rpms/selinux-policy/F-7 booleans-targeted.conf, 1.27, 1.28 policy-20070501.patch, 1.30, 1.31 selinux-policy.spec, 1.475, 1.476
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jul 2 20:32:44 UTC 2007
- Previous message (by thread): rpms/file-roller/F-7 .cvsignore, 1.53, 1.54 file-roller.spec, 1.92, 1.93 sources, 1.54, 1.55
- Next message (by thread): rpms/selinux-policy/devel policy-20070525.patch, 1.11, 1.12 selinux-policy.spec, 1.465, 1.466
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18766
Modified Files:
booleans-targeted.conf policy-20070501.patch
selinux-policy.spec
Log Message:
* Wed Jun 27 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-25
- Rebuild
Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/booleans-targeted.conf,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- booleans-targeted.conf 7 May 2007 18:07:26 -0000 1.27
+++ booleans-targeted.conf 2 Jul 2007 20:32:03 -0000 1.28
@@ -238,7 +238,10 @@
#
samba_domain_controller = false
-# Allow samba to export user home directories.
+# Allow samba to execute unconfined scripts
#
samba_run_unconfined = true
+# Allow samba to enable homedirs
+#
+openvpn_enable_homedirs=true
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policy-20070501.patch 2 Jul 2007 01:44:18 -0000 1.30
+++ policy-20070501.patch 2 Jul 2007 20:32:03 -0000 1.31
@@ -3803,7 +3803,7 @@
fs_search_auto_mountpoints(hplip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.6.4/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-06-19 09:01:50.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-07-01 21:58:27.000000000 -0400
@@ -16,6 +16,7 @@
type cvs_t;
type cvs_exec_t;
@@ -3820,6 +3820,14 @@
corecmd_exec_bin(cvs_t)
corecmd_exec_shell(cvs_t)
+@@ -80,6 +82,7 @@
+ libs_use_shared_libs(cvs_t)
+
+ logging_send_syslog_msg(cvs_t)
++logging_send_audit_msgs(cvs_t)
+
+ miscfiles_read_localization(cvs_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.6.4/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/cyrus.te 2007-06-18 10:18:55.000000000 -0400
@@ -5101,7 +5109,7 @@
corenet_tcp_connect_all_ports(ypxfr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.6.4/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-07-02 11:36:33.000000000 -0400
@@ -28,14 +28,14 @@
# Local policy
#
@@ -5120,15 +5128,36 @@
allow nscd_t self:tcp_socket create_socket_perms;
allow nscd_t self:udp_socket create_socket_perms;
-@@ -93,6 +93,7 @@
+@@ -72,6 +72,7 @@
+ corenet_udp_sendrecv_all_nodes(nscd_t)
+ corenet_tcp_sendrecv_all_ports(nscd_t)
+ corenet_udp_sendrecv_all_ports(nscd_t)
++corenet_udp_bind_all_nodes(nscd_t)
+ corenet_tcp_connect_all_ports(nscd_t)
+ corenet_sendrecv_all_client_packets(nscd_t)
+ corenet_rw_tun_tap_dev(nscd_t)
+@@ -92,6 +93,7 @@
+ libs_use_ld_so(nscd_t)
libs_use_shared_libs(nscd_t)
++logging_send_audit_msgs(nscd_t)
logging_send_syslog_msg(nscd_t)
-+logging_send_audit_msg(nscd_t)
miscfiles_read_localization(nscd_t)
+@@ -105,12 +107,6 @@
+ userdom_dontaudit_use_unpriv_user_fds(nscd_t)
+ userdom_dontaudit_search_sysadm_home_dirs(nscd_t)
-@@ -119,3 +120,11 @@
+-ifdef(`targeted_policy',`
+- term_use_unallocated_ttys(nscd_t)
+- term_use_generic_ptys(nscd_t)
+- files_dontaudit_read_root_files(nscd_t)
+-')
+-
+ optional_policy(`
+ udev_read_db(nscd_t)
+ ')
+@@ -119,3 +115,13 @@
xen_dontaudit_rw_unix_stream_sockets(nscd_t)
xen_append_log(nscd_t)
')
@@ -5138,6 +5167,8 @@
+ samba_append_log(nscd_t)
+ samba_dontaudit_use_fds(nscd_t)
+ ')
++ samba_read_config(nscd_t)
++ samba_read_var_files(nscd_t)
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.6.4/policy/modules/services/ntp.te
@@ -5387,8 +5418,22 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.6.4/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.te 2007-06-18 10:18:55.000000000 -0400
-@@ -42,8 +42,8 @@
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.te 2007-07-02 12:46:22.000000000 -0400
+@@ -6,6 +6,13 @@
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Allow openvpn to read home directories
++## </p>
++## </desc>
++gen_tunable(openvpn_enable_homedirs,false)
++
+ # main openvpn domain
+ type openvpn_t;
+ type openvpn_exec_t;
+@@ -42,8 +49,8 @@
allow openvpn_t openvpn_var_log_t:file manage_file_perms;
logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
@@ -5399,7 +5444,7 @@
kernel_read_kernel_sysctls(openvpn_t)
kernel_read_net_sysctls(openvpn_t)
-@@ -66,6 +66,7 @@
+@@ -66,6 +73,7 @@
corenet_udp_bind_openvpn_port(openvpn_t)
corenet_sendrecv_openvpn_server_packets(openvpn_t)
corenet_rw_tun_tap_dev(openvpn_t)
@@ -5407,6 +5452,27 @@
dev_search_sysfs(openvpn_t)
dev_read_rand(openvpn_t)
+@@ -80,10 +88,15 @@
+ logging_send_syslog_msg(openvpn_t)
+
+ miscfiles_read_localization(openvpn_t)
++miscfiles_read_certs(openvpn_t)
+
+ sysnet_dns_name_resolve(openvpn_t)
+ sysnet_exec_ifconfig(openvpn_t)
+
++tunable_policy(`openvpn_enable_homedirs',`
++ userdom_read_unpriv_users_home_content_files(openvpn_t)
++')
++
+ ifdef(`targeted_policy',`
+ # Need to interact with terminals if config option "auth-user-pass" is used
+ term_use_generic_ptys(openvpn_t)
+@@ -92,3 +105,4 @@
+ optional_policy(`
+ daemontools_service_domain(openvpn_t,openvpn_exec_t)
+ ')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.6.4/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2007-05-07 14:50:57.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/pcscd.te 2007-06-18 10:18:55.000000000 -0400
@@ -8676,12 +8742,12 @@
files_dontaudit_search_isid_type_dirs(syslogd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.6.4/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-07-02 16:24:54.000000000 -0400
@@ -15,6 +15,7 @@
#
/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0)
/etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0)
-+/etc/lvm/cache(./*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
++/etc/lvm/cache(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.475
retrieving revision 1.476
diff -u -r1.475 -r1.476
--- selinux-policy.spec 2 Jul 2007 01:51:33 -0000 1.475
+++ selinux-policy.spec 2 Jul 2007 20:32:03 -0000 1.476
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 25%{?dist}
+Release: 26%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
- Previous message (by thread): rpms/file-roller/F-7 .cvsignore, 1.53, 1.54 file-roller.spec, 1.92, 1.93 sources, 1.54, 1.55
- Next message (by thread): rpms/selinux-policy/devel policy-20070525.patch, 1.11, 1.12 selinux-policy.spec, 1.465, 1.466
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list