rpms/selinux-policy/devel modules-targeted.conf, 1.62, 1.63 policy-20070703.patch, 1.3, 1.4 selinux-policy.spec, 1.469, 1.470
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Jul 11 19:45:32 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3372
Modified Files:
modules-targeted.conf policy-20070703.patch
selinux-policy.spec
Log Message:
* Tue Jul 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-4
- Add brctl policy
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- modules-targeted.conf 22 Jun 2007 19:21:00 -0000 1.62
+++ modules-targeted.conf 11 Jul 2007 19:44:56 -0000 1.63
@@ -521,7 +521,7 @@
#
# TCP/IP encryption
#
-ipsec = off
+ipsec = module
# Layer: apps
# Module: irc
@@ -1295,6 +1295,13 @@
#
xen = base
+# Layer: system
+# Module: brctl
+#
+# Utilities for configuring the linux ethernet bridge
+#
+brctl = base
+
# Layer: services
# Module: telnet
#
policy-20070703.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.3 -r 1.4 policy-20070703.patch
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20070703.patch 6 Jul 2007 19:23:20 -0000 1.3
+++ policy-20070703.patch 11 Jul 2007 19:44:56 -0000 1.4
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -8,7 +8,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -21,7 +21,7 @@
+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t:s0 user_r:user_t:s0
+system_r:remote_login_t:s0 user_r:user_t:s0
@@ -32,7 +32,7 @@
+user_r:user_sudo_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type
--- nsaserefpolicy/config/appconfig-targeted-mcs/default_type 2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type 2007-07-11 10:06:28.000000000 -0400
@@ -1 +1,4 @@
system_r:unconfined_t
+sysadm_r:sysadm_t
@@ -40,7 +40,7 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -48,13 +48,13 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context
--- nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context 2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context 2007-07-11 10:06:28.000000000 -0400
@@ -1 +1 @@
-user_u:system_r:initrc_t:s0
+system_u:system_r:initrc_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/root_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/root_default_contexts 2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/root_default_contexts 2007-07-06 15:14:25.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/root_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -1,2 +1,10 @@
-system_r:unconfined_t:s0 system_r:unconfined_t:s0
-system_r:initrc_t:s0 system_r:unconfined_t:s0
@@ -70,14 +70,14 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers
--- nsaserefpolicy/config/appconfig-targeted-mcs/seusers 2007-05-31 15:35:39.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers 2007-07-11 10:06:28.000000000 -0400
@@ -1,2 +1,2 @@
root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+__default__:system_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -90,7 +90,7 @@
+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts 2007-07-11 10:06:28.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
@@ -101,7 +101,7 @@
+user_r:user_sudo_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.0.2/Makefile
--- nsaserefpolicy/Makefile 2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/Makefile 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/Makefile 2007-07-11 10:06:28.000000000 -0400
@@ -158,8 +158,18 @@
headerdir = $(modpkgdir)/include
docsdir = $(prefix)/share/doc/$(PKGNAME)
@@ -133,7 +133,7 @@
CHECKMODULE += -M
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.0.2/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8 2007-07-11 10:06:28.000000000 -0400
@@ -12,7 +12,7 @@
.TP
chcon -R -t public_content_t /var/ftp
@@ -145,7 +145,7 @@
.TP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.0.2/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-06-19 16:23:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/flask/access_vectors 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/flask/access_vectors 2007-07-11 10:06:28.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -155,18 +155,9 @@
}
# Define the access vector interpretation for controlling
-@@ -623,6 +625,8 @@
- send
- recv
- relabelto
-+ flow_in
-+ flow_out
- }
-
- class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.0.2/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/global_tunables 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/global_tunables 2007-07-11 10:06:28.000000000 -0400
@@ -133,3 +133,10 @@
## </desc>
gen_tunable(write_untrusted_content,false)
@@ -180,7 +171,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.0.2/policy/mls
--- nsaserefpolicy/policy/mls 2007-07-03 07:06:36.000000000 -0400
-+++ serefpolicy-3.0.2/policy/mls 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/mls 2007-07-11 10:06:28.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -265,7 +256,7 @@
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.0.2/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/acct.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/acct.te 2007-07-11 10:06:28.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -276,7 +267,7 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.0.2/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc 2007-07-11 10:06:28.000000000 -0400
@@ -1,4 +1,7 @@
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -287,7 +278,7 @@
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.0.2/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.te 2007-07-11 10:06:28.000000000 -0400
@@ -20,20 +20,24 @@
# Local policy
#
@@ -333,7 +324,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.0.2/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te 2007-07-11 10:06:28.000000000 -0400
@@ -37,10 +37,6 @@
userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
@@ -347,7 +338,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.0.2/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te 2007-07-11 10:06:28.000000000 -0400
@@ -182,6 +182,7 @@
optional_policy(`
@@ -358,7 +349,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.0.2/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/consoletype.te 2007-07-03 14:38:10.000000000 -0400
[...2121 lines suppressed...]
