rpms/selinux-policy/devel policy-20071130.patch, 1.9, 1.10 selinux-policy.spec, 1.567, 1.568
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Dec 13 22:42:29 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28533
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu Dec 13 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-1
- Dontaudit dbus user client search of /root
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- policy-20071130.patch 13 Dec 2007 21:40:00 -0000 1.9
+++ policy-20071130.patch 13 Dec 2007 22:42:22 -0000 1.10
@@ -5848,7 +5848,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.4/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/dbus.if 2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/dbus.if 2007-12-13 16:46:07.000000000 -0500
@@ -91,7 +91,7 @@
# SE-DBus specific permissions
allow $1_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
@@ -5868,17 +5868,18 @@
allow $1_dbusd_t $2:process sigkill;
allow $2 $1_dbusd_t:fd use;
allow $2 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-@@ -161,7 +160,8 @@
+@@ -161,7 +160,9 @@
seutil_read_config($1_dbusd_t)
seutil_read_default_contexts($1_dbusd_t)
- userdom_read_user_home_content_files($1, $1_dbusd_t)
++ userdom_dontaudit_search_sysadm_home_dirs($1_dbusd_t)
+ userdom_read_unpriv_users_home_content_files($1_dbusd_t)
+ userdom_dontaudit_append_unpriv_home_content_files($1_dbusd_t)
ifdef(`hide_broken_symptoms', `
dontaudit $2 $1_dbusd_t:netlink_selinux_socket { read write };
-@@ -214,7 +214,7 @@
+@@ -214,7 +215,7 @@
# SE-DBus specific permissions
# allow $1_dbusd_system_t { system_dbusd_t self }:dbus send_msg;
@@ -5887,7 +5888,7 @@
read_files_pattern($2, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
files_search_var_lib($2)
-@@ -366,3 +366,35 @@
+@@ -366,3 +367,35 @@
allow $1 system_dbusd_t:dbus *;
')
@@ -14010,7 +14011,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.4/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/system/userdomain.if 2007-12-13 13:34:37.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/system/userdomain.if 2007-12-13 16:45:56.000000000 -0500
@@ -29,8 +29,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.567
retrieving revision 1.568
diff -u -r1.567 -r1.568
--- selinux-policy.spec 13 Dec 2007 18:44:18 -0000 1.567
+++ selinux-policy.spec 13 Dec 2007 22:42:22 -0000 1.568
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -316,8 +316,9 @@
exit 0
%files targeted
-%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
%fileList targeted
+%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/unconfined_u
+%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
%endif
%if %{BUILD_OLPC}
@@ -379,6 +380,9 @@
%endif
%changelog
+* Thu Dec 13 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-1
+- Dontaudit dbus user client search of /root
+
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-1
- Update to upstream
More information about the fedora-extras-commits
mailing list