rpms/selinux-policy/devel policy-20070219.patch, 1.30, 1.31 selinux-policy.spec, 1.418, 1.419
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 23 14:32:33 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32404
Modified Files:
policy-20070219.patch selinux-policy.spec
Log Message:
* Thu Mar 22 2007 Dan Walsh <dwalsh at redhat.com> 2.5.10-1
- Update to upstream
policy-20070219.patch:
Rules.modular | 16 +
Rules.monolithic | 2
man/man8/ftpd_selinux.8 | 6
man/man8/httpd_selinux.8 | 17 --
man/man8/kerberos_selinux.8 | 9 -
man/man8/named_selinux.8 | 8
man/man8/nfs_selinux.8 | 2
man/man8/rsync_selinux.8 | 8
man/man8/samba_selinux.8 | 12 -
man/man8/ypbind_selinux.8 | 2
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 92 ++++++++++-
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 18 ++
policy/modules/admin/logwatch.te | 2
policy/modules/admin/netutils.te | 3
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 65 +++++++
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.te | 5
policy/modules/admin/usermanage.te | 40 +++-
policy/modules/apps/games.fc | 1
policy/modules/apps/gnome.if | 26 +++
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corecommands.if | 59 ++++---
policy/modules/kernel/corenetwork.if.in | 54 ++++++
policy/modules/kernel/corenetwork.te.in | 13 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 23 ++
policy/modules/kernel/files.if | 81 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 5
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.fc | 3
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 17 +-
policy/modules/services/apache.if | 159 +++++++++++++++++++
policy/modules/services/apache.te | 60 ++++++-
policy/modules/services/apm.te | 4
policy/modules/services/automount.te | 2
policy/modules/services/ccs.te | 12 +
policy/modules/services/consolekit.fc | 1
policy/modules/services/consolekit.te | 26 ++-
policy/modules/services/cpucontrol.te | 1
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 45 ++++-
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 5
policy/modules/services/dbus.if | 57 ++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 7
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 6
policy/modules/services/hal.te | 99 +++++++++++
policy/modules/services/howl.te | 2
policy/modules/services/inetd.if | 29 ---
policy/modules/services/inetd.te | 12 +
policy/modules/services/inn.te | 7
policy/modules/services/ircd.te | 7
policy/modules/services/irqbalance.te | 7
policy/modules/services/jabber.te | 7
policy/modules/services/kerberos.if | 21 ++
policy/modules/services/kerberos.te | 14 +
policy/modules/services/ldap.te | 7
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.if | 4
policy/modules/services/ntp.te | 1
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 9 -
policy/modules/services/postfix.te | 2
policy/modules/services/ppp.te | 17 --
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 1
policy/modules/services/radius.te | 4
policy/modules/services/rpc.if | 10 +
policy/modules/services/rpc.te | 3
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 44 +++++
policy/modules/services/samba.te | 23 ++
policy/modules/services/sasl.te | 11 +
policy/modules/services/smartmon.te | 5
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 5
policy/modules/services/zabbix.fc | 4
policy/modules/services/zabbix.if | 87 ++++++++++
policy/modules/services/zabbix.te | 64 +++++++
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 106 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 83 ++++++++--
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 44 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 22 --
policy/modules/system/init.te | 26 ++-
policy/modules/system/ipsec.if | 100 ++++++++++++
policy/modules/system/ipsec.te | 3
policy/modules/system/iptables.te | 9 -
policy/modules/system/libraries.fc | 6
policy/modules/system/libraries.te | 20 ++
policy/modules/system/locallogin.te | 10 +
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 1
policy/modules/system/lvm.te | 5
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 51 +++++-
policy/modules/system/netlabel.te | 3
policy/modules/system/pcmcia.te | 6
policy/modules/system/raid.te | 4
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 7
policy/modules/system/selinuxutil.te | 70 +++-----
policy/modules/system/udev.fc | 2
policy/modules/system/udev.te | 6
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.te | 15 +
policy/modules/system/userdomain.if | 248 ++++++++++++++++--------------
policy/modules/system/userdomain.te | 44 ++++-
policy/modules/system/xen.te | 28 +++
policy/support/obj_perm_sets.spt | 2
152 files changed, 2609 insertions(+), 500 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.30 -r 1.31 policy-20070219.patch
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policy-20070219.patch 21 Mar 2007 03:39:06 -0000 1.30
+++ policy-20070219.patch 23 Mar 2007 14:32:31 -0000 1.31
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.5.9/man/man8/ftpd_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.5.10/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ftpd_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/ftpd_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -39,14 +39,10 @@
ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
.TP
@@ -17,9 +17,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.9/man/man8/httpd_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.10/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/httpd_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/httpd_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -110,22 +110,7 @@
.EE
@@ -44,9 +44,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.9/man/man8/kerberos_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.10/man/man8/kerberos_selinux.8
