rpms/selinux-policy/F-8 policy-20070703.patch, 1.143, 1.144 selinux-policy.spec, 1.584, 1.585
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Nov 21 23:35:52 UTC 2007
- Previous message (by thread): rpms/qt-qsa/devel qt-qsa.spec,1.3,1.4
- Next message (by thread): rpms/samba/F-7 .cvsignore, 1.44, 1.45 samba.spec, 1.139, 1.140 sources, 1.48, 1.49 samba-3.0.26a-winbindd-padding.patch, 1.1, NONE samba-3.0.27-CVE-2007-4572-regression.patch, 1.1, NONE samba3_idmap_default_domain.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20649
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes. Allows kiosk users to
- copy to usb media
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.143
retrieving revision 1.144
diff -u -r1.143 -r1.144
--- policy-20070703.patch 21 Nov 2007 22:21:19 -0000 1.143
+++ policy-20070703.patch 21 Nov 2007 23:35:44 -0000 1.144
@@ -1801,7 +1801,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.0.8/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/prelink.te 2007-11-12 10:26:38.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/admin/prelink.te 2007-11-21 18:08:32.000000000 -0500
@@ -26,7 +26,7 @@
# Local policy
#
@@ -1830,16 +1830,18 @@
corecmd_manage_all_executables(prelink_t)
corecmd_relabel_all_executables(prelink_t)
-@@ -65,6 +64,8 @@
+@@ -65,6 +64,10 @@
files_read_etc_files(prelink_t)
files_read_etc_runtime_files(prelink_t)
files_dontaudit_read_all_symlinks(prelink_t)
+files_manage_usr_files(prelink_t)
+files_relabelfrom_usr_files(prelink_t)
++files_manage_kernel_modules(prelink_t)
++files_relabel_kernel_modules(prelink_t)
fs_getattr_xattr_fs(prelink_t)
-@@ -81,6 +82,11 @@
+@@ -81,6 +84,11 @@
miscfiles_read_localization(prelink_t)
@@ -1851,7 +1853,7 @@
optional_policy(`
amanda_manage_lib(prelink_t)
')
-@@ -88,3 +94,7 @@
+@@ -88,3 +96,7 @@
optional_policy(`
cron_system_entry(prelink_t, prelink_exec_t)
')
@@ -20498,8 +20500,8 @@
+## <summary>Policy for xguest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.0.8/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2007-11-16 17:11:08.000000000 -0500
-@@ -0,0 +1,45 @@
++++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2007-11-21 18:31:35.000000000 -0500
+@@ -0,0 +1,54 @@
+policy_module(xguest,1.0.1)
+
+## <desc>
@@ -20531,9 +20533,18 @@
+optional_policy(`
+ tunable_policy(`xguest_mount_media',`
+ hal_dbus_chat(xguest_t)
++ init_read_utmp(xguest_t)
++ auth_list_pam_console_data(xguest_t)
++ kernel_read_fs_sysctls(xguest_t)
++ files_dontaudit_getattr_boot_dirs(xguest_t)
++ files_search_mnt(xguest_t)
++ fs_manage_noxattr_fs_files(xguest_t)
++ fs_manage_noxattr_fs_dirs(xguest_t)
++ fs_manage_noxattr_fs_dirs(xguest_t)
++ fs_getattr_noxattr_fs(xguest_t)
++ fs_read_noxattr_fs_symlinks(xguest_t)
+ ')
+')
-+
+optional_policy(`
+ tunable_policy(`xguest_connect_network',`
+ networkmanager_dbus_chat(xguest_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.584
retrieving revision 1.585
diff -u -r1.584 -r1.585
--- selinux-policy.spec 21 Nov 2007 22:21:19 -0000 1.584
+++ selinux-policy.spec 21 Nov 2007 23:35:44 -0000 1.585
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 60%{?dist}
+Release: 61%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,13 +380,15 @@
%endif
%changelog
-* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
-- Allow cupsd to sigkill hplip_t
-- Allow automount to create fifo files
+* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-61
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes. Allows kiosk users to
- copy to usb media
+* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
+- Allow cupsd to sigkill hplip_t
+- Allow automount to create fifo files
+
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Previous message (by thread): rpms/qt-qsa/devel qt-qsa.spec,1.3,1.4
- Next message (by thread): rpms/samba/F-7 .cvsignore, 1.44, 1.45 samba.spec, 1.139, 1.140 sources, 1.48, 1.49 samba-3.0.26a-winbindd-padding.patch, 1.1, NONE samba-3.0.27-CVE-2007-4572-regression.patch, 1.1, NONE samba3_idmap_default_domain.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list