rpms/selinux-policy/F-10 policy-20080710.patch,1.113,1.114

Daniel J Walsh dwalsh at fedoraproject.org
Wed Dec 10 14:19:59 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22198

Modified Files:
	policy-20080710.patch 
Log Message:
* Tue Dec 9 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-34
- Allow semanage to send signals to itself


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- policy-20080710.patch	9 Dec 2008 21:04:50 -0000	1.113
+++ policy-20080710.patch	10 Dec 2008 14:19:58 -0000	1.114
@@ -4496,7 +4496,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te	2008-12-05 08:34:30.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te	2008-12-10 08:53:06.000000000 -0500
 @@ -0,0 +1,279 @@
 +
 +policy_module(nsplugin, 1.0.0)
@@ -4964,7 +4964,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.13/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te	2008-12-09 14:43:48.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/apps/podsleuth.te	2008-12-10 08:55:56.000000000 -0500
 @@ -11,24 +11,61 @@
  application_domain(podsleuth_t, podsleuth_exec_t)
  role system_r types podsleuth_t;
@@ -5004,9 +5004,9 @@
 +fs_read_dos_files(podsleuth_t)
 +fs_search_dos(podsleuth_t)
 +
-+fs_mount_nfs_fs(podsleuth_t)
-+fs_unmount_nfs_fs(podsleuth_t)
-+fs_getattr_nfs_fs(podsleuth_t)
++fs_mount_nfs(podsleuth_t)
++fs_unmount_nfs(podsleuth_t)
++fs_getattr_nfs(podsleuth_t)
 +fs_read_nfs_files(podsleuth_t)
 +fs_search_nfs(podsleuth_t)
 +
@@ -7962,7 +7962,7 @@
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.13/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if	2008-12-08 16:43:51.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.if	2008-12-10 09:05:13.000000000 -0500
 @@ -535,6 +535,24 @@
  
  ########################################
@@ -8735,7 +8735,7 @@
 +# file contexts handled by userdomain and genhomedircon
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.13/policy/modules/roles/guest.if
 --- nsaserefpolicy/policy/modules/roles/guest.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/roles/guest.if	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/roles/guest.if	2008-12-10 08:30:33.000000000 -0500
 @@ -0,0 +1,161 @@
 +## <summary>Least privledge terminal user role</summary>
 +
@@ -8747,7 +8747,7 @@
 +##	<summary>
 +##	The prefix of the user role (e.g., user
 +##	is the prefix for user_r).
-+##	</summary>
++##	</summary> 
 +## </param>
 +## <rolecap/>
 +#
@@ -9017,8 +9017,8 @@
 +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2008-11-24 10:50:07.000000000 -0500
-@@ -4,27 +4,68 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2008-12-10 08:25:28.000000000 -0500
+@@ -4,27 +4,79 @@
  ########################################
  #
  # Declarations
@@ -9089,6 +9089,17 @@
 +	cron_admin_template(sysadm)
 +')
 +
++optional_policy(`
++	xguest_role_change_template(staff)
++')
++
++optional_policy(`
++	guest_role_change_template(staff)
++')
++
++optional_policy(`
++	unprivuser_role_change_template(staff)
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
 --- nsaserefpolicy/policy/modules/roles/sysadm.if	2008-10-17 08:49:14.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if	2008-11-24 10:49:49.000000000 -0500
@@ -16612,7 +16623,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/hal.te	2008-12-10 09:04:13.000000000 -0500
 @@ -49,6 +49,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -16684,7 +16695,7 @@
  # Local hald mac policy
  #
  
-+allow hald_mac_t self:capability { setgid setuid };
++allow hald_mac_t self:capability { setgid setuid sys_admin };
 +
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
@@ -33113,7 +33124,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-04 16:32:18.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-10 09:16:20.000000000 -0500
 @@ -28,10 +28,14 @@
  		class context contains;
  	')




More information about the fedora-extras-commits mailing list