--- nsaserefpolicy/man/man8/kerberos_selinux.8 2007-02-26 14:42:44.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/kerberos_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/kerberos_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -18,16 +18,9 @@
You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
.EX
@@ -65,9 +65,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.9/man/man8/named_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.10/man/man8/named_selinux.8
--- nsaserefpolicy/man/man8/named_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/named_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/named_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -20,13 +20,7 @@
setsebool -P named_write_master_zones 1
.EE
@@ -83,9 +83,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.5.9/man/man8/nfs_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.5.10/man/man8/nfs_selinux.8
--- nsaserefpolicy/man/man8/nfs_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/nfs_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/nfs_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -22,7 +22,7 @@
.TP
setsebool -P use_nfs_home_dirs 1
@@ -95,9 +95,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.9/man/man8/rsync_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.10/man/man8/rsync_selinux.8
--- nsaserefpolicy/man/man8/rsync_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/rsync_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/rsync_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -36,13 +36,7 @@
.SH BOOLEANS
@@ -113,9 +113,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.5.9/man/man8/samba_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.5.10/man/man8/samba_selinux.8
--- nsaserefpolicy/man/man8/samba_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/samba_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/samba_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -41,17 +41,7 @@
setsebool -P use_samba_home_dirs 1
@@ -135,9 +135,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.5.9/man/man8/ypbind_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.5.10/man/man8/ypbind_selinux.8
--- nsaserefpolicy/man/man8/ypbind_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ypbind_selinux.8 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/man/man8/ypbind_selinux.8 2007-03-22 15:06:58.000000000 -0400
@@ -11,7 +11,7 @@
.TP
setsebool -P allow_ypbind 1
@@ -147,9 +147,9 @@
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.9/policy/flask/access_vectors
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.10/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.5.9/policy/flask/access_vectors 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/flask/access_vectors 2007-03-22 15:06:58.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -168,9 +168,9 @@
}
class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.9/policy/global_booleans
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.10/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_booleans 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/global_booleans 2007-03-22 15:06:58.000000000 -0400
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -187,9 +187,9 @@
## <desc>
## <p>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.9/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.10/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_tunables 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/global_tunables 2007-03-22 15:06:58.000000000 -0400
@@ -278,6 +278,20 @@
## <desc>
@@ -335,9 +335,9 @@
+## </desc>
+gen_tunable(allow_ipsec_label,true)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.5.9/policy/mls
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.5.10/policy/mls
--- nsaserefpolicy/policy/mls 2007-03-09 13:02:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/mls 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/mls 2007-03-22 15:06:58.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -409,9 +409,9 @@
( t2 == unlabeled_t ));
mlsconstrain association { polmatch }
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.5.9/policy/modules/admin/acct.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.5.10/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/acct.te 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/admin/acct.te 2007-03-22 15:06:58.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -420,16 +420,16 @@
type acct_data_t;
logging_log_file(acct_data_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.5.9/policy/modules/admin/amtu.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.5.10/policy/modules/admin/amtu.fc
--- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.fc 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/admin/amtu.fc 2007-03-22 15:06:58.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.5.9/policy/modules/admin/amtu.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.5.10/policy/modules/admin/amtu.if
--- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.if 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/admin/amtu.if 2007-03-22 15:06:58.000000000 -0400
@@ -0,0 +1,53 @@
+## <summary>
+## abstract Machine Test Utility
@@ -484,9 +484,9 @@
+ role $2 types amtu_t;
+ allow amtu_t $3:chr_file rw_term_perms;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.5.9/policy/modules/admin/amtu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.5.10/policy/modules/admin/amtu.te
--- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.te 2007-03-20 19:03:51.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/admin/amtu.te 2007-03-22 15:06:58.000000000 -0400
@@ -0,0 +1,56 @@
+policy_module(amtu,1.0.23)
+
@@ -544,9 +544,9 @@
+ term_dontaudit_search_ptys(amtu_t)
+');
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.9/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.10/policy/modules/admin/consoletype.te
[...2420 lines suppressed...]