-+## </desc>
-+gen_tunable(browser_confine_staff,false)
-+
-+## <desc>
-+## <p>
-+## Allow browser to write staff data
-+## </p>
-+## </desc>
-+gen_tunable(browser_write_staff_data,false)
- userdom_unpriv_user_template(staff)
-+
-+## <desc>
-+## <p>
-+## Confine user web browser
-+## </p>
-+## </desc>
-+gen_tunable(browser_confine_user,false)
-+
-+## <desc>
-+## <p>
-+## Allow browser to write user data
-+## </p>
-+## </desc>
-+gen_tunable(browser_write_user_data,false)
- userdom_unpriv_user_template(user)
-
- # user role change rules:
-@@ -136,13 +181,6 @@
+@@ -136,13 +139,6 @@
userdom_role_change_template(secadm,sysadm)
')
@@ -10241,7 +10343,7 @@
########################################
#
# Sysadm local policy
-@@ -161,6 +199,11 @@
+@@ -161,6 +157,11 @@
init_exec(sysadm_t)
@@ -10253,7 +10355,7 @@
# Following for sending reboot and wall messages
userdom_use_unpriv_users_ptys(sysadm_t)
userdom_use_unpriv_users_ttys(sysadm_t)
-@@ -231,6 +274,10 @@
+@@ -231,6 +232,10 @@
')
optional_policy(`
@@ -10264,7 +10366,7 @@
apache_run_helper(sysadm_t,sysadm_r,admin_terminal)
#apache_run_all_scripts(sysadm_t,sysadm_r)
#apache_domtrans_sys_script(sysadm_t)
-@@ -290,14 +337,6 @@
+@@ -290,14 +295,6 @@
')
optional_policy(`
@@ -10279,7 +10381,7 @@
cron_admin_template(sysadm,sysadm_t,sysadm_r)
')
-@@ -398,6 +437,10 @@
+@@ -398,6 +395,10 @@
')
optional_policy(`
@@ -10290,7 +10392,7 @@
netutils_run(sysadm_t,sysadm_r,admin_terminal)
netutils_run_ping(sysadm_t,sysadm_r,admin_terminal)
netutils_run_traceroute(sysadm_t,sysadm_r,admin_terminal)
-@@ -456,6 +499,9 @@
+@@ -456,6 +457,9 @@
ifdef(`enable_mls',`
userdom_security_admin_template(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
@@ -10300,7 +10402,7 @@
', `
userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -498,3 +544,7 @@
+@@ -498,3 +502,7 @@
optional_policy(`
yam_run(sysadm_t,sysadm_r,admin_terminal)
')
@@ -10310,7 +10412,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.2/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/xen.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/xen.te 2007-07-11 10:06:29.000000000 -0400
@@ -176,6 +176,7 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
@@ -10344,17 +10446,17 @@
+fs_read_nfs_symlinks(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.0.2/policy/modules/users/guest.fc
--- nsaserefpolicy/policy/modules/users/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.fc 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.fc 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+# No guest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.0.2/policy/modules/users/guest.if
--- nsaserefpolicy/policy/modules/users/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.if 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.if 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for guest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.2/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.te 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1,127 @@
+policy_module(guest,1.0.0)
+
@@ -10485,17 +10587,17 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.2/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.fc 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.fc 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.0.2/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.if 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.if 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for logadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.2/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.te 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1,33 @@
+policy_module(logadm,1.0.0)
+
@@ -10532,22 +10634,22 @@
+files_dontaudit_getattr_all_files(logadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.0.2/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/metadata.xml 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/metadata.xml 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+<summary>Policy modules for users</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.0.2/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.fc 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.fc 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+# No webadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.0.2/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.if 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.if 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for webadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.0.2/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.te 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.te 2007-07-11 10:06:29.000000000 -0400
@@ -0,0 +1,70 @@
+policy_module(webadm,1.0.0)
+
@@ -10621,7 +10723,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.0.2/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt 2007-07-11 10:06:29.000000000 -0400
@@ -201,7 +201,7 @@
define(`search_dir_perms',`{ getattr search }')
define(`list_dir_perms',`{ getattr search read lock ioctl }')
@@ -10656,7 +10758,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.0.2/policy/users
--- nsaserefpolicy/policy/users 2007-05-31 15:36:08.000000000 -0400
-+++ serefpolicy-3.0.2/policy/users 2007-07-06 14:48:00.000000000 -0400
++++ serefpolicy-3.0.2/policy/users 2007-07-11 10:06:29.000000000 -0400
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -10687,7 +10789,7 @@
+gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.2/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/Rules.modular 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/Rules.modular 2007-07-11 10:06:29.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -10716,7 +10818,7 @@
clean:
diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.0.2/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/support/Makefile.devel 2007-07-03 14:38:10.000000000 -0400
++++ serefpolicy-3.0.2/support/Makefile.devel 2007-07-11 10:06:29.000000000 -0400
@@ -24,7 +24,7 @@
XMLLINT := $(BINDIR)/xmllint
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.469
retrieving revision 1.470
diff -u -r1.469 -r1.470
--- selinux-policy.spec 6 Jul 2007 19:23:20 -0000 1.469
+++ selinux-policy.spec 11 Jul 2007 19:44:56 -0000 1.470
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.2
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
%endif
%changelog
+* Tue Jul 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-4
+- Add brctl policy
+
* Fri Jul 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-3
- Fix root login to include system_r
More information about the fedora-extras-commits
mailing list