rpms/selinux-policy/F-8 policy-20070703.patch,1.140,1.141

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Nov 19 22:05:06 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18762

Modified Files:
	policy-20070703.patch 
Log Message:
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- policy-20070703.patch	19 Nov 2007 21:39:18 -0000	1.140
+++ policy-20070703.patch	19 Nov 2007 22:05:03 -0000	1.141
@@ -838,7 +838,7 @@
 +selinux(8), ypbind(8), chcon(1), setsebool(8)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.0.8/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/flask/access_vectors	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/flask/access_vectors	2007-11-19 16:57:52.000000000 -0500
 @@ -639,6 +639,8 @@
  	send
  	recv
@@ -10198,17 +10198,26 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.0.8/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/nscd.if	2007-11-19 16:32:18.000000000 -0500
-@@ -77,7 +77,7 @@
++++ serefpolicy-3.0.8/policy/modules/services/nscd.if	2007-11-19 17:03:29.000000000 -0500
+@@ -70,14 +70,15 @@
+ interface(`nscd_socket_use',`
+ 	gen_require(`
+ 		type nscd_t, nscd_var_run_t;
+-		class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
++		class nscd { getserv getpwd getgrp gethost shmempwd shmemgrp shmemhost shmemserv };
+ 	')
+ 
+ 	allow $1 self:unix_stream_socket create_socket_perms;
  
  	allow $1 nscd_t:nscd { getpwd getgrp gethost };
  	dontaudit $1 nscd_t:fd use;
 -	dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
-+	dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv };
++	dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv};
++	
  
  	files_search_pids($1)
  	stream_connect_pattern($1,nscd_var_run_t,nscd_var_run_t,nscd_t)
-@@ -204,3 +204,22 @@
+@@ -204,3 +205,22 @@
  	role $2 types nscd_t;
  	dontaudit nscd_t $3:chr_file rw_term_perms;
  ')
@@ -18355,7 +18364,7 @@
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-19 15:21:25.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-19 16:54:02.000000000 -0500
 @@ -29,8 +29,9 @@
  	')
  
@@ -20445,7 +20454,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.0.8/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2007-10-22 13:21:43.000000000 -0400
-+++ serefpolicy-3.0.8/policy/support/obj_perm_sets.spt	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/support/obj_perm_sets.spt	2007-11-19 16:59:48.000000000 -0500
 @@ -216,7 +216,7 @@
  define(`getattr_file_perms',`{ getattr }')
  define(`setattr_file_perms',`{ setattr }')
@@ -20463,7 +20472,7 @@
 +define(`all_capabilities', `{ chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control }
 +')
 +
-+define(`all_nscd_perms', `{ getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost } ')
++define(`all_nscd_perms', `{ getserv getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost shmemserv } ')
 +define(`all_dbus_perms', `{ acquire_svc send_msg } ')
 +define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')

More information about the fedora-extras-commits mailing list