rpms/selinux-policy/devel policy-20080710.patch,1.21,1.22
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Aug 29 19:29:24 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2496
Modified Files:
policy-20080710.patch
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20080710.patch 29 Aug 2008 18:58:58 -0000 1.21
+++ policy-20080710.patch 29 Aug 2008 19:29:23 -0000 1.22
@@ -358,18 +358,26 @@
init_use_fds(consoletype_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-25 10:50:15.000000000 -0400
-@@ -118,6 +118,10 @@
++++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-29 15:12:36.000000000 -0400
+@@ -118,15 +118,7 @@
usermanage_domtrans_admin_passwd(firstboot_t)
')
+-ifdef(`TODO',`
+-allow firstboot_t proc_t:file write;
+-
+-ifdef(`printconf.te', `
+- can_exec(firstboot_t, printconf_t)
+-')
+-
+-ifdef(`userhelper.te', `
+- role system_r types sysadm_userhelper_t;
+- domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
+optional_policy(`
+ xserver_xdm_rw_shm(firstboot_t)
-+')
-+
- ifdef(`TODO',`
- allow firstboot_t proc_t:file write;
-
++ xserver_unconfined(firstboot_t)
+ ')
+-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
@@ -13492,7 +13500,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 12:52:54.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 15:23:04.000000000 -0400
@@ -48,6 +48,9 @@
type hplip_t;
type hplip_exec_t;
@@ -13705,7 +13713,7 @@
#
-allow cupsd_config_t self:capability { chown sys_tty_config };
-+allow cupsd_config_t self:capability { chown dav_override sys_tty_config };
++allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@@ -24745,7 +24753,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-25 10:50:15.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-29 15:22:50.000000000 -0400
@@ -10,8 +10,11 @@
type snort_exec_t;
init_daemon_domain(snort_t, snort_exec_t)
@@ -24784,7 +24792,7 @@
sysadm_dontaudit_search_home_dirs(snort_t)
optional_policy(`
-+ prelude_rw_spool(snort_t)
++ prelude_manage_spool(snort_t)
+')
+
+optional_policy(`
More information about the fedora-extras-commits
mailing list