rpms/selinux-policy/F-8 policy-20070703.patch,1.201,1.202
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Apr 17 15:28:02 UTC 2008
- Previous message (by thread): rpms/kdelibs4/F-8 kdelibs-4.0.2-policykit-workaround.patch, NONE, 1.1 kdelibs-4.0.3-fedora-buildtype.patch, NONE, 1.1 kdelibs-4.0.3-kconfig_sync_crash.patch, NONE, 1.1 kdelibs-4.0.3-klauncher-crash.patch, NONE, 1.1 kdelibs-4.0.3-libexecdir.patch, NONE, 1.1 kdelibs-4.x-xdg-menu.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 kdelibs4.spec, 1.13, 1.14 sources, 1.8, 1.9 kdelibs-4.0.x-kio.patch, 1.1, NONE
- Next message (by thread): rpms/anaconda/devel revert-discinfo-check.patch, NONE, 1.1 anaconda.spec, 1.671, 1.672 sources, 1.662, 1.663
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28117
Modified Files:
policy-20070703.patch
Log Message:
* Tue Apr 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-100
- Dontaudit validating context when using kerberos libraries
- Allow postfix_virtual write access to postfix_private sockets
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -r1.201 -r1.202
--- policy-20070703.patch 15 Apr 2008 20:26:28 -0000 1.201
+++ policy-20070703.patch 17 Apr 2008 15:27:53 -0000 1.202
@@ -1788,6 +1788,17 @@
samba_read_log(logwatch_t)
+ samba_read_share_files(logwatch_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.0.8/policy/modules/admin/mrtg.te
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2007-10-22 13:21:42.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/mrtg.te 2008-04-17 11:16:21.000000000 -0400
+@@ -78,6 +78,7 @@
+ dev_read_urand(mrtg_t)
+
+ domain_use_interactive_fds(mrtg_t)
++domain_dontaudit_search_all_domains_state(mrtg_t)
+
+ files_read_usr_files(mrtg_t)
+ files_search_var(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.0.8/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-10-22 13:21:42.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/admin/netutils.te 2008-04-04 16:11:03.000000000 -0400
@@ -20120,8 +20131,8 @@
# Sulogin local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.0.8/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/logging.fc 2008-04-04 16:11:03.000000000 -0400
-@@ -1,12 +1,16 @@
++++ serefpolicy-3.0.8/policy/modules/system/logging.fc 2008-04-17 11:18:18.000000000 -0400
+@@ -1,12 +1,17 @@
-
/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
@@ -20130,6 +20141,7 @@
/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
+/sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
++/sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0)
/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)
/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
@@ -20139,7 +20151,7 @@
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
-@@ -26,12 +30,22 @@
+@@ -26,12 +31,22 @@
/var/log -d gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
/var/log/.* gen_context(system_u:object_r:var_log_t,s0)
@@ -20162,7 +20174,7 @@
/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
-@@ -43,3 +57,10 @@
+@@ -43,3 +58,10 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
/var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
@@ -20595,7 +20607,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.0.8/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/logging.te 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/logging.te 2008-04-17 11:18:03.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(logging,1.7.3)
@@ -20623,7 +20635,7 @@
type syslogd_var_run_t;
files_pid_file(syslogd_var_run_t)
-@@ -55,23 +61,37 @@
+@@ -55,23 +61,42 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -20644,6 +20656,11 @@
+type audisp_var_run_t;
+files_pid_file(audisp_var_run_t)
+
++type audisp_remote_t;
++type audisp_remote_exec_t;
++domain_type(audisp_remote_t)
++domain_entry_file(audisp_remote_t, audisp_remote_exec_t)
++
########################################
#
-# Auditd local policy
@@ -20664,7 +20681,7 @@
files_read_etc_files(auditctl_t)
kernel_read_kernel_sysctls(auditctl_t)
-@@ -91,6 +111,7 @@
+@@ -91,6 +116,7 @@
locallogin_dontaudit_use_fds(auditctl_t)
@@ -20672,7 +20689,7 @@
logging_send_syslog_msg(auditctl_t)
########################################
-@@ -98,16 +119,15 @@
+@@ -98,16 +124,15 @@
# Auditd local policy
#
@@ -20691,7 +20708,7 @@
manage_files_pattern(auditd_t,auditd_log_t,auditd_log_t)
manage_lnk_files_pattern(auditd_t,auditd_log_t,auditd_log_t)
