rpms/selinux-policy/devel policy-20070703.patch,1.86,1.87

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Fri Oct 12 11:00:43 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18251

Modified Files:
	policy-20070703.patch 
Log Message:
* Wed Oct 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-21
- Make alsa work


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- policy-20070703.patch	11 Oct 2007 18:57:00 -0000	1.86
+++ policy-20070703.patch	12 Oct 2007 11:00:35 -0000	1.87
@@ -2231,25 +2231,34 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.0.8/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2007-07-25 10:37:37.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/java.te	2007-10-11 09:15:19.000000000 -0400
-@@ -23,11 +23,16 @@
++++ serefpolicy-3.0.8/policy/modules/apps/java.te	2007-10-11 15:13:23.000000000 -0400
+@@ -23,11 +23,23 @@
  #
  
  # execheap is needed for itanium/BEA jrocket
 -allow java_t self:process { execstack execmem execheap };
 +allow java_t self:process { getsched sigkill execheap execmem execstack };
  
- init_dbus_chat_script(java_t)
-+hal_dbus_chat(java_t)
+-init_dbus_chat_script(java_t)
++optional_policy(`
++	init_dbus_chat_script(java_t)
++	optional_policy(`
++		hal_dbus_chat(java_t)
++	')
++
++	optional_policy(`
++		unconfined_dbus_chat(java_t)
++	')
++')
  
  optional_policy(`
  	unconfined_domain_noaudit(java_t)
- 	unconfined_dbus_chat(java_t)
- ')
+-	unconfined_dbus_chat(java_t)
++')
 +
 +optional_policy(`
-+	xserver_xdm_rw_shm(java_t)
-+')
++		xserver_xdm_rw_shm(java_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.8/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-05-29 14:10:48.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/apps/mono.if	2007-10-04 13:08:55.000000000 -0400
@@ -6099,7 +6108,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-10-10 15:18:23.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if	2007-10-12 06:48:45.000000000 -0400
 @@ -50,6 +50,12 @@
  ## </param>
  #
@@ -6257,7 +6266,7 @@
 +#
 +interface(`dbus_system_domain',`
 +	gen_require(`
-+		type system_dbus_t;
++		type system_dbusd_t;
 +		role system_r;
 +	')
 +
@@ -6266,7 +6275,7 @@
 +
 +	role system_r types $1;
 +
-+	domtrans_pattern(initrc_t,$2,$1)
++	domtrans_pattern(system_dbusd_t,$2,$1)
 +
 +')
 +
@@ -15126,7 +15135,7 @@
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-10-10 16:01:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-10-11 16:34:44.000000000 -0400
 @@ -29,8 +29,9 @@
  	')
  
@@ -16029,19 +16038,21 @@
  
  	kernel_read_software_raid_state($1_t)
  	kernel_getattr_core_if($1_t)
-@@ -1642,9 +1733,11 @@
+@@ -1642,9 +1733,13 @@
  template(`userdom_user_home_content',`
  	gen_require(`
  		attribute $1_file_type;
 +		attribute user_home_type;
++		attribute home_type;
  	')
  
  	typeattribute $2 $1_file_type;
 +	typeattribute $2 user_home_type;
++	typeattribute $2 home_type;
  	files_type($2)
  ')
  
-@@ -1894,10 +1987,46 @@
+@@ -1894,10 +1989,46 @@
  template(`userdom_manage_user_home_content_dirs',`
  	gen_require(`
  		type $1_home_dir_t, $1_home_t;
@@ -16089,7 +16100,7 @@
  ')
  
  ########################################
-@@ -3078,7 +3207,7 @@
+@@ -3078,7 +3209,7 @@
  #
  template(`userdom_tmp_filetrans_user_tmp',`
  	gen_require(`
@@ -16098,10 +16109,16 @@
  	')
  
  	files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4615,6 +4744,24 @@
- 	files_list_home($1)
- 	allow $1 home_dir_type:dir search_dir_perms;
- ')
+@@ -4609,11 +4740,29 @@
+ #
+ interface(`userdom_search_all_users_home_dirs',`
+ 	gen_require(`
++		attribute user_home_dir_type;
++	')
++
++	files_list_home($1)
++	allow $1 user_home_dir_type:dir search_dir_perms;
++')
 +########################################
 +## <summary>
 +##	Read all users home directories symlinks.
@@ -16114,16 +16131,16 @@
 +#
 +interface(`userdom_read_all_users_home_dirs_symlinks',`
 +	gen_require(`
-+		attribute home_dir_type;
-+	')
-+
-+	files_list_home($1)
+ 		attribute home_dir_type;
+ 	')
+ 
+ 	files_list_home($1)
+-	allow $1 home_dir_type:dir search_dir_perms;
 +	allow $1 home_dir_type:lnk_file read_lnk_file_perms;
-+')
+ ')
  
  ########################################
- ## <summary>
-@@ -4633,6 +4780,14 @@
+@@ -4633,6 +4782,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -16138,7 +16155,7 @@
  ')
  
  ########################################
-@@ -5323,7 +5478,7 @@
+@@ -5323,7 +5480,7 @@
  		attribute user_tmpfile;
  	')
  
@@ -16147,7 +16164,7 @@
  ')
  
  ########################################
-@@ -5559,3 +5714,380 @@
+@@ -5559,3 +5716,380 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')

More information about the fedora-extras-commits mailing list