rpms/selinux-policy/devel policy-20070219.patch,1.27,1.28

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Mar 20 20:42:34 UTC 2007


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16696

Modified Files:
	policy-20070219.patch 
Log Message:
* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-3
- Add fusermount and mount_ntfs policy


policy-20070219.patch:
 Rules.modular                             |   12 +
 man/man8/ftpd_selinux.8                   |    6 
 man/man8/httpd_selinux.8                  |   17 --
 man/man8/kerberos_selinux.8               |    9 -
 man/man8/named_selinux.8                  |    8 
 man/man8/nfs_selinux.8                    |    2 
 man/man8/rsync_selinux.8                  |    8 
 man/man8/samba_selinux.8                  |   12 -
 man/man8/ypbind_selinux.8                 |    2 
 policy/flask/access_vectors               |    4 
 policy/global_booleans                    |    2 
 policy/global_tunables                    |   92 ++++++++++-
 policy/mls                                |   31 ++-
 policy/modules/admin/acct.te              |    1 
 policy/modules/admin/amtu.fc              |    3 
 policy/modules/admin/amtu.if              |   53 ++++++
 policy/modules/admin/amtu.te              |   56 ++++++
 policy/modules/admin/consoletype.te       |    8 
 policy/modules/admin/dmesg.te             |    1 
 policy/modules/admin/firstboot.if         |   18 ++
 policy/modules/admin/kudzu.te             |    1 
 policy/modules/admin/netutils.te          |    3 
 policy/modules/admin/rpm.fc               |    3 
 policy/modules/admin/rpm.if               |   65 +++++++
 policy/modules/admin/rpm.te               |    2 
 policy/modules/admin/su.if                |    6 
 policy/modules/admin/sudo.te              |    5 
 policy/modules/admin/usermanage.te        |   40 +++-
 policy/modules/apps/games.fc              |    1 
 policy/modules/apps/gnome.if              |   26 +++
 policy/modules/apps/gpg.fc                |    2 
 policy/modules/apps/loadkeys.if           |   44 +----
 policy/modules/apps/mozilla.if            |    1 
 policy/modules/kernel/corecommands.fc     |    2 
 policy/modules/kernel/corecommands.if     |   59 ++++---
 policy/modules/kernel/corenetwork.if.in   |   54 ++++++
 policy/modules/kernel/corenetwork.te.in   |   13 +
 policy/modules/kernel/devices.if          |   36 ++++
 policy/modules/kernel/domain.if           |   18 ++
 policy/modules/kernel/domain.te           |   23 ++
 policy/modules/kernel/files.if            |   81 ++++++++-
 policy/modules/kernel/filesystem.if       |   39 ++++
 policy/modules/kernel/filesystem.te       |    5 
 policy/modules/kernel/kernel.if           |   23 ++
 policy/modules/kernel/kernel.te           |    2 
 policy/modules/kernel/mls.if              |   20 ++
 policy/modules/kernel/mls.te              |    3 
 policy/modules/kernel/selinux.if          |   38 ++++
 policy/modules/kernel/storage.fc          |    3 
 policy/modules/kernel/storage.if          |    2 
 policy/modules/kernel/terminal.if         |    2 
 policy/modules/kernel/terminal.te         |    1 
 policy/modules/services/apache.fc         |   23 ++
 policy/modules/services/apache.if         |  159 +++++++++++++++++++
 policy/modules/services/apache.te         |   53 +++++-
 policy/modules/services/automount.te      |    2 
 policy/modules/services/ccs.te            |   12 +
 policy/modules/services/consolekit.fc     |    1 
 policy/modules/services/consolekit.te     |   24 ++
 policy/modules/services/cpucontrol.te     |    1 
 policy/modules/services/cron.fc           |    1 
 policy/modules/services/cron.if           |   33 +--
 policy/modules/services/cron.te           |   43 ++++-
 policy/modules/services/cvs.te            |    1 
 policy/modules/services/cyrus.te          |    5 
 policy/modules/services/dbus.if           |   57 ++++++
 policy/modules/services/dhcp.te           |    2 
 policy/modules/services/djbdns.te         |    5 
 policy/modules/services/dovecot.te        |    5 
 policy/modules/services/fail2ban.fc       |    4 
 policy/modules/services/fail2ban.if       |   87 ++++++++++
 policy/modules/services/fail2ban.te       |   74 ++++++++
 policy/modules/services/ftp.te            |    5 
 policy/modules/services/hal.fc            |    6 
 policy/modules/services/hal.te            |   98 +++++++++++
 policy/modules/services/inetd.if          |   29 ---
 policy/modules/services/inetd.te          |    5 
 policy/modules/services/kerberos.if       |   21 ++
 policy/modules/services/kerberos.te       |    2 
 policy/modules/services/mta.te            |    2 
 policy/modules/services/networkmanager.te |    2 
 policy/modules/services/nis.if            |    5 
 policy/modules/services/ntp.te            |    1 
 policy/modules/services/pegasus.if        |   18 ++
 policy/modules/services/pegasus.te        |    5 
 policy/modules/services/postfix.te        |    2 
 policy/modules/services/ppp.te            |   17 --
 policy/modules/services/procmail.te       |    1 
 policy/modules/services/pyzor.te          |    3 
 policy/modules/services/radius.te         |    6 
 policy/modules/services/ricci.te          |    5 
 policy/modules/services/rpc.if            |    5 
 policy/modules/services/rpc.te            |    3 
 policy/modules/services/rsync.te          |    1 
 policy/modules/services/samba.if          |   44 +++++
 policy/modules/services/samba.te          |   24 ++
 policy/modules/services/sasl.te           |   12 +
 policy/modules/services/smartmon.te       |    1 
 policy/modules/services/spamassassin.te   |    5 
 policy/modules/services/squid.fc          |    2 
 policy/modules/services/squid.if          |   22 ++
 policy/modules/services/squid.te          |   12 +
 policy/modules/services/ssh.fc            |    2 
 policy/modules/services/ssh.if            |   39 ++++
 policy/modules/services/ssh.te            |    5 
 policy/modules/services/zabbix.fc         |    4 
 policy/modules/services/zabbix.if         |   87 ++++++++++
 policy/modules/services/zabbix.te         |   64 +++++++
 policy/modules/system/application.fc      |    1 
 policy/modules/system/application.if      |  106 ++++++++++++
 policy/modules/system/application.te      |   14 +
 policy/modules/system/authlogin.if        |   84 ++++++++--
 policy/modules/system/authlogin.te        |    3 
 policy/modules/system/fstools.fc          |    1 
 policy/modules/system/fstools.te          |    1 
 policy/modules/system/fusermount.fc       |    6 
 policy/modules/system/fusermount.if       |   41 ++++
 policy/modules/system/fusermount.te       |   44 +++++
 policy/modules/system/getty.te            |    3 
 policy/modules/system/hostname.te         |   14 +
 policy/modules/system/init.if             |   22 --
 policy/modules/system/init.te             |   26 ++-
 policy/modules/system/ipsec.if            |  100 ++++++++++++
 policy/modules/system/ipsec.te            |    9 -
 policy/modules/system/iptables.te         |    9 -
 policy/modules/system/libraries.fc        |    6 
 policy/modules/system/libraries.te        |   20 ++
 policy/modules/system/locallogin.te       |   10 +
 policy/modules/system/logging.if          |   21 ++
 policy/modules/system/logging.te          |    4 
 policy/modules/system/lvm.te              |   10 +
 policy/modules/system/modutils.te         |    7 
 policy/modules/system/mount.fc            |    3 
 policy/modules/system/mount.if            |   37 ++++
 policy/modules/system/mount.te            |   51 +++++-
 policy/modules/system/netlabel.te         |    3 
 policy/modules/system/selinuxutil.fc      |    1 
 policy/modules/system/selinuxutil.if      |    7 
 policy/modules/system/selinuxutil.te      |   68 +++-----
 policy/modules/system/udev.te             |    6 
 policy/modules/system/unconfined.fc       |    1 
 policy/modules/system/unconfined.te       |   15 +
 policy/modules/system/userdomain.if       |  248 ++++++++++++++++--------------
 policy/modules/system/userdomain.te       |   40 +++-
 policy/modules/system/xen.te              |   26 +++
 policy/support/obj_perm_sets.spt          |    2 
 146 files changed, 2709 insertions(+), 486 deletions(-)

Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20070219.patch	20 Mar 2007 20:21:08 -0000	1.27
+++ policy-20070219.patch	20 Mar 2007 20:42:32 -0000	1.28
@@ -2779,8 +2779,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-2.5.9/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te	2007-03-20 10:20:32.000000000 -0400
-@@ -0,0 +1,77 @@
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te	2007-03-20 16:41:31.000000000 -0400
+@@ -0,0 +1,74 @@
 +policy_module(fail2ban,1.0.0)
 +
 +########################################
@@ -2806,9 +2806,7 @@
 +# fail2ban local policy
 +#
 +
-+allow fail2ban_t self : capability { net_admin net_raw };
 +allow fail2ban_t self : process signal;
-+allow fail2ban_t self : rawip_socket { getopt create setopt };
 +
 +# Init script handling
 +init_use_fds(fail2ban_t)
@@ -2822,6 +2820,8 @@
 +# Some common macros (you might be able to remove some)
 +files_read_etc_files(fail2ban_t)
 +
++kernel_read_system_state(fail2ban_t)
++
 +libs_use_ld_so(fail2ban_t)
 +libs_use_shared_libs(fail2ban_t)
 +
@@ -2847,8 +2847,6 @@
 +
 +logging_read_generic_logs(fail2ban_t)
 +
-+selinux_get_fs_mount(fail2ban_t)
-+
 +optional_policy(`
 +	iptables_domtrans(fail2ban_t)
 +')
@@ -2857,7 +2855,6 @@
 +	term_dontaudit_use_unallocated_ttys(fail2ban_t)
 +	term_dontaudit_use_generic_ptys(fail2ban_t)
 +')
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.5.9/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2007-02-28 14:03:21.000000000 -0500
 +++ serefpolicy-2.5.9/policy/modules/services/ftp.te	2007-03-20 10:20:32.000000000 -0400




More information about the fedora-cvs-commits mailing list