rpms/selinux-policy/F-7 policy-20070501.patch,1.31,1.32
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jul 3 17:51:18 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23265
Modified Files:
policy-20070501.patch
Log Message:
* Wed Jun 27 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-25
- Rebuild
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- policy-20070501.patch 2 Jul 2007 20:32:03 -0000 1.31
+++ policy-20070501.patch 3 Jul 2007 17:51:11 -0000 1.32
@@ -2196,7 +2196,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-07-03 12:59:42.000000000 -0400
@@ -333,6 +333,24 @@
########################################
@@ -6563,7 +6563,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-06-19 09:03:00.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-07-03 11:03:57.000000000 -0400
@@ -28,6 +28,35 @@
## </desc>
gen_tunable(samba_share_nfs,false)
@@ -6785,7 +6785,7 @@
libs_use_ld_so(swat_t)
libs_use_shared_libs(swat_t)
-@@ -625,6 +695,8 @@
+@@ -625,19 +695,25 @@
# Winbind local policy
#
@@ -6794,7 +6794,9 @@
dontaudit winbind_t self:capability sys_tty_config;
allow winbind_t self:process signal_perms;
allow winbind_t self:fifo_file { read write };
-@@ -634,10 +706,15 @@
+ allow winbind_t self:unix_dgram_socket create_socket_perms;
+ allow winbind_t self:unix_stream_socket create_stream_socket_perms;
+-allow winbind_t self:netlink_route_socket r_netlink_socket_perms;
allow winbind_t self:tcp_socket create_stream_socket_perms;
allow winbind_t self:udp_socket create_socket_perms;
@@ -6810,7 +6812,7 @@
manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t)
filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file)
-@@ -645,6 +722,8 @@
+@@ -645,6 +721,8 @@
manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
@@ -6819,15 +6821,38 @@
manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
-@@ -683,6 +762,7 @@
+@@ -682,7 +760,9 @@
+ fs_getattr_all_fs(winbind_t)
fs_search_auto_mountpoints(winbind_t)
++auth_use_nsswitch(winbind_t)
auth_domtrans_chk_passwd(winbind_t)
+auth_domtrans_upd_passwd(winbind_t)
domain_use_interactive_fds(winbind_t)
-@@ -736,6 +816,7 @@
+@@ -695,9 +775,6 @@
+
+ miscfiles_read_localization(winbind_t)
+
+-sysnet_read_config(winbind_t)
+-sysnet_dns_name_resolve(winbind_t)
+-
+ userdom_dontaudit_use_unpriv_user_fds(winbind_t)
+ userdom_dontaudit_search_sysadm_home_dirs(winbind_t)
+ userdom_priveleged_home_dir_manager(winbind_t)
+@@ -713,10 +790,6 @@
+ ')
+
+ optional_policy(`
+- nscd_socket_use(winbind_t)
+-')
+-
+-optional_policy(`
+ seutil_sigchld_newrole(winbind_t)
+ ')
+
+@@ -736,6 +809,7 @@
read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
@@ -6835,7 +6860,7 @@
allow winbind_helper_t samba_var_t:dir search;
stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -764,3 +845,23 @@
+@@ -764,3 +838,23 @@
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
')
More information about the fedora-extras-commits
mailing list