rpms/selinux-policy/devel policy-20080710.patch,1.21,1.22

Daniel J Walsh dwalsh at fedoraproject.org
Fri Aug 29 19:29:24 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2496

Modified Files:
	policy-20080710.patch 
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20080710.patch	29 Aug 2008 18:58:58 -0000	1.21
+++ policy-20080710.patch	29 Aug 2008 19:29:23 -0000	1.22
@@ -358,18 +358,26 @@
  init_use_fds(consoletype_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te	2008-08-25 10:50:15.000000000 -0400
-@@ -118,6 +118,10 @@
++++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te	2008-08-29 15:12:36.000000000 -0400
+@@ -118,15 +118,7 @@
  	usermanage_domtrans_admin_passwd(firstboot_t)
  ')
  
+-ifdef(`TODO',`
+-allow firstboot_t proc_t:file write;
+-
+-ifdef(`printconf.te', `
+-	can_exec(firstboot_t, printconf_t)
+-')
+-
+-ifdef(`userhelper.te', `
+-	role system_r types sysadm_userhelper_t;
+-	domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
 +optional_policy(`
 +	xserver_xdm_rw_shm(firstboot_t)
-+')
-+
- ifdef(`TODO',`
- allow firstboot_t proc_t:file write;
- 
++	xserver_unconfined(firstboot_t)
+ ')
+-') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2008-08-14 13:08:27.000000000 -0400
 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te	2008-08-25 10:50:15.000000000 -0400
@@ -13492,7 +13500,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/cups.te	2008-08-29 12:52:54.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/cups.te	2008-08-29 15:23:04.000000000 -0400
 @@ -48,6 +48,9 @@
  type hplip_t;
  type hplip_exec_t;
@@ -13705,7 +13713,7 @@
  #
  
 -allow cupsd_config_t self:capability { chown sys_tty_config };
-+allow cupsd_config_t self:capability { chown dav_override sys_tty_config };
++allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
  dontaudit cupsd_config_t self:capability sys_tty_config;
  allow cupsd_config_t self:process signal_perms;
  allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@@ -24745,7 +24753,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/snort.te	2008-08-25 10:50:15.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/snort.te	2008-08-29 15:22:50.000000000 -0400
 @@ -10,8 +10,11 @@
  type snort_exec_t;
  init_daemon_domain(snort_t, snort_exec_t)
@@ -24784,7 +24792,7 @@
  sysadm_dontaudit_search_home_dirs(snort_t)
  
  optional_policy(`
-+	prelude_rw_spool(snort_t)
++	prelude_manage_spool(snort_t)
 +')
 +
 +optional_policy(`




More information about the fedora-extras-commits mailing list