rpms/selinux-policy/F-7 policy-20070501.patch, 1.59, 1.60 selinux-policy.spec, 1.494, 1.495

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Sat Sep 22 12:18:03 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8094

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Sat Sep 22 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-44
- Fix /dev/input/uinput 


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- policy-20070501.patch	21 Sep 2007 20:22:15 -0000	1.59
+++ policy-20070501.patch	22 Sep 2007 12:17:31 -0000	1.60
@@ -1881,7 +1881,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-09-21 14:29:34.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-09-22 08:12:51.000000000 -0400
 @@ -19,6 +19,8 @@
  /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
  /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -1921,14 +1921,59 @@
  /dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
  /dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/input/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
-+/dev/input/uimput	-c	gen_context(system_u:object_r:scanner_device_t,s0)
++/dev/input/uinput	-c	gen_context(system_u:object_r:event_device_t,s0)
  
  /dev/mapper/control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if	2007-08-07 09:42:35.000000000 -0400
-@@ -2729,6 +2729,24 @@
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if	2007-09-22 08:13:07.000000000 -0400
+@@ -1306,6 +1306,44 @@
+ 
+ ########################################
+ ## <summary>
++##	Get the attributes of the event devices.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_getattr_event_dev',`
++	gen_require(`
++		type device_t, event_device_t;
++	')
++
++	allow $1 device_t:dir r_dir_perms;
++	allow $1 event_device_t:chr_file getattr;
++')
++
++########################################
++## <summary>
++##	Set the attributes of the event devices.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dev_setattr_event_dev',`
++	gen_require(`
++		type device_t, event_device_t;
++	')
++
++	allow $1 device_t:dir r_dir_perms;
++	allow $1 event_device_t:chr_file setattr;
++')
++
++########################################
++## <summary>
+ ##	Read input event devices (/dev/input).
+ ## </summary>
+ ## <param name="domain">
+@@ -2729,6 +2767,24 @@
  
  ########################################
  ## <summary>
@@ -1953,7 +1998,7 @@
  ##	Do not audit attempts to get the attributes
  ##	of a directory in the usb filesystem.
  ## </summary>
-@@ -3210,3 +3228,78 @@
+@@ -3210,3 +3266,78 @@
  
  	typeattribute $1 devices_unconfined_type;
  ')
@@ -10396,7 +10441,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.6.4/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.te	2007-09-05 12:06:43.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.te	2007-09-22 08:13:37.000000000 -0400
 @@ -9,6 +9,13 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -10411,7 +10456,15 @@
  
  type chkpwd_exec_t;
  corecmd_executable_file(chkpwd_exec_t)
-@@ -161,6 +168,8 @@
+@@ -155,12 +162,16 @@
+ dev_setattr_framebuffer_dev(pam_console_t)
+ dev_getattr_generic_usb_dev(pam_console_t)
+ dev_setattr_generic_usb_dev(pam_console_t)
++dev_getattr_event_dev(pam_console_t)
++dev_setattr_event_dev(pam_console_t)
+ dev_getattr_misc_dev(pam_console_t)
+ dev_setattr_misc_dev(pam_console_t)
+ dev_getattr_mouse_dev(pam_console_t)
  dev_setattr_mouse_dev(pam_console_t)
  dev_getattr_power_mgmt_dev(pam_console_t)
  dev_setattr_power_mgmt_dev(pam_console_t)
@@ -10420,7 +10473,7 @@
  dev_getattr_scanner_dev(pam_console_t)
  dev_setattr_scanner_dev(pam_console_t)
  dev_getattr_sound_dev(pam_console_t)
-@@ -202,6 +211,7 @@
+@@ -202,6 +213,7 @@
  
  fs_list_auto_mountpoints(pam_console_t)
  fs_list_noxattr_fs(pam_console_t)
@@ -10428,7 +10481,7 @@
  
  init_use_fds(pam_console_t)
  init_use_script_ptys(pam_console_t)
-@@ -244,7 +254,7 @@
+@@ -244,7 +256,7 @@
  
  optional_policy(`
  	xserver_read_xdm_pid(pam_console_t)
@@ -10437,7 +10490,7 @@
  ')
  
  ########################################
-@@ -252,15 +262,14 @@
+@@ -252,15 +264,14 @@
  # System check password local policy
  #
  
@@ -10455,7 +10508,7 @@
  userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
  userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
  userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
-@@ -302,6 +311,36 @@
+@@ -302,6 +313,36 @@
  ')
  
  optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.494
retrieving revision 1.495
diff -u -r1.494 -r1.495
--- selinux-policy.spec	21 Sep 2007 20:22:15 -0000	1.494
+++ selinux-policy.spec	22 Sep 2007 12:17:31 -0000	1.495
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@
 %endif
 
 %changelog
+* Sat Sep 22 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-44
+- Fix /dev/input/uinput 
+
 * Thu Sep 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-43
 - Make /dev/fuse a fuse_device_t

More information about the fedora-extras-commits mailing list