rpms/selinux-policy/devel policy-20071130.patch, 1.55, 1.56 selinux-policy.spec, 1.603, 1.604
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Feb 6 21:45:48 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31548
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-1
- Update to upstream
policy-20071130.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.55 -r 1.56 policy-20071130.patch
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- policy-20071130.patch 5 Feb 2008 21:25:09 -0000 1.55
+++ policy-20071130.patch 6 Feb 2008 21:45:40 -0000 1.56
@@ -1,20 +1,20 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.2.6/config/appconfig-mcs/failsafe_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.2.7/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/config/appconfig-mcs/failsafe_context 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/failsafe_context 2008-02-06 11:02:29.000000000 -0500
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.2.7/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-mcs/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/guest_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/root_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.2.7/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/config/appconfig-mcs/root_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/root_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -1,11 +1,7 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -28,17 +28,17 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.2.6/config/appconfig-mcs/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.2.7/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/config/appconfig-mcs/seusers 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/seusers 2008-02-06 11:02:29.000000000 -0500
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+__default__:unconfined_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/unconfined_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.2.7/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-mcs/unconfined_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/unconfined_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,9 @@
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
+system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
@@ -49,40 +49,40 @@
+system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
+system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
+system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.2.6/config/appconfig-mcs/userhelper_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.2.7/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/config/appconfig-mcs/userhelper_context 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/userhelper_context 2008-02-06 11:02:29.000000000 -0500
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/xguest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.2.7/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-mcs/xguest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mcs/xguest_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
+system_r:sshd_t xguest_r:xguest_t:s0
+system_r:crond_t xguest_r:xguest_crond_t:s0
+system_r:xdm_t xguest_r:xguest_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mls/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.2.7/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-mls/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-mls/guest_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-standard/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.2.7/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-standard/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-standard/guest_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
+system_r:sshd_t guest_r:guest_t
+system_r:crond_t guest_r:guest_crond_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.2.6/config/appconfig-standard/root_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.2.7/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/config/appconfig-standard/root_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-standard/root_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -96,19 +96,19 @@
#
-#system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.2.6/config/appconfig-standard/xguest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.2.7/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/config/appconfig-standard/xguest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/config/appconfig-standard/xguest_u_default_contexts 2008-02-06 11:02:29.000000000 -0500
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t
+system_r:remote_login_t xguest_r:xguest_t
+system_r:sshd_t xguest_r:xguest_t
+system_r:crond_t xguest_r:xguest_crond_t
+system_r:xdm_t xguest_r:xguest_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.2.6/Makefile
---- nsaserefpolicy/Makefile 2008-02-01 09:12:53.000000000 -0500
-+++ serefpolicy-3.2.6/Makefile 2008-02-01 16:01:42.000000000 -0500
-@@ -305,20 +305,22 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.2.7/Makefile
+--- nsaserefpolicy/Makefile 2008-02-06 10:33:22.000000000 -0500
++++ serefpolicy-3.2.7/Makefile 2008-02-06 11:02:29.000000000 -0500
+@@ -309,20 +309,22 @@
# parse-rolemap modulename,outputfile
define parse-rolemap
@@ -141,9 +141,9 @@
endef
# create-base-per-role-tmpl modulenames,outputfile
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.2.6/man/man8/httpd_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.2.7/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2007-10-12 08:56:10.000000000 -0400
-+++ serefpolicy-3.2.6/man/man8/httpd_selinux.8 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/man/man8/httpd_selinux.8 2008-02-06 11:02:29.000000000 -0500
@@ -93,6 +93,11 @@
.EE
@@ -156,9 +156,9 @@
httpd can be configured to turn off internal scripting (PHP). PHP and other
loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.2.6/policy/flask/access_vectors
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.2.7/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2008-02-01 09:12:52.000000000 -0500
-+++ serefpolicy-3.2.6/policy/flask/access_vectors 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/flask/access_vectors 2008-02-06 11:02:29.000000000 -0500
@@ -644,6 +644,8 @@
send
recv
@@ -168,9 +168,9 @@
}
class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.2.6/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.2.7/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.6/policy/global_tunables 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/global_tunables 2008-02-06 11:02:29.000000000 -0500
@@ -34,7 +34,7 @@
## <desc>
@@ -209,9 +209,9 @@
+gen_tunable(allow_console_login,false)
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.2.6/policy/modules/admin/alsa.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.2.7/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-10-29 18:02:32.000000000 -0400
-+++ serefpolicy-3.2.6/policy/modules/admin/alsa.fc 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/admin/alsa.fc 2008-02-06 11:02:29.000000000 -0500
@@ -1,8 +1,11 @@
+/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -226,9 +226,9 @@
+/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
+/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.2.6/policy/modules/admin/alsa.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.2.7/policy/modules/admin/alsa.if
--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/admin/alsa.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/admin/alsa.if 2008-02-06 11:02:29.000000000 -0500
@@ -74,3 +74,21 @@
read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
@@ -251,9 +251,9 @@
+
+ read_files_pattern($1,alsa_var_lib_t,alsa_var_lib_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.2.6/policy/modules/admin/alsa.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.2.7/policy/modules/admin/alsa.te
[...6020 lines suppressed...]
