rpms/selinux-policy/F-10 policy-20080710.patch, 1.107, 1.108 selinux-policy.spec, 1.757, 1.758
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 3 22:03:18 UTC 2008
- Previous message (by thread): rpms/libspectre/devel .cvsignore, 1.3, 1.4 libspectre.spec, 1.3, 1.4 sources, 1.3, 1.4
- Next message (by thread): rpms/evince/devel .cvsignore, 1.54, 1.55 evince.spec, 1.141, 1.142 sources, 1.53, 1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30584
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Wed Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-30
- Allow nsplugin to list gconf_home_t directory
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -r1.107 -r1.108
--- policy-20080710.patch 2 Dec 2008 21:33:39 -0000 1.107
+++ policy-20080710.patch 3 Dec 2008 22:02:46 -0000 1.108
@@ -1947,7 +1947,7 @@
+HOME_DIR/.pulse(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.13/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/gnome.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/gnome.if 2008-12-03 08:43:29.000000000 -0500
@@ -36,6 +36,7 @@
gen_require(`
type gconfd_exec_t, gconf_etc_t;
@@ -2095,7 +2095,7 @@
## </summary>
## <param name="userdomain_prefix">
## <summary>
-@@ -183,11 +200,96 @@
+@@ -183,11 +200,97 @@
## </summary>
## </param>
#
@@ -2167,6 +2167,7 @@
+ type gconf_home_t;
+ ')
+
++ allow $1 gconf_home_t:dir list_dir_perms;
+ read_files_pattern($1, gconf_home_t, gconf_home_t)
+')
+
@@ -3505,7 +3506,7 @@
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.13/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/mozilla.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/mozilla.if 2008-12-03 08:59:20.000000000 -0500
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -3666,7 +3667,15 @@
corenet_sendrecv_http_client_packets($1_mozilla_t)
corenet_sendrecv_http_cache_client_packets($1_mozilla_t)
corenet_sendrecv_ftp_client_packets($1_mozilla_t)
-@@ -165,13 +204,28 @@
+@@ -148,6 +187,7 @@
+ # Should not need other ports
+ corenet_dontaudit_tcp_sendrecv_generic_port($1_mozilla_t)
+ corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
++ corenet_tcp_connect_speech_port($1_mozilla_t)
+
+ dev_read_urand($1_mozilla_t)
+ dev_read_rand($1_mozilla_t)
+@@ -165,13 +205,28 @@
files_read_var_files($1_mozilla_t)
files_read_var_symlinks($1_mozilla_t)
files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -3695,7 +3704,7 @@
libs_use_ld_so($1_mozilla_t)
libs_use_shared_libs($1_mozilla_t)
-@@ -180,17 +234,10 @@
+@@ -180,17 +235,10 @@
miscfiles_read_fonts($1_mozilla_t)
miscfiles_read_localization($1_mozilla_t)
@@ -3716,7 +3725,7 @@
xserver_user_x_domain_template($1, $1_mozilla, $1_mozilla_t, $1_mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
-@@ -211,131 +258,8 @@
+@@ -211,131 +259,8 @@
fs_manage_cifs_symlinks($1_mozilla_t)
')
@@ -3850,7 +3859,7 @@
')
optional_policy(`
-@@ -350,57 +274,50 @@
+@@ -350,57 +275,50 @@
optional_policy(`
cups_read_rw_config($1_mozilla_t)
cups_dbus_chat($1_mozilla_t)
@@ -3926,7 +3935,7 @@
')
########################################
-@@ -430,11 +347,11 @@
+@@ -430,11 +348,11 @@
#
template(`mozilla_read_user_home_files',`
gen_require(`
@@ -3941,7 +3950,7 @@
')
########################################
-@@ -464,11 +381,10 @@
+@@ -464,11 +382,10 @@
#
template(`mozilla_write_user_home_files',`
gen_require(`
@@ -3955,7 +3964,7 @@
')
########################################
-@@ -573,3 +489,27 @@
+@@ -573,3 +490,27 @@
allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
')
@@ -4508,8 +4517,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-01 16:31:11.000000000 -0500
-@@ -0,0 +1,276 @@
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-03 08:58:51.000000000 -0500
+@@ -0,0 +1,277 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4595,6 +4604,7 @@
+corenet_tcp_sendrecv_generic_if(nsplugin_t)
+corenet_tcp_sendrecv_all_nodes(nsplugin_t)
+corenet_tcp_connect_ipp_port(nsplugin_t)
++corenet_tcp_connect_speech_port(nsplugin_t)
+
+domain_dontaudit_read_all_domains_state(nsplugin_t)
+
@@ -6551,7 +6561,7 @@
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in 2008-12-01 15:41:38.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in 2008-12-03 08:58:40.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.10.0)
@@ -6653,19 +6663,20 @@
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pxe, udp,4011,s0)
-@@ -159,9 +180,10 @@
+@@ -159,9 +180,11 @@
network_port(rwho, udp,513,s0)
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
-network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
+network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0, tcp, 1161, s0)
network_port(spamd, tcp,783,s0)
++network_port(speech, tcp,8036,s0)
network_port(ssh, tcp,22,s0)
+network_port(streaming, tcp, 1755, s0, udp, 1755, s0)
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
-@@ -170,13 +192,16 @@
+@@ -170,13 +193,16 @@
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
@@ -18897,7 +18908,7 @@
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.5.13/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/openvpn.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/openvpn.te 2008-12-03 10:19:33.000000000 -0500
