rpms/selinux-policy/devel policy-20081111.patch,1.6,1.7
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 4 18:47:56 UTC 2008
- Previous message (by thread): rpms/m4ri/devel import.log, NONE, 1.1 m4ri-license-clarification.mbox, NONE, 1.1 m4ri.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/gdmap/devel gdmap.spec,1.8,1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13269
Modified Files:
policy-20081111.patch
Log Message:
* Thu Dec 4 2008 Dan Walsh <dwalsh at redhat.com> 3.6.1-5
- Allow iptables to talk to terminals
policy-20081111.patch:
Index: policy-20081111.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20081111.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- policy-20081111.patch 4 Dec 2008 18:45:06 -0000 1.6
+++ policy-20081111.patch 4 Dec 2008 18:47:26 -0000 1.7
@@ -19813,7 +19813,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.1/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/ssh.te 2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/ssh.te 2008-12-04 13:46:29.000000000 -0500
@@ -75,7 +75,7 @@
ubac_constrained(ssh_tmpfs_t)
@@ -19823,7 +19823,15 @@
typealias home_ssh_t alias { auditadm_home_ssh_t secadm_home_ssh_t };
files_type(home_ssh_t)
userdom_user_home_content(home_ssh_t)
-@@ -318,6 +318,9 @@
+@@ -115,6 +115,7 @@
+ manage_dirs_pattern(ssh_t,home_ssh_t,home_ssh_t)
+ manage_sock_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
+ userdom_user_home_dir_filetrans(ssh_t, home_ssh_t, { dir sock_file })
++userdom_stream_connect(ssh_t)
+
+ # Allow the ssh program to communicate with ssh-agent.
+ stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
+@@ -318,6 +319,9 @@
corenet_tcp_bind_xserver_port(sshd_t)
corenet_sendrecv_xserver_server_packets(sshd_t)
@@ -19833,7 +19841,7 @@
tunable_policy(`ssh_sysadm_login',`
# Relabel and access ptys created by sshd
# ioctl is necessary for logout() processing for utmp entry and for w to
-@@ -331,6 +334,14 @@
+@@ -331,6 +335,14 @@
')
optional_policy(`
@@ -19848,7 +19856,7 @@
daemontools_service_domain(sshd_t, sshd_exec_t)
')
-@@ -349,7 +360,11 @@
+@@ -349,7 +361,11 @@
')
optional_policy(`
@@ -19861,7 +19869,7 @@
unconfined_shell_domtrans(sshd_t)
')
-@@ -408,6 +423,8 @@
+@@ -408,6 +424,8 @@
init_use_fds(ssh_keygen_t)
init_use_script_ptys(ssh_keygen_t)
@@ -27124,7 +27132,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.1/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/system/xen.te 2008-11-25 10:59:58.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/system/xen.te 2008-12-04 13:40:20.000000000 -0500
@@ -1,11 +1,18 @@
-policy_module(xen, 1.7.2)
@@ -27312,7 +27320,7 @@
corenet_tcp_sendrecv_generic_if(xm_t)
corenet_tcp_sendrecv_all_nodes(xm_t)
-@@ -339,15 +373,37 @@
+@@ -339,15 +373,38 @@
storage_raw_read_fixed_disk(xm_t)
@@ -27335,6 +27343,7 @@
+
+optional_policy(`
+ virt_manage_images(xm_t)
++ virt_stream_connect(xm_t)
+')
+
+#Should have a boolean wrapping these
- Previous message (by thread): rpms/m4ri/devel import.log, NONE, 1.1 m4ri-license-clarification.mbox, NONE, 1.1 m4ri.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/gdmap/devel gdmap.spec,1.8,1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list