+--- nsaserefpolicy/policy/modules/system/udev.te 2007-03-20 23:38:29.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/udev.te 2007-03-22 15:06:59.000000000 -0400
@@ -89,6 +89,7 @@
dev_manage_all_dev_nodes(udev_t)
dev_rw_generic_files(udev_t)
@@ -5274,7 +5327,7 @@
domain_read_all_domains_state(udev_t)
domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-@@ -167,13 +168,14 @@
+@@ -166,13 +167,14 @@
# for arping used for static IP addresses on PCMCIA ethernet
netutils_domtrans(udev_t)
@@ -5291,18 +5344,18 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.5.9/policy/modules/system/unconfined.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.5.10/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.fc 2007-03-20 19:03:52.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/unconfined.fc 2007-03-22 15:06:59.000000000 -0400
@@ -10,4 +10,5 @@
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/vmware.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.9/policy/modules/system/unconfined.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.10/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-03-20 09:23:14.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.te 2007-03-20 19:03:52.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/unconfined.te 2007-03-22 15:06:59.000000000 -0400
@@ -50,6 +50,8 @@
userdom_unconfined(unconfined_t)
userdom_priveleged_home_dir_manager(unconfined_t)
@@ -5350,9 +5403,9 @@
dbus_stub(unconfined_execmem_t)
init_dbus_chat_script(unconfined_execmem_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.9/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.10/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.if 2007-03-20 19:03:52.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/userdomain.if 2007-03-22 15:06:59.000000000 -0400
@@ -115,6 +115,10 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -5772,9 +5825,9 @@
+
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.5.9/policy/modules/system/userdomain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.5.10/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.te 2007-03-20 19:03:52.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/userdomain.te 2007-03-22 16:20:47.000000000 -0400
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -5820,7 +5873,18 @@
apache_run_helper(sysadm_t,sysadm_r,admin_terminal)
#apache_run_all_scripts(sysadm_t,sysadm_r)
#apache_domtrans_sys_script(sysadm_t)
-@@ -397,6 +409,9 @@
+@@ -339,6 +351,10 @@
+ ')
+
+ optional_policy(`
++ netlabel_run_mgmt(sysadm_t,sysadm_r,admin_terminal)
++ ')
++
++ optional_policy(`
+ netutils_run(sysadm_t,sysadm_r,admin_terminal)
+ netutils_run_ping(sysadm_t,sysadm_r,admin_terminal)
+ netutils_run_traceroute(sysadm_t,sysadm_r,admin_terminal)
+@@ -397,6 +413,9 @@
ifdef(`enable_mls',`
userdom_security_admin_template(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
@@ -5830,7 +5894,7 @@
', `
userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -449,15 +464,15 @@
+@@ -449,15 +468,15 @@
unconfined_alias_domain(sysadm_t)
