rpms/selinux-policy/F-10 policy-20080710.patch,1.113,1.114
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 10 14:19:59 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22198
Modified Files:
policy-20080710.patch
Log Message:
* Tue Dec 9 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-34
- Allow semanage to send signals to itself
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- policy-20080710.patch 9 Dec 2008 21:04:50 -0000 1.113
+++ policy-20080710.patch 10 Dec 2008 14:19:58 -0000 1.114
@@ -4496,7 +4496,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-05 08:34:30.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-12-10 08:53:06.000000000 -0500
@@ -0,0 +1,279 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -4964,7 +4964,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.13/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te 2008-12-09 14:43:48.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te 2008-12-10 08:55:56.000000000 -0500
@@ -11,24 +11,61 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -5004,9 +5004,9 @@
+fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t)
+
-+fs_mount_nfs_fs(podsleuth_t)
-+fs_unmount_nfs_fs(podsleuth_t)
-+fs_getattr_nfs_fs(podsleuth_t)
++fs_mount_nfs(podsleuth_t)
++fs_unmount_nfs(podsleuth_t)
++fs_getattr_nfs(podsleuth_t)
+fs_read_nfs_files(podsleuth_t)
+fs_search_nfs(podsleuth_t)
+
@@ -7962,7 +7962,7 @@
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.13/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if 2008-12-08 16:43:51.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if 2008-12-10 09:05:13.000000000 -0500
@@ -535,6 +535,24 @@
########################################
@@ -8735,7 +8735,7 @@
+# file contexts handled by userdomain and genhomedircon
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.13/policy/modules/roles/guest.if
--- nsaserefpolicy/policy/modules/roles/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/roles/guest.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/roles/guest.if 2008-12-10 08:30:33.000000000 -0500
@@ -0,0 +1,161 @@
+## <summary>Least privledge terminal user role</summary>
+
@@ -8747,7 +8747,7 @@
+## <summary>
+## The prefix of the user role (e.g., user
+## is the prefix for user_r).
-+## </summary>
++## </summary>
+## </param>
+## <rolecap/>
+#
@@ -9017,8 +9017,8 @@
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-11-24 10:50:07.000000000 -0500
-@@ -4,27 +4,68 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-12-10 08:25:28.000000000 -0500
+@@ -4,27 +4,79 @@
########################################
#
# Declarations
@@ -9089,6 +9089,17 @@
+ cron_admin_template(sysadm)
+')
+
++optional_policy(`
++ xguest_role_change_template(staff)
++')
++
++optional_policy(`
++ guest_role_change_template(staff)
++')
++
++optional_policy(`
++ unprivuser_role_change_template(staff)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-10-17 08:49:14.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-11-24 10:49:49.000000000 -0500
@@ -16612,7 +16623,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-12-10 09:04:13.000000000 -0500
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -16684,7 +16695,7 @@
# Local hald mac policy
#
-+allow hald_mac_t self:capability { setgid setuid };
++allow hald_mac_t self:capability { setgid setuid sys_admin };
+
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
@@ -33113,7 +33124,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-04 16:32:18.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-10 09:16:20.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
More information about the fedora-extras-commits
mailing list