@@ -0,0 +1 @@
+# No secadm file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.2.6/policy/modules/users/secadm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.2.7/policy/modules/users/secadm.if
--- nsaserefpolicy/policy/modules/users/secadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/secadm.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/secadm.if 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for secadm user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.2.6/policy/modules/users/secadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.2.7/policy/modules/users/secadm.te
--- nsaserefpolicy/policy/modules/users/secadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/secadm.te 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/secadm.te 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1,39 @@
+policy_module(secadm,1.0.1)
+gen_require(`
@@ -29293,19 +29383,19 @@
+optional_policy(`
+ dmesg_exec(secadm_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.2.6/policy/modules/users/staff.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.2.7/policy/modules/users/staff.fc
--- nsaserefpolicy/policy/modules/users/staff.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/staff.fc 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/staff.fc 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+# No staff file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.2.6/policy/modules/users/staff.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.2.7/policy/modules/users/staff.if
--- nsaserefpolicy/policy/modules/users/staff.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/staff.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/staff.if 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for staff user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.6/policy/modules/users/staff.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.7/policy/modules/users/staff.te
--- nsaserefpolicy/policy/modules/users/staff.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/staff.te 2008-02-05 13:29:59.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/staff.te 2008-02-06 15:11:44.000000000 -0500
@@ -0,0 +1,65 @@
+policy_module(staff,1.0.1)
+userdom_unpriv_user_template(staff)
@@ -29314,7 +29404,7 @@
+userdom_role_change_template(staff, sysadm)
+userdom_dontaudit_use_sysadm_terms(staff_t)
+
-+allow $staff_t self:capability sys_nice;
++allow staff_t self:capability sys_nice;
+
+domain_read_all_domains_state(staff_t)
+domain_getattr_all_domains(staff_t)
@@ -29372,19 +29462,19 @@
+optional_policy(`
+ xserver_per_role_template(staff, staff_t, staff_r)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.2.6/policy/modules/users/user.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.2.7/policy/modules/users/user.fc
--- nsaserefpolicy/policy/modules/users/user.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/user.fc 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/user.fc 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+# No user file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.2.6/policy/modules/users/user.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.2.7/policy/modules/users/user.if
--- nsaserefpolicy/policy/modules/users/user.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/user.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/user.if 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for user user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.2.6/policy/modules/users/user.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.2.7/policy/modules/users/user.te
--- nsaserefpolicy/policy/modules/users/user.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/user.te 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/user.te 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1,25 @@
+policy_module(user,1.0.1)
+userdom_unpriv_user_template(user)
@@ -29411,19 +29501,19 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.2.6/policy/modules/users/webadm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.2.7/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/webadm.fc 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/webadm.fc 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+# No webadm file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.2.6/policy/modules/users/webadm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.2.7/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/webadm.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/webadm.if 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for webadm user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.2.6/policy/modules/users/webadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.2.7/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/webadm.te 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/webadm.te 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1,42 @@
+policy_module(webadm,1.0.0)
+
@@ -29467,19 +29557,19 @@
+')
+allow staff_t webadm_t:process transition;
