rpms/selinux-policy/F-9 policy-20071130.patch, 1.198, 1.199 selinux-policy.spec, 1.701, 1.702
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Aug 5 21:19:52 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15276
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-84
- Stop confinement of tmpreaper
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- policy-20071130.patch 1 Aug 2008 16:18:41 -0000 1.198
+++ policy-20071130.patch 5 Aug 2008 21:19:21 -0000 1.199
@@ -3102,7 +3102,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2008-07-31 07:05:47.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2008-08-05 16:24:41.000000000 -0400
@@ -26,8 +26,12 @@
files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t)
@@ -3116,7 +3116,7 @@
mls_file_read_all_levels(tmpreaper_t)
mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +46,29 @@
+@@ -42,6 +46,34 @@
cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
@@ -3146,6 +3146,11 @@
lpd_manage_spool(tmpreaper_t)
')
+
++optional_policy(`
++ unconfined_domain(tmpreaper_t)
++')
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te 2008-07-15 14:02:51.000000000 -0400
@@ -19095,7 +19100,7 @@
+/etc/NetworkManager/dispatcher.d(/.*) gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2008-07-24 08:11:29.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2008-08-04 13:46:06.000000000 -0400
@@ -97,3 +97,58 @@
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
@@ -19153,7 +19158,7 @@
+ ')
+
+ files_search_pids($1)
-+ allow $1 NetworkManager_var_run_t:file read_file_perms;
++ read_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:38:02.000000000 -0400
@@ -24072,7 +24077,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-07-29 15:52:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-08-04 14:37:13.000000000 -0400
@@ -59,6 +59,13 @@
## </desc>
gen_tunable(samba_share_nfs,false)
@@ -24244,7 +24249,23 @@
corecmd_list_bin(smbmount_t)
-@@ -546,28 +583,37 @@
+@@ -533,41 +570,50 @@
+
+ auth_use_nsswitch(smbmount_t)
+
++libs_use_ld_so(smbmount_t)
++libs_use_shared_libs(smbmount_t)
++
+ miscfiles_read_localization(smbmount_t)
+
+ mount_use_fds(smbmount_t)
+
+-libs_use_ld_so(smbmount_t)
+-libs_use_shared_libs(smbmount_t)
+-
+ locallogin_use_fds(smbmount_t)
+
+ logging_search_logs(smbmount_t)
userdom_use_all_users_fds(smbmount_t)
@@ -31082,6 +31103,22 @@
files_pid_filetrans(ipsec_t,ipsec_var_run_t,{ file sock_file })
can_exec(ipsec_t, ipsec_mgmt_exec_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
+--- nsaserefpolicy/policy/modules/system/iptables.if 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if 2008-08-05 09:19:43.000000000 -0400
+@@ -49,6 +49,12 @@
+ iptables_domtrans($1)
+ role $2 types iptables_t;
+ allow iptables_t $3:chr_file rw_term_perms;
++
++ sysnet_run_ifconfig(iptables_t, $2, $3)
++
++ optional_policy(`
++ modutils_run_insmod(iptables_t, $2, $3)
++ ')
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2008-07-15 14:02:52.000000000 -0400
@@ -33008,7 +33045,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2008-07-15 14:02:52.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2008-08-05 09:08:01.000000000 -0400
@@ -215,8 +215,6 @@
seutil_domtrans_newrole($1)
role $2 types newrole_t;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.701
retrieving revision 1.702
diff -u -r1.701 -r1.702
--- selinux-policy.spec 1 Aug 2008 16:18:41 -0000 1.701
+++ selinux-policy.spec 5 Aug 2008 21:19:22 -0000 1.702
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 83%{?dist}
+Release: 84%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
%endif
%changelog
+* Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-84
+- Stop confinement of tmpreaper
+
* Fri Aug 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-83
- Add 9051 to tor ports
- Add textrel_shlib_t for bad novel library
More information about the fedora-extras-commits
mailing list