# User home directory type.
@@ -5855,7 +5919,7 @@
# compatibility for switching from strict
# dominance { role secadm_r { role system_r; }}
-@@ -493,4 +508,9 @@
+@@ -493,4 +512,9 @@
optional_policy(`
samba_per_role_template(user)
')
@@ -5865,9 +5929,16 @@
+ ')
+
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.9/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/xen.te 2007-03-20 19:03:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.10/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2007-03-20 23:38:28.000000000 -0400
++++ serefpolicy-2.5.10/policy/modules/system/xen.te 2007-03-22 15:09:40.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(xen,1.2.1)
++policy_module(xen,1.2.0)
+
+ ########################################
+ #
@@ -166,8 +166,13 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
@@ -5883,7 +5954,7 @@
storage_raw_read_removable_device(xend_t)
term_getattr_all_user_ptys(xend_t)
-@@ -288,6 +293,12 @@
+@@ -285,6 +290,12 @@
files_read_usr_files(xenstored_t)
@@ -5896,7 +5967,7 @@
term_use_generic_ptys(xenstored_t)
term_use_console(xenconsoled_t)
-@@ -321,6 +332,11 @@
+@@ -318,6 +329,11 @@
allow xm_t xen_image_t:dir rw_dir_perms;
allow xm_t xen_image_t:file read_file_perms;
@@ -5908,7 +5979,7 @@
kernel_read_system_state(xm_t)
kernel_read_kernel_sysctls(xm_t)
-@@ -357,3 +373,11 @@
+@@ -354,3 +370,11 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
@@ -5920,9 +5991,9 @@
+fs_read_nfs_files(xend_t)
+fs_getattr_all_fs(xend_t)
+fs_read_dos_files(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.9/policy/support/obj_perm_sets.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.10/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/support/obj_perm_sets.spt 2007-03-20 19:03:52.000000000 -0400
++++ serefpolicy-2.5.10/policy/support/obj_perm_sets.spt 2007-03-22 15:06:59.000000000 -0400
@@ -215,7 +215,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -5932,9 +6003,22 @@
define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
define(`append_file_perms',`{ getattr append lock ioctl }')
define(`write_file_perms',`{ getattr write append lock ioctl }')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.9/Rules.modular
---- nsaserefpolicy/Rules.modular 2006-11-16 17:15:29.000000000 -0500
-+++ serefpolicy-2.5.9/Rules.modular 2007-03-20 19:03:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.10/Rules.modular
+--- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400
++++ serefpolicy-2.5.10/Rules.modular 2007-03-22 15:06:59.000000000 -0400
+@@ -91,10 +91,10 @@
+ #
+ # Create a base module package
+ #
+-$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers
++$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts)
+ @echo "Creating $(NAME) base module package"
+ @test -d $(builddir) || mkdir -p $(builddir)
+- $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
++ $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts)
+
+ $(base_mod): $(base_conf)
+ @echo "Compiling $(NAME) base module"
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -5961,3 +6045,15 @@
# Clean the sources
#
clean:
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-2.5.10/Rules.monolithic
+--- nsaserefpolicy/Rules.monolithic 2007-03-22 14:30:10.000000000 -0400
++++ serefpolicy-2.5.10/Rules.monolithic 2007-03-22 15:06:59.000000000 -0400
+@@ -50,7 +50,7 @@
+
+ policy: $(polver)
+
+-install: $(loadpath) $(fcpath) $(appfiles)
++install: $(loadpath) $(fcpath) $(ncpath) $(appfiles)
+
+ load: $(tmpdir)/load
+
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.418
retrieving revision 1.419
diff -u -r1.418 -r1.419
--- selinux-policy.spec 22 Mar 2007 10:40:53 -0000 1.418
+++ selinux-policy.spec 23 Mar 2007 14:32:31 -0000 1.419
@@ -12,17 +12,16 @@
%endif
%define POLICYVER 21
%define libsepolver 1.12.26-1
-%define POLICYCOREUTILSVER 2.0.1-2
+%define POLICYCOREUTILSVER 2.0.7-5
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.5.9
-Release: 5%{?dist}
+Version: 2.5.10
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
patch: policy-20070219.patch
-patch1: policy-udev_tbl.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -75,7 +74,7 @@
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
%post devel
-[ -x /usr/bin/sepolgen-ifgen ] && /usr/bin/sepolgen-ifgen > /dev/null
+[ -x /usr/sbin/sepolgen-ifgen ] && /usr/sbin/sepolgen-ifgen > /dev/null
%define setupCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \
@@ -172,7 +171,6 @@
%prep
%setup -q -n serefpolicy-%{version}
%patch -p1
-%patch1 -p1
%install
# Build targeted policy
@@ -358,6 +356,12 @@
%endif
%changelog
+* Thu Mar 22 2007 Dan Walsh <dwalsh at redhat.com> 2.5.10-1
+- Update to upstream
+
+* Thu Mar 22 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-6
+- Allow mdadm to access generic scsi devices
+
* Wed Mar 21 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-5
- Fix labeling on udev.tbl dirs
More information about the fedora-cvs-commits
mailing list