+allow webadm_t staff_t:dir getattr;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.2.6/policy/modules/users/xguest.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.2.7/policy/modules/users/xguest.fc
--- nsaserefpolicy/policy/modules/users/xguest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/xguest.fc 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/xguest.fc 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+# No xguest file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.2.6/policy/modules/users/xguest.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.2.7/policy/modules/users/xguest.if
--- nsaserefpolicy/policy/modules/users/xguest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/xguest.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/xguest.if 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for xguest user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.2.6/policy/modules/users/xguest.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.2.7/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/users/xguest.te 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/users/xguest.te 2008-02-06 11:02:30.000000000 -0500
@@ -0,0 +1,66 @@
+policy_module(xguest,1.0.1)
+
@@ -29547,9 +29637,9 @@
+ ')
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.2.6/policy/support/file_patterns.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.2.7/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/policy/support/file_patterns.spt 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/support/file_patterns.spt 2008-02-06 11:02:30.000000000 -0500
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -29574,18 +29664,9 @@
+ relabelfrom_fifo_files_pattern($1,$2,$2)
+ relabelfrom_sock_files_pattern($1,$2,$2)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.2.6/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/policy/support/obj_perm_sets.spt 2008-02-01 16:01:42.000000000 -0500
-@@ -204,7 +204,7 @@
- define(`getattr_file_perms',`{ getattr }')
- define(`setattr_file_perms',`{ setattr }')
- define(`read_file_perms',`{ getattr read lock ioctl }')
--define(`mmap_file_perms',`{ getattr read execute }')
-+define(`mmap_file_perms',`{ getattr read execute ioctl }')
- define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
- define(`append_file_perms',`{ getattr append lock ioctl }')
- define(`write_file_perms',`{ getattr write append lock ioctl }')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.2.7/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-02-06 10:33:22.000000000 -0500
++++ serefpolicy-3.2.7/policy/support/obj_perm_sets.spt 2008-02-06 11:02:30.000000000 -0500
@@ -315,3 +315,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -29600,9 +29681,9 @@
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.2.6/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.2.7/policy/users
--- nsaserefpolicy/policy/users 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.6/policy/users 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/policy/users 2008-02-06 11:02:30.000000000 -0500
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -29637,9 +29718,9 @@
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, unconfined, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.2.6/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.2.7/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-12-19 05:32:18.000000000 -0500
-+++ serefpolicy-3.2.6/Rules.modular 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/Rules.modular 2008-02-06 11:02:30.000000000 -0500
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -29669,9 +29750,9 @@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.2.6/Rules.monolithic
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.2.7/Rules.monolithic
--- nsaserefpolicy/Rules.monolithic 2007-11-20 06:55:20.000000000 -0500
-+++ serefpolicy-3.2.6/Rules.monolithic 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.7/Rules.monolithic 2008-02-06 11:02:30.000000000 -0500
@@ -96,7 +96,7 @@
#
# Load the binary policy
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.603
retrieving revision 1.604
diff -u -r1.603 -r1.604
--- selinux-policy.spec 5 Feb 2008 21:25:09 -0000 1.603
+++ selinux-policy.spec 6 Feb 2008 21:45:40 -0000 1.604
@@ -11,13 +11,13 @@
%define BUILD_MLS 1
%endif
%define POLICYVER 21
-%define libsepolver 2.0.3-2
-%define POLICYCOREUTILSVER 2.0.23-1
+%define libsepolver 2.0.20-1
+%define POLICYCOREUTILSVER 2.0.42-1
%define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.2.6
-Release: 6%{?dist}
+Version: 3.2.7
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -171,7 +171,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2560.
+Based off of reference policy: Checked out revision 2594.
%build
@@ -387,6 +387,9 @@
%endif
%changelog
+* Tue Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-1
+- Update to upstream
+
* Tue Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-7
- Fixes for staff_t
More information about the fedora-extras-commits
mailing list