@@ -22,6 +22,9 @@
type openvpn_etc_t;
files_config_file(openvpn_etc_t)
@@ -18908,7 +18919,15 @@
type openvpn_initrc_exec_t;
init_script_file(openvpn_initrc_exec_t)
-@@ -47,10 +50,11 @@
+@@ -40,6 +43,7 @@
+
+ allow openvpn_t self:capability { dac_read_search dac_override net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
+ allow openvpn_t self:process { signal getsched };
++allow openvpn_t self:fifo_file rw_fifo_file_perms;
+
+ allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
+ allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
+@@ -47,10 +51,11 @@
allow openvpn_t self:tcp_socket server_stream_socket_perms;
allow openvpn_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -18922,7 +18941,16 @@
allow openvpn_t openvpn_var_log_t:file manage_file_perms;
logging_log_filetrans(openvpn_t, openvpn_var_log_t, file)
-@@ -117,3 +121,11 @@
+@@ -102,6 +107,8 @@
+
+ sysnet_dns_name_resolve(openvpn_t)
+ sysnet_exec_ifconfig(openvpn_t)
++sysnet_write_config(openvpn_t)
++sysnet_etc_filetrans_config(openvpn_t)
+
+ tunable_policy(`openvpn_enable_homedirs',`
+ userdom_read_unpriv_users_home_content_files(openvpn_t)
+@@ -117,3 +124,11 @@
networkmanager_dbus_chat(openvpn_t)
')
@@ -25295,7 +25323,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2008-12-02 16:30:32.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2008-12-03 09:33:51.000000000 -0500
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -25467,7 +25495,7 @@
')
optional_policy(`
-@@ -213,3 +260,122 @@
+@@ -213,3 +260,125 @@
optional_policy(`
udev_read_db(spamd_t)
')
@@ -25492,6 +25520,8 @@
+allow spamc_t self:tcp_socket create_stream_socket_perms;
+allow spamc_t self:udp_socket create_socket_perms;
+
++can_exec(spamc_t, spamc_exec_t)
++
+# Allow connecting to a local spamd
+allow spamc_t spamd_t:unix_stream_socket connectto;
+allow spamc_t spamd_tmp_t:sock_file rw_file_perms;
@@ -25563,6 +25593,7 @@
+ corenet_tcp_connect_all_ports(spamc_t)
+ corenet_sendrecv_all_client_packets(spamc_t)
+ corenet_udp_bind_generic_port(spamc_t)
++ corenet_udp_bind_all_nodes(spamc_t)
+
+ sysnet_read_config(spamc_t)
+')
@@ -28697,7 +28728,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.5.13/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/authlogin.if 2008-11-24 16:05:46.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/authlogin.if 2008-12-03 09:33:25.000000000 -0500
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -28803,11 +28834,12 @@
')
')
-@@ -333,19 +378,15 @@
+@@ -333,19 +378,16 @@
dev_read_rand($1)
dev_read_urand($1)
+ auth_use_nsswitch($1)
++ auth_rw_faillog($1)
+
logging_send_audit_msgs($1)
@@ -28816,18 +28848,18 @@
- sysnet_dns_name_resolve($1)
- sysnet_use_ldap($1)
-
- optional_policy(`
+- optional_policy(`
- kerberos_use($1)
- ')
-
-- optional_policy(`
+ optional_policy(`
- nis_use_ypbind($1)
+ kerberos_read_keytab($1)
+ kerberos_connect_524($1)
')
optional_policy(`
-@@ -356,6 +397,28 @@
+@@ -356,6 +398,28 @@
optional_policy(`
samba_stream_connect_winbind($1)
')
@@ -28856,7 +28888,7 @@
')
########################################
-@@ -369,12 +432,12 @@
+@@ -369,12 +433,12 @@
## </param>
## <param name="role">
## <summary>
@@ -28871,7 +28903,7 @@
## </summary>
## </param>
#
-@@ -386,6 +449,7 @@
+@@ -386,6 +450,7 @@
auth_domtrans_chk_passwd($1)
role $2 types system_chkpwd_t;
allow system_chkpwd_t $3:chr_file rw_file_perms;
@@ -28879,7 +28911,7 @@
')
########################################
-@@ -871,7 +935,7 @@
+@@ -871,7 +936,7 @@
files_search_var($1)
allow $1 var_auth_t:dir manage_dir_perms;
allow $1 var_auth_t:file rw_file_perms;
@@ -28888,7 +28920,7 @@
')
########################################
-@@ -1175,6 +1239,32 @@
+@@ -1175,6 +1240,32 @@
########################################
## <summary>
@@ -28921,7 +28953,7 @@
## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions.
## </summary>
-@@ -1447,6 +1537,10 @@
+@@ -1447,6 +1538,10 @@
')
optional_policy(`
@@ -28932,7 +28964,7 @@
nis_use_ypbind($1)
')
-@@ -1457,6 +1551,7 @@
+@@ -1457,6 +1552,7 @@
optional_policy(`
samba_stream_connect_winbind($1)
samba_read_var_files($1)
@@ -28940,7 +28972,7 @@
')
')
-@@ -1491,3 +1586,81 @@
+@@ -1491,3 +1587,81 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.757
retrieving revision 1.758
diff -u -r1.757 -r1.758
--- selinux-policy.spec 2 Dec 2008 21:33:41 -0000 1.757
+++ selinux-policy.spec 3 Dec 2008 22:02:47 -0000 1.758
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 29%{?dist}
+Release: 30%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@
%endif
%changelog
+* Wed Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-30
+- Allow nsplugin to list gconf_home_t directory
+
* Tue Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-29
- Allow spamc to communicate with spamd via sock file
- Previous message (by thread): rpms/libspectre/devel .cvsignore, 1.3, 1.4 libspectre.spec, 1.3, 1.4 sources, 1.3, 1.4
- Next message (by thread): rpms/evince/devel .cvsignore, 1.54, 1.55 evince.spec, 1.141, 1.142 sources, 1.53, 1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list