rpms/selinux-policy/F-7 policy-20070501.patch,1.31,1.32

Tue Jul 3 17:51:18 UTC 2007

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23265

Modified Files:
	policy-20070501.patch 
Log Message:
* Wed Jun 27 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-25
- Rebuild


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32

--- policy-20070501.patch	2 Jul 2007 20:32:03 -0000	1.31
+++ policy-20070501.patch	3 Jul 2007 17:51:11 -0000	1.32
@@ -2196,7 +2196,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if	2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if	2007-07-03 12:59:42.000000000 -0400
 @@ -333,6 +333,24 @@
  
  ########################################
@@ -6563,7 +6563,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-06-19 09:03:00.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te	2007-07-03 11:03:57.000000000 -0400
 @@ -28,6 +28,35 @@
  ## </desc>
  gen_tunable(samba_share_nfs,false)
@@ -6785,7 +6785,7 @@
  
  libs_use_ld_so(swat_t)
  libs_use_shared_libs(swat_t)
-@@ -625,6 +695,8 @@
+@@ -625,19 +695,25 @@
  # Winbind local policy
  #
  
@@ -6794,7 +6794,9 @@
  dontaudit winbind_t self:capability sys_tty_config;
  allow winbind_t self:process signal_perms;
  allow winbind_t self:fifo_file { read write };
-@@ -634,10 +706,15 @@
+ allow winbind_t self:unix_dgram_socket create_socket_perms;
+ allow winbind_t self:unix_stream_socket create_stream_socket_perms;
+-allow winbind_t self:netlink_route_socket r_netlink_socket_perms;
  allow winbind_t self:tcp_socket create_stream_socket_perms;
  allow winbind_t self:udp_socket create_socket_perms;
  
@@ -6810,7 +6812,7 @@
  manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t)
  filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file)
  
-@@ -645,6 +722,8 @@
+@@ -645,6 +721,8 @@
  manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
  manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
  
@@ -6819,15 +6821,38 @@
  manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
  manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
  
-@@ -683,6 +762,7 @@
+@@ -682,7 +760,9 @@
+ fs_getattr_all_fs(winbind_t)
  fs_search_auto_mountpoints(winbind_t)
  
++auth_use_nsswitch(winbind_t)
  auth_domtrans_chk_passwd(winbind_t)
 +auth_domtrans_upd_passwd(winbind_t)
  
  domain_use_interactive_fds(winbind_t)
  
-@@ -736,6 +816,7 @@
+@@ -695,9 +775,6 @@
+ 
+ miscfiles_read_localization(winbind_t)
+ 
+-sysnet_read_config(winbind_t)
+-sysnet_dns_name_resolve(winbind_t)
+-
+ userdom_dontaudit_use_unpriv_user_fds(winbind_t)
+ userdom_dontaudit_search_sysadm_home_dirs(winbind_t)
+ userdom_priveleged_home_dir_manager(winbind_t)
+@@ -713,10 +790,6 @@
+ ')
+ 
+ optional_policy(`
+-	nscd_socket_use(winbind_t)
+-')
+-
+-optional_policy(`
+ 	seutil_sigchld_newrole(winbind_t)
+ ')
+ 
+@@ -736,6 +809,7 @@
  read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
  read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
  
@@ -6835,7 +6860,7 @@
  allow winbind_helper_t samba_var_t:dir search;
  
  stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -764,3 +845,23 @@
+@@ -764,3 +838,23 @@
  	squid_read_log(winbind_helper_t)
  	squid_append_log(winbind_helper_t)
  ')


