rpms/selinux-policy/F-10 policy-20080710.patch, 1.109, 1.110 selinux-policy.spec, 1.759, 1.760
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 4 21:24:46 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18264
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Thu Dec 4 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-32
- Turn off nsplugin transition, by default
- Allow httpd_sys_script_t to communicate with postgresql
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- policy-20080710.patch 4 Dec 2008 14:28:42 -0000 1.109
+++ policy-20080710.patch 4 Dec 2008 21:24:45 -0000 1.110
@@ -626,6 +626,17 @@
samba_read_log(logwatch_t)
+ samba_read_share_files(logwatch_t)
')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.13/policy/modules/admin/mrtg.te
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-10-17 08:49:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/admin/mrtg.te 2008-12-04 14:28:07.000000000 -0500
+@@ -116,6 +116,7 @@
+ selinux_dontaudit_getattr_dir(mrtg_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(mrtg_t)
++userdom_dontaudit_list_admin_dir(mrtg_t)
+
+ sysadm_use_terms(mrtg_t)
+ sysadm_dontaudit_read_home_content_files(mrtg_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.5.13/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-10-17 08:49:14.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/admin/netutils.te 2008-11-24 10:49:49.000000000 -0500
@@ -11148,7 +11159,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.13/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-12-04 14:56:57.000000000 -0500
@@ -20,6 +20,8 @@
# Declarations
#
@@ -11568,7 +11579,7 @@
########################################
#
# Apache PHP script local policy
-@@ -551,22 +695,27 @@
+@@ -551,22 +695,30 @@
fs_search_auto_mountpoints(httpd_php_t)
@@ -11591,9 +11602,10 @@
+ corenet_sendrecv_mysqld_client_packets(httpd_suexec_t)
')
--optional_policy(`
+ optional_policy(`
- nis_use_ypbind(httpd_php_t)
--')
++ postgresql_stream_connect(httpd_sys_script_t)
+ ')
optional_policy(`
- postgresql_stream_connect(httpd_php_t)
@@ -11602,7 +11614,7 @@
')
########################################
-@@ -584,12 +733,14 @@
+@@ -584,12 +736,14 @@
append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
@@ -11618,7 +11630,7 @@
kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -598,9 +749,7 @@
+@@ -598,9 +752,7 @@
fs_search_auto_mountpoints(httpd_suexec_t)
@@ -11629,7 +11641,7 @@
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -633,12 +782,25 @@
+@@ -633,12 +785,25 @@
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -11658,7 +11670,7 @@
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -647,6 +809,12 @@
+@@ -647,6 +812,12 @@
fs_exec_nfs_files(httpd_suexec_t)
')
@@ -11671,7 +11683,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_suexec_t)
fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -664,20 +832,20 @@
+@@ -664,20 +835,20 @@
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -11697,7 +11709,7 @@
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
-@@ -691,12 +859,22 @@
+@@ -691,12 +862,22 @@
# Should we add a boolean?
apache_domtrans_rotatelogs(httpd_sys_script_t)
@@ -11722,7 +11734,7 @@
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -704,6 +882,31 @@
+@@ -704,6 +885,31 @@
fs_read_nfs_symlinks(httpd_sys_script_t)
')
@@ -11754,7 +11766,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -716,10 +919,10 @@
+@@ -716,10 +922,10 @@
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -11769,7 +11781,7 @@
')
########################################
-@@ -727,6 +930,8 @@
+@@ -727,6 +933,8 @@
# httpd_rotatelogs local policy
#
@@ -11778,7 +11790,7 @@
manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -741,3 +946,66 @@
+@@ -741,3 +949,66 @@
logging_search_logs(httpd_rotatelogs_t)
miscfiles_read_localization(httpd_rotatelogs_t)
@@ -17388,7 +17400,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.5.13/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/munin.te 2008-12-02 15:11:02.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/munin.te 2008-12-04 16:13:54.000000000 -0500
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -17441,7 +17453,7 @@
corenet_all_recvfrom_unlabeled(munin_t)
corenet_all_recvfrom_netlabel(munin_t)
-@@ -73,30 +82,39 @@
+@@ -73,30 +82,40 @@
corenet_udp_sendrecv_all_nodes(munin_t)
corenet_tcp_sendrecv_all_ports(munin_t)
corenet_udp_sendrecv_all_ports(munin_t)
@@ -17463,9 +17475,10 @@
fs_getattr_all_fs(munin_t)
fs_search_auto_mountpoints(munin_t)
-
-+auth_use_nsswitch(munin_t)
++fs_list_inotifyfs(munin_t)
+
++auth_use_nsswitch(munin_t)
+
libs_use_ld_so(munin_t)
libs_use_shared_libs(munin_t)
@@ -17483,7 +17496,7 @@
sysadm_dontaudit_search_home_dirs(munin_t)
optional_policy(`
-@@ -109,7 +127,30 @@
+@@ -109,7 +128,30 @@
')
optional_policy(`
@@ -17515,7 +17528,7 @@
')
optional_policy(`
-@@ -119,3 +160,9 @@
+@@ -119,3 +161,9 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -31783,7 +31796,7 @@
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.13/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.if 2008-12-04 15:04:44.000000000 -0500
@@ -198,7 +198,25 @@
type dhcpc_state_t;
')
@@ -35939,7 +35952,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.13/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-12-04 13:40:54.000000000 -0500
@@ -6,6 +6,13 @@
# Declarations
#
@@ -36139,7 +36152,7 @@
init_rw_script_stream_sockets(xm_t)
init_use_fds(xm_t)
-@@ -358,8 +395,25 @@
+@@ -358,8 +395,30 @@
miscfiles_read_localization(xm_t)
@@ -36152,6 +36165,11 @@
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
+
++optional_policy(`
++ virt_manage_images(xm_t)
++ virt_stream_connect(xm_t)
++')
++
+#Should have a boolean wrapping these
+fs_list_auto_mountpoints(xend_t)
+files_search_mnt(xend_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.759
retrieving revision 1.760
diff -u -r1.759 -r1.760
--- selinux-policy.spec 4 Dec 2008 14:28:43 -0000 1.759
+++ selinux-policy.spec 4 Dec 2008 21:24:46 -0000 1.760
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 31%{?dist}
+Release: 32%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -459,6 +459,10 @@
%endif
%changelog
+* Thu Dec 4 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-32
+- Turn off nsplugin transition, by default
+- Allow httpd_sys_script_t to communicate with postgresql
+
* Wed Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-30
- Allow nsplugin to list gconf_home_t directory
More information about the fedora-extras-commits
mailing list