-@@ -141,6 +161,7 @@
+@@ -141,6 +166,7 @@
init_telinit(auditd_t)
@@ -20699,7 +20716,7 @@
logging_send_syslog_msg(auditd_t)
libs_use_ld_so(auditd_t)
-@@ -153,9 +174,21 @@
+@@ -153,9 +179,21 @@
seutil_dontaudit_read_config(auditd_t)
@@ -20721,7 +20738,7 @@
optional_policy(`
seutil_sigchld_newrole(auditd_t)
')
-@@ -194,6 +227,7 @@
+@@ -194,6 +232,7 @@
fs_getattr_all_fs(klogd_t)
fs_search_auto_mountpoints(klogd_t)
@@ -20729,7 +20746,7 @@
domain_use_interactive_fds(klogd_t)
-@@ -212,6 +246,12 @@
+@@ -212,6 +251,12 @@
userdom_dontaudit_search_sysadm_home_dirs(klogd_t)
@@ -20742,7 +20759,7 @@
optional_policy(`
udev_read_db(klogd_t)
')
-@@ -241,12 +281,16 @@
+@@ -241,12 +286,16 @@
allow syslogd_t self:udp_socket create_socket_perms;
allow syslogd_t self:tcp_socket create_stream_socket_perms;
@@ -20759,7 +20776,7 @@
# Allow access for syslog-ng
allow syslogd_t var_log_t:dir { create setattr };
-@@ -255,6 +299,9 @@
+@@ -255,6 +304,9 @@
manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
files_tmp_filetrans(syslogd_t,syslogd_tmp_t,{ dir file })
@@ -20769,7 +20786,7 @@
allow syslogd_t syslogd_var_run_t:file manage_file_perms;
files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
-@@ -300,6 +347,7 @@
+@@ -300,6 +352,7 @@
# Allow users to define additional syslog ports to connect to
corenet_tcp_bind_syslogd_port(syslogd_t)
corenet_tcp_connect_syslogd_port(syslogd_t)
@@ -20777,7 +20794,7 @@
# syslog-ng can send or receive logs
corenet_sendrecv_syslogd_client_packets(syslogd_t)
-@@ -312,6 +360,8 @@
+@@ -312,6 +365,8 @@
domain_use_interactive_fds(syslogd_t)
files_read_etc_files(syslogd_t)
@@ -20786,7 +20803,7 @@
files_read_etc_runtime_files(syslogd_t)
# /initrd is not umounted before minilog starts
files_dontaudit_search_isid_type_dirs(syslogd_t)
-@@ -341,6 +391,12 @@
+@@ -341,6 +396,12 @@
files_var_lib_filetrans(syslogd_t,devlog_t,sock_file)
')
@@ -20799,7 +20816,7 @@
optional_policy(`
inn_manage_log(syslogd_t)
')
-@@ -365,3 +421,40 @@
+@@ -365,3 +426,69 @@
# log to the xconsole
xserver_rw_console(syslogd_t)
')
@@ -20815,6 +20832,7 @@
+## internal communication is often done using fifo and unix sockets.
+allow audisp_t self:fifo_file rw_file_perms;
+allow audisp_t self:unix_stream_socket create_stream_socket_perms;
++allow audisp_t self:unix_dgram_socket create_socket_perms;
+allow audisp_t auditd_t:unix_stream_socket rw_file_perms;
+
+manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
@@ -20830,7 +20848,8 @@
+miscfiles_read_localization(audisp_t)
+
+corecmd_search_bin(audisp_t)
-+allow audisp_t self:unix_dgram_socket create_socket_perms;
++
++sysnet_dns_name_resolve(audisp_t)
+
+logging_domtrans_audisp(auditd_t)
+logging_audisp_signal(auditd_t)
@@ -20840,6 +20859,33 @@
+#')
+
+#logging_audisp_system_domain(zos_remote_t, zos_remote_exec_t)
++
++########################################
++#
++# audisp_remote local policy
++#
++
++logging_audisp_system_domain(audisp_remote_t, audisp_remote_exec_t)
++
++allow audisp_remote_t self:tcp_socket create_socket_perms;
++
++corenet_all_recvfrom_unlabeled(audisp_remote_t)
++corenet_all_recvfrom_netlabel(audisp_remote_t)
++corenet_tcp_sendrecv_all_if(audisp_remote_t)
++corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
++corenet_tcp_connect_audit_port(audisp_remote_t)
++
++files_read_etc_files(audisp_remote_t)
++
++libs_use_ld_so(audisp_remote_t)
++libs_use_shared_libs(audisp_remote_t)
++
++logging_send_syslog_msg(audisp_remote_t)
++logging_audisp_system_domain(audisp_remote_t, audisp_remote_exec_t)
++
++miscfiles_read_localization(audisp_remote_t)
++
++sysnet_dns_name_resolve(audisp_remote_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.0.8/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/lvm.fc 2008-04-04 16:11:03.000000000 -0400
- Previous message (by thread): rpms/kdelibs4/F-8 kdelibs-4.0.2-policykit-workaround.patch, NONE, 1.1 kdelibs-4.0.3-fedora-buildtype.patch, NONE, 1.1 kdelibs-4.0.3-kconfig_sync_crash.patch, NONE, 1.1 kdelibs-4.0.3-klauncher-crash.patch, NONE, 1.1 kdelibs-4.0.3-libexecdir.patch, NONE, 1.1 kdelibs-4.x-xdg-menu.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 kdelibs4.spec, 1.13, 1.14 sources, 1.8, 1.9 kdelibs-4.0.x-kio.patch, 1.1, NONE
- Next message (by thread): rpms/anaconda/devel revert-discinfo-check.patch, NONE, 1.1 anaconda.spec, 1.671, 1.672 sources, 1.662, 1.663
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list