rpms/selinux-policy/F-9 policy-20071130.patch, 1.198, 1.199 selinux-policy.spec, 1.701, 1.702

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Aug 5 21:19:52 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15276

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-84
- Stop confinement of tmpreaper


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- policy-20071130.patch	1 Aug 2008 16:18:41 -0000	1.198
+++ policy-20071130.patch	5 Aug 2008 21:19:21 -0000	1.199
@@ -3102,7 +3102,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-07-31 07:05:47.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-08-05 16:24:41.000000000 -0400
 @@ -26,8 +26,12 @@
  files_read_etc_files(tmpreaper_t)
  files_read_var_lib_files(tmpreaper_t)
@@ -3116,7 +3116,7 @@
  
  mls_file_read_all_levels(tmpreaper_t)
  mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +46,29 @@
+@@ -42,6 +46,34 @@
  
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
@@ -3146,6 +3146,11 @@
  	lpd_manage_spool(tmpreaper_t)
  ')
 +
++optional_policy(`
++	unconfined_domain(tmpreaper_t)
++')
++
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2008-07-15 14:02:51.000000000 -0400
@@ -19095,7 +19100,7 @@
 +/etc/NetworkManager/dispatcher.d(/.*)	gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2008-07-24 08:11:29.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2008-08-04 13:46:06.000000000 -0400
 @@ -97,3 +97,58 @@
  	allow $1 NetworkManager_t:dbus send_msg;
  	allow NetworkManager_t $1:dbus send_msg;
@@ -19153,7 +19158,7 @@
 +	')
 +
 +	files_search_pids($1)
-+	allow $1 NetworkManager_var_run_t:file read_file_perms;
++	read_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:38:02.000000000 -0400
@@ -24072,7 +24077,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te	2008-07-29 15:52:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/samba.te	2008-08-04 14:37:13.000000000 -0400
 @@ -59,6 +59,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs,false)
@@ -24244,7 +24249,23 @@
  
  corecmd_list_bin(smbmount_t)
  
-@@ -546,28 +583,37 @@
+@@ -533,41 +570,50 @@
+ 
+ auth_use_nsswitch(smbmount_t)
+ 
++libs_use_ld_so(smbmount_t)
++libs_use_shared_libs(smbmount_t)
++
+ miscfiles_read_localization(smbmount_t)
+ 
+ mount_use_fds(smbmount_t)
+ 
+-libs_use_ld_so(smbmount_t)
+-libs_use_shared_libs(smbmount_t)
+-
+ locallogin_use_fds(smbmount_t)
+ 
+ logging_search_logs(smbmount_t)
  
  userdom_use_all_users_fds(smbmount_t)
  
@@ -31082,6 +31103,22 @@
  files_pid_filetrans(ipsec_t,ipsec_var_run_t,{ file sock_file })
  
  can_exec(ipsec_t, ipsec_mgmt_exec_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
+--- nsaserefpolicy/policy/modules/system/iptables.if	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if	2008-08-05 09:19:43.000000000 -0400
+@@ -49,6 +49,12 @@
+ 	iptables_domtrans($1)
+ 	role $2 types iptables_t;
+ 	allow iptables_t $3:chr_file rw_term_perms;
++
++	sysnet_run_ifconfig(iptables_t, $2, $3)
++
++	optional_policy(`
++		modutils_run_insmod(iptables_t, $2, $3)
++	')
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2008-07-15 14:02:52.000000000 -0400
@@ -33008,7 +33045,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2008-08-05 09:08:01.000000000 -0400
 @@ -215,8 +215,6 @@
  	seutil_domtrans_newrole($1)
  	role $2 types newrole_t;


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.701
retrieving revision 1.702
diff -u -r1.701 -r1.702
--- selinux-policy.spec	1 Aug 2008 16:18:41 -0000	1.701
+++ selinux-policy.spec	5 Aug 2008 21:19:22 -0000	1.702
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 83%{?dist}
+Release: 84%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
 %endif
 
 %changelog
+* Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-84
+- Stop confinement of tmpreaper
+
 * Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-83
 - Add 9051 to tor ports
 - Add textrel_shlib_t for bad novel library

More information about the fedora-extras-commits mailing list