rpms/selinux-policy/F-8 policy-20070703.patch,1.188,1.189

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Wed Feb 27 02:34:06 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21810

Modified Files:
	policy-20070703.patch 
Log Message:
* Thu Feb 21 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-89
- Add jkubin changes for nx and groupadd
- Add isns port


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -r1.188 -r1.189
--- policy-20070703.patch	26 Feb 2008 23:02:12 -0000	1.188
+++ policy-20070703.patch	27 Feb 2008 02:34:01 -0000	1.189
@@ -4891,7 +4891,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.8/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/domain.te	2008-02-26 17:53:57.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/domain.te	2008-02-26 21:27:24.000000000 -0500
 @@ -6,6 +6,22 @@
  # Declarations
  #
@@ -5002,34 +5002,8 @@
  /usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.8/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/files.if	2008-02-26 17:53:00.000000000 -0500
-@@ -306,6 +306,25 @@
- 
- ########################################
- ## <summary>
-+##	Do not audit attempts to get the attributes
-+##	of all directories.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`files_getattr_all_dirs',`
-+	gen_require(`
-+		attribute file_type;
-+	')
-+
-+	allow $1 file_type:dir getattr;
-+')
-+
-+########################################
-+## <summary>
- ##	List all non-security directories.
- ## </summary>
- ## <param name="domain">
-@@ -343,8 +362,7 @@
++++ serefpolicy-3.0.8/policy/modules/kernel/files.if	2008-02-26 21:27:03.000000000 -0500
+@@ -343,8 +343,7 @@
  
  ########################################
  ## <summary>
@@ -5039,7 +5013,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -352,12 +370,29 @@
+@@ -352,12 +351,29 @@
  ##	</summary>
  ## </param>
  #
@@ -5070,7 +5044,7 @@
  	allow $1 { file_type -security_file_type }:file mounton;
  ')
  
-@@ -376,7 +411,7 @@
+@@ -376,7 +392,7 @@
  		attribute file_type, security_file_type;
  	')
  
@@ -5079,7 +5053,7 @@
  ')
  
  ########################################
-@@ -656,44 +691,6 @@
+@@ -656,44 +672,6 @@
  
  ########################################
  ## <summary>
@@ -5124,7 +5098,7 @@
  ##	Read all symbolic links.
  ## </summary>
  ## <param name="domain">
-@@ -885,6 +882,8 @@
+@@ -885,6 +863,8 @@
  		attribute file_type;
  	')
  
@@ -5133,7 +5107,7 @@
  	allow $1 { file_type $2 }:dir list_dir_perms;
  	relabel_dirs_pattern($1,{ file_type $2 },{ file_type $2 })
  	relabel_files_pattern($1,{ file_type $2 },{ file_type $2 })
-@@ -1106,6 +1105,24 @@
+@@ -1106,6 +1086,24 @@
  
  ########################################
  ## <summary>
@@ -5158,7 +5132,7 @@
  ##	List the contents of the root directory.
  ## </summary>
  ## <param name="domain">
-@@ -1192,6 +1209,25 @@
+@@ -1192,6 +1190,25 @@
  
  ########################################
  ## <summary>
@@ -5184,7 +5158,7 @@
  ##	Do not audit attempts to read or write
  ##	character device nodes in the root directory.
  ## </summary>
-@@ -1229,6 +1265,24 @@
+@@ -1229,6 +1246,24 @@
  
  ########################################
  ## <summary>
@@ -5209,7 +5183,7 @@
  ##	Unmount a rootfs filesystem.
  ## </summary>
  ## <param name="domain">
-@@ -2023,6 +2077,31 @@
+@@ -2023,6 +2058,31 @@
  
  ########################################
  ## <summary>
@@ -5241,7 +5215,7 @@
  ##	Read files in /etc that are dynamically
  ##	created on boot, such as mtab.
  ## </summary>
-@@ -3107,6 +3186,24 @@
+@@ -3107,6 +3167,24 @@
  
  ########################################
  ## <summary>
@@ -5266,7 +5240,7 @@
  ##	Manage temporary files and directories in /tmp.
  ## </summary>
  ## <param name="domain">
-@@ -3198,6 +3295,44 @@
+@@ -3198,6 +3276,44 @@
  
  ########################################
  ## <summary>
@@ -5311,7 +5285,7 @@
  ##	Read all tmp files.
  ## </summary>
  ## <param name="domain">
-@@ -3323,6 +3458,42 @@
+@@ -3323,6 +3439,42 @@
  
  ########################################
  ## <summary>
@@ -5354,7 +5328,7 @@
  ##	Get the attributes of files in /usr.
  ## </summary>
  ## <param name="domain">
-@@ -3381,7 +3552,7 @@
+@@ -3381,7 +3533,7 @@
  
  ########################################
  ## <summary>
@@ -5363,7 +5337,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -3389,17 +3560,17 @@
+@@ -3389,17 +3541,17 @@
  ##	</summary>
  ## </param>
  #
@@ -5384,7 +5358,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -3407,12 +3578,12 @@
+@@ -3407,12 +3559,12 @@
  ##	</summary>
  ## </param>
  #
@@ -5399,7 +5373,7 @@
  ')
  
  ########################################
-@@ -4043,7 +4214,7 @@
+@@ -4043,7 +4195,7 @@
  		type var_t, var_lock_t;
  	')
  
@@ -5408,7 +5382,7 @@
  ')
  
  ########################################
-@@ -4285,6 +4456,25 @@
+@@ -4285,6 +4437,25 @@
  
  ########################################
  ## <summary>
@@ -5434,7 +5408,7 @@
  ##	Do not audit attempts to write to daemon runtime data files.
  ## </summary>
  ## <param name="domain">
-@@ -4560,6 +4750,8 @@
+@@ -4560,6 +4731,8 @@
  	# Need to give access to /selinux/member
  	selinux_compute_member($1)
  
@@ -5443,7 +5417,7 @@
  	# Need sys_admin capability for mounting
  	allow $1 self:capability { chown fsetid sys_admin };
  
-@@ -4582,6 +4774,11 @@
+@@ -4582,6 +4755,11 @@
  	# Default type for mountpoints
  	allow $1 poly_t:dir { create mounton };
  	fs_unmount_xattr_fs($1)
@@ -5455,7 +5429,7 @@
  ')
  
  ########################################
-@@ -4619,3 +4816,28 @@
+@@ -4619,3 +4797,28 @@
  
  	allow $1 { file_type -security_file_type }:dir manage_dir_perms;
  ')
@@ -14605,7 +14579,7 @@
  /var/run/samba/brlock\.tdb	--	gen_context(system_u:object_r:smbd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.0.8/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.if	2008-02-26 17:24:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/samba.if	2008-02-26 21:22:53.000000000 -0500
 @@ -63,6 +63,25 @@
  
  ########################################
@@ -14659,7 +14633,7 @@
 +## </param>
 +## <rolecap/>
 +#
-+interface(`samba_run_net',`
++interface(`samba_run_unconfined_net',`
 +	gen_require(`
 +		type samba_unconfined_net_t;
 +	')

More information about the fedora-extras-commits mailing list