rpms/selinux-policy/F-7 policy-20070501.patch, 1.50, 1.51 selinux-policy.spec, 1.490, 1.491

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Wed Aug 22 14:14:57 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25430

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Tue Aug 21 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-40
- Allow modutil sys_nice
- Allow automount to run smbclient


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- policy-20070501.patch	20 Aug 2007 22:22:36 -0000	1.50
+++ policy-20070501.patch	22 Aug 2007 14:14:52 -0000	1.51
@@ -3080,7 +3080,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.te	2007-08-20 15:05:12.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.te	2007-08-20 18:21:53.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(apache,1.6.0)
@@ -3657,7 +3657,7 @@
  fs_getattr_all_fs(entropyd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.6.4/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/automount.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/automount.te	2007-08-21 13:38:42.000000000 -0400
 @@ -69,6 +69,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -3674,6 +3674,18 @@
  dev_read_urand(automount_t)
  
  domain_use_interactive_fds(automount_t)
+@@ -178,6 +180,11 @@
+ ')
+ 
+ optional_policy(`
++	samba_read_config(automount_t)
++	samba_read_var_files(automount_t)
++')
++
++optional_policy(`
+ 	seutil_sigchld_newrole(automount_t)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.6.4/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2007-05-07 14:50:57.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/avahi.te	2007-08-07 09:42:35.000000000 -0400
@@ -5514,8 +5526,24 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.6.4/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.if	2007-08-07 09:42:35.000000000 -0400
-@@ -394,6 +394,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/mta.if	2007-08-22 09:45:09.000000000 -0400
+@@ -226,6 +226,15 @@
+ 	tunable_policy(`use_samba_home_dirs',`
+ 		fs_manage_cifs_files($1_mail_t)
+ 		fs_manage_cifs_symlinks($1_mail_t)
++		fs_manage_cifs_files(mailserver_delivery)
++		fs_manage_cifs_symlinks(mailserver_delivery)
++	')
++
++	tunable_policy(`use_nfs_home_dirs',`
++		fs_manage_nfs_files($1_mail_t)
++		fs_manage_nfs_symlinks($1_mail_t)
++		fs_manage_nfs_files(mailserver_delivery)
++		fs_manage_nfs_symlinks(mailserver_delivery)
+ 	')
+ 
+ 	optional_policy(`
+@@ -394,6 +403,7 @@
  	allow $1 mail_spool_t:dir list_dir_perms;
  	create_files_pattern($1,mail_spool_t,mail_spool_t)
  	read_files_pattern($1,mail_spool_t,mail_spool_t)
@@ -5523,7 +5551,7 @@
  	create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
  	read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
  
-@@ -847,6 +848,25 @@
+@@ -847,6 +857,25 @@
  	manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t)
  ')
  
@@ -8183,8 +8211,16 @@
  	# Relabel and access ptys created by sshd
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.6.4/policy/modules/services/tftp.te
 --- nsaserefpolicy/policy/modules/services/tftp.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/tftp.te	2007-08-07 09:42:35.000000000 -0400
-@@ -69,6 +69,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/tftp.te	2007-08-22 08:28:44.000000000 -0400
+@@ -26,6 +26,7 @@
+ allow tftpd_t self:udp_socket create_socket_perms;
+ allow tftpd_t self:unix_dgram_socket create_socket_perms;
+ allow tftpd_t self:unix_stream_socket create_stream_socket_perms;
++allow tftpd_t self:netlink_route_socket r_netlink_socket_perms;
+ dontaudit tftpd_t self:capability sys_tty_config;
+ 
+ allow tftpd_t tftpdir_t:dir { getattr read search };
+@@ -69,6 +70,7 @@
  logging_send_syslog_msg(tftpd_t)
  
  miscfiles_read_localization(tftpd_t)
@@ -8192,7 +8228,7 @@
  
  sysnet_read_config(tftpd_t)
  sysnet_use_ldap(tftpd_t)
-@@ -102,3 +103,4 @@
+@@ -102,3 +104,4 @@
  optional_policy(`
          udev_read_db(tftpd_t)
  ')
@@ -9956,13 +9992,13 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.6.4/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/modutils.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/modutils.te	2007-08-21 09:08:39.000000000 -0400
 @@ -43,7 +43,7 @@
  # insmod local policy
  #
  
 -allow insmod_t self:capability { dac_override net_raw sys_tty_config };
-+allow insmod_t self:capability { dac_override mknod net_raw sys_tty_config };
++allow insmod_t self:capability { dac_override mknod net_raw sys_nice sys_tty_config };
  allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
  
  allow insmod_t self:udp_socket create_socket_perms; 
@@ -10503,7 +10539,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.6.4/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te	2007-08-22 08:36:58.000000000 -0400
 @@ -164,6 +164,10 @@
  	dbus_connect_system_bus(dhcpc_t)
  	dbus_send_system_bus(dhcpc_t)
@@ -10531,6 +10567,14 @@
  ')
  
  optional_policy(`
+@@ -259,6 +265,7 @@
+ allow ifconfig_t self:sem create_sem_perms;
+ allow ifconfig_t self:msgq create_msgq_perms;
+ allow ifconfig_t self:msg { send receive };
++allow ifconfig_t net_conf_t:file r_file_perms;
+ 
+ # Create UDP sockets, necessary when called from dhcpc
+ allow ifconfig_t self:udp_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/udev.te	2007-08-07 09:42:35.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.490
retrieving revision 1.491
diff -u -r1.490 -r1.491
--- selinux-policy.spec	20 Aug 2007 22:22:36 -0000	1.490
+++ selinux-policy.spec	22 Aug 2007 14:14:52 -0000	1.491
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 39%{?dist}
+Release: 40%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,10 @@
 %endif
 
 %changelog
+* Tue Aug 21 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-40
+- Allow modutil sys_nice
+- Allow automount to run smbclient
+
 * Mon Aug 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-39
 - Allow rpcd to write to sysctl_fs_t

More information about the fedora-extras-commits mailing list