rpms/selinux-policy/devel policy-20080710.patch,1.22,1.23

Daniel J Walsh dwalsh at fedoraproject.org
Fri Aug 29 20:15:10 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9126

Modified Files:
	policy-20080710.patch 
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- policy-20080710.patch	29 Aug 2008 19:29:23 -0000	1.22
+++ policy-20080710.patch	29 Aug 2008 20:14:40 -0000	1.23
@@ -20593,7 +20593,7 @@
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.5/policy/modules/services/postfix.te	2008-08-26 13:30:44.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/services/postfix.te	2008-08-29 15:43:57.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -20681,7 +20681,15 @@
  # allow access to deferred queue and allow removing bogus incoming entries
  manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
  manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
-@@ -181,12 +195,17 @@
+@@ -142,6 +156,7 @@
+ 
+ delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+ rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
++setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+ 
+ kernel_read_all_sysctls(postfix_master_t)
+ 
+@@ -181,12 +196,17 @@
  
  mta_rw_aliases(postfix_master_t)
  mta_read_sendmail_bin(postfix_master_t)
@@ -20699,7 +20707,7 @@
  #	for postalias
  	mailman_manage_data_files(postfix_master_t)
  ')
-@@ -255,6 +274,10 @@
+@@ -255,6 +275,10 @@
  
  corecmd_exec_bin(postfix_cleanup_t)
  
@@ -20710,7 +20718,7 @@
  ########################################
  #
  # Postfix local local policy
-@@ -280,18 +303,25 @@
+@@ -280,18 +304,25 @@
  
  files_read_etc_files(postfix_local_t)
  
@@ -20736,7 +20744,7 @@
  ')
  
  optional_policy(`
-@@ -302,8 +332,7 @@
+@@ -302,8 +333,7 @@
  #
  # Postfix map local policy
  #
@@ -20746,7 +20754,7 @@
  allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
  allow postfix_map_t self:unix_dgram_socket create_socket_perms;
  allow postfix_map_t self:tcp_socket create_stream_socket_perms;
-@@ -353,8 +382,6 @@
+@@ -353,8 +383,6 @@
  
  miscfiles_read_localization(postfix_map_t)
  
@@ -20755,7 +20763,7 @@
  tunable_policy(`read_default_t',`
  	files_list_default(postfix_map_t)
  	files_read_default_files(postfix_map_t)
-@@ -367,6 +394,11 @@
+@@ -367,6 +395,11 @@
  	locallogin_dontaudit_use_fds(postfix_map_t)
  ')
  
@@ -20767,7 +20775,7 @@
  ########################################
  #
  # Postfix pickup local policy
-@@ -391,6 +423,7 @@
+@@ -391,6 +424,7 @@
  #
  
  allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
@@ -20775,7 +20783,7 @@
  
  write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
  
-@@ -398,6 +431,12 @@
+@@ -398,6 +432,12 @@
  
  rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
  
@@ -20788,7 +20796,7 @@
  optional_policy(`
  	procmail_domtrans(postfix_pipe_t)
  ')
-@@ -407,6 +446,14 @@
+@@ -407,6 +447,14 @@
  ')
  
  optional_policy(`
@@ -20803,7 +20811,7 @@
  	uucp_domtrans_uux(postfix_pipe_t)
  ')
  
-@@ -443,8 +490,7 @@
+@@ -443,8 +491,7 @@
  ')
  
  optional_policy(`
@@ -20813,7 +20821,7 @@
  ')
  
  #######################################
-@@ -470,6 +516,15 @@
+@@ -470,6 +517,15 @@
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
  
@@ -20829,7 +20837,7 @@
  ########################################
  #
  # Postfix qmgr local policy
-@@ -564,6 +619,10 @@
+@@ -564,6 +620,10 @@
  	sasl_connect(postfix_smtpd_t)
  ')
  
@@ -20840,7 +20848,7 @@
  ########################################
  #
  # Postfix virtual local policy
-@@ -579,7 +638,7 @@
+@@ -579,7 +639,7 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
@@ -29787,6 +29795,18 @@
 +optional_policy(`
 +	xserver_rw_xdm_home_files(daemon)
 +')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.5/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te	2008-08-11 11:23:34.000000000 -0400
++++ serefpolicy-3.5.5/policy/modules/system/iscsi.te	2008-08-29 15:34:11.000000000 -0400
+@@ -28,7 +28,7 @@
+ # iscsid local policy
+ #
+ 
+-allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
++allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_nice sys_resource };
+ allow iscsid_t self:process { setrlimit setsched signal };
+ allow iscsid_t self:fifo_file { read write };
+ allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.5/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-08-13 15:24:56.000000000 -0400
 +++ serefpolicy-3.5.5/policy/modules/system/libraries.fc	2008-08-25 13:04:38.000000000 -0400

More information about the fedora-extras-commits mailing list