rpms/selinux-policy/devel policy-20070219.patch,1.27,1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Mar 20 20:42:34 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16696
Modified Files:
policy-20070219.patch
Log Message:
* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-3
- Add fusermount and mount_ntfs policy
policy-20070219.patch:
Rules.modular | 12 +
man/man8/ftpd_selinux.8 | 6
man/man8/httpd_selinux.8 | 17 --
man/man8/kerberos_selinux.8 | 9 -
man/man8/named_selinux.8 | 8
man/man8/nfs_selinux.8 | 2
man/man8/rsync_selinux.8 | 8
man/man8/samba_selinux.8 | 12 -
man/man8/ypbind_selinux.8 | 2
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 92 ++++++++++-
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 18 ++
policy/modules/admin/kudzu.te | 1
policy/modules/admin/netutils.te | 3
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 65 +++++++
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.te | 5
policy/modules/admin/usermanage.te | 40 +++-
policy/modules/apps/games.fc | 1
policy/modules/apps/gnome.if | 26 +++
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corecommands.if | 59 ++++---
policy/modules/kernel/corenetwork.if.in | 54 ++++++
policy/modules/kernel/corenetwork.te.in | 13 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 23 ++
policy/modules/kernel/files.if | 81 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 5
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.fc | 3
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 23 ++
policy/modules/services/apache.if | 159 +++++++++++++++++++
policy/modules/services/apache.te | 53 +++++-
policy/modules/services/automount.te | 2
policy/modules/services/ccs.te | 12 +
policy/modules/services/consolekit.fc | 1
policy/modules/services/consolekit.te | 24 ++
policy/modules/services/cpucontrol.te | 1
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 43 ++++-
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 5
policy/modules/services/dbus.if | 57 ++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 5
policy/modules/services/fail2ban.fc | 4
policy/modules/services/fail2ban.if | 87 ++++++++++
policy/modules/services/fail2ban.te | 74 ++++++++
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 6
policy/modules/services/hal.te | 98 +++++++++++
policy/modules/services/inetd.if | 29 ---
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 21 ++
policy/modules/services/kerberos.te | 2
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.if | 5
policy/modules/services/ntp.te | 1
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 2
policy/modules/services/ppp.te | 17 --
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 3
policy/modules/services/radius.te | 6
policy/modules/services/ricci.te | 5
policy/modules/services/rpc.if | 5
policy/modules/services/rpc.te | 3
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 44 +++++
policy/modules/services/samba.te | 24 ++
policy/modules/services/sasl.te | 12 +
policy/modules/services/smartmon.te | 1
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 5
policy/modules/services/zabbix.fc | 4
policy/modules/services/zabbix.if | 87 ++++++++++
policy/modules/services/zabbix.te | 64 +++++++
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 106 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 84 ++++++++--
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 44 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 22 --
policy/modules/system/init.te | 26 ++-
policy/modules/system/ipsec.if | 100 ++++++++++++
policy/modules/system/ipsec.te | 9 -
policy/modules/system/iptables.te | 9 -
policy/modules/system/libraries.fc | 6
policy/modules/system/libraries.te | 20 ++
policy/modules/system/locallogin.te | 10 +
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 4
policy/modules/system/lvm.te | 10 +
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 51 +++++-
policy/modules/system/netlabel.te | 3
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 7
policy/modules/system/selinuxutil.te | 68 +++-----
policy/modules/system/udev.te | 6
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.te | 15 +
policy/modules/system/userdomain.if | 248 ++++++++++++++++--------------
policy/modules/system/userdomain.te | 40 +++-
policy/modules/system/xen.te | 26 +++
policy/support/obj_perm_sets.spt | 2
146 files changed, 2709 insertions(+), 486 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20070219.patch 20 Mar 2007 20:21:08 -0000 1.27
+++ policy-20070219.patch 20 Mar 2007 20:42:32 -0000 1.28
@@ -2779,8 +2779,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-2.5.9/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te 2007-03-20 10:20:32.000000000 -0400
-@@ -0,0 +1,77 @@
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te 2007-03-20 16:41:31.000000000 -0400
+@@ -0,0 +1,74 @@
+policy_module(fail2ban,1.0.0)
+
+########################################
@@ -2806,9 +2806,7 @@
+# fail2ban local policy
+#
+
-+allow fail2ban_t self : capability { net_admin net_raw };
+allow fail2ban_t self : process signal;
-+allow fail2ban_t self : rawip_socket { getopt create setopt };
+
+# Init script handling
+init_use_fds(fail2ban_t)
@@ -2822,6 +2820,8 @@
+# Some common macros (you might be able to remove some)
+files_read_etc_files(fail2ban_t)
+
++kernel_read_system_state(fail2ban_t)
++
+libs_use_ld_so(fail2ban_t)
+libs_use_shared_libs(fail2ban_t)
+
@@ -2847,8 +2847,6 @@
+
+logging_read_generic_logs(fail2ban_t)
+
-+selinux_get_fs_mount(fail2ban_t)
-+
+optional_policy(`
+ iptables_domtrans(fail2ban_t)
+')
@@ -2857,7 +2855,6 @@
+ term_dontaudit_use_unallocated_ttys(fail2ban_t)
+ term_dontaudit_use_generic_ptys(fail2ban_t)
+')
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.5.9/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-02-28 14:03:21.000000000 -0500
+++ serefpolicy-2.5.9/policy/modules/services/ftp.te 2007-03-20 10:20:32.000000000 -0400
More information about the fedora-cvs-commits
mailing list