000000000 -0500
+@@ -48,6 +48,10 @@
+ userdom_priveleged_home_dir_manager(unconfined_t)
+
+ optional_policy(`
++ lvm_domtrans(unconfined_t)
++ ')
++
++ optional_policy(`
+ ada_domtrans(unconfined_t)
+ ')
+
+@@ -83,6 +87,9 @@
optional_policy(`
networkmanager_dbus_chat(unconfined_t)
')
@@ -8145,7 +8681,7 @@
')
optional_policy(`
-@@ -138,6 +141,8 @@
+@@ -138,6 +145,8 @@
optional_policy(`
rpm_domtrans(unconfined_t)
@@ -8154,7 +8690,7 @@
')
optional_policy(`
-@@ -173,6 +178,12 @@
+@@ -173,6 +182,12 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
')
@@ -8167,7 +8703,7 @@
')
########################################
-@@ -181,10 +192,18 @@
+@@ -181,10 +196,18 @@
#
ifdef(`targeted_policy',`
@@ -8188,7 +8724,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.4.6/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/userdomain.if 2007-01-11 16:28:29.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/userdomain.if 2007-01-17 10:29:18.000000000 -0500
@@ -22,9 +22,9 @@
## <rolebase/>
#
@@ -9023,7 +9559,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.6/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2007-01-15 10:53:20.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2007-01-22 19:58:27.000000000 -0500
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -9153,7 +9689,7 @@
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.6/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2007-01-16 11:11:26.000000000 -0500
@@ -8,6 +8,7 @@
/usr/sbin/xm -- gen_context(system_u:object_r:xm_exec_t,s0)
@@ -9164,7 +9700,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.6/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/xen.te 2007-01-16 11:11:26.000000000 -0500
@@ -86,8 +86,8 @@
allow xend_t self:tcp_socket create_stream_socket_perms;
allow xend_t self:packet_socket create_socket_perms;
@@ -9256,7 +9792,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.6/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-11-29 12:04:51.000000000 -0500
-+++ serefpolicy-2.4.6/Rules.modular 2007-01-05 15:23:37.000000000 -0500
++++ serefpolicy-2.4.6/Rules.modular 2007-01-16 11:11:26.000000000 -0500
@@ -219,6 +219,16 @@
########################################
Index: securetty_types-mls
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/securetty_types-mls,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- securetty_types-mls 15 Jan 2007 16:06:37 -0000 1.1
+++ securetty_types-mls 25 Jan 2007 21:02:17 -0000 1.2
@@ -2,4 +2,4 @@
user_tty_device_t
staff_tty_device_t
auditadm_tty_device_t
-secureadm_tty_device_t
+secadm_tty_device_t
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-6/selinux-policy.spec,v
retrieving revision 1.337
retrieving revision 1.338
diff -u -r1.337 -r1.338
--- selinux-policy.spec 15 Jan 2007 17:00:40 -0000 1.337
+++ selinux-policy.spec 25 Jan 2007 21:02:17 -0000 1.338
@@ -12,12 +12,12 @@
%endif
%define POLICYVER 21
%define libsepolver 1.12.26-1
-%define POLICYCOREUTILSVER 1.33.6-3
+%define POLICYCOREUTILSVER 1.33.12-1
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.4.6
-Release: 27%{?dist}
+Release: 31%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,31 @@
%endif
%changelog
+* Wed Jan 24 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-31
+- Fix clvmd policy
+- Fix squid cgi script to run with correct context.
+- Maintain proper context on /etc/lvm/.cache file
+- Lots of fixes for ricci and friends
+- mount.nfs needs sys_resource
+- Change gstreamer context for only i386
+- Fix libXcomp file_context
+Resolves: #224441
+
+* Tue Jan 23 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-30
+- Fixes for ricci_modservice
+Resolves: #217519
+
+* Mon Jan 22 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-29
+- remove swapfile avc
+- Fix rpcsvcgssd
+Resolves: #217519
+
+* Wed Jan 17 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-28
+- Allow logwatch to use ypbind
+- Allow system_crond_t to create cron_var_run_t files (prelink files)
+- dontaudit postfix-smtp reading /boot, fix file context on lmtp
+Resolves: #215722
+
* Mon Jan 15 2007 Dan Walsh <dwalsh at redhat.com> 2.4.6-27
- Fix senmail avc trying to read /root
- More fixes for ssh transitions to userspace
More information about the fedora-cvs-commits
mailing list