rpms/selinux-policy/F-7 policy-20070501.patch,1.90,1.91

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Jan 8 20:30:08 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7549

Modified Files:
	policy-20070501.patch 
Log Message:


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- policy-20070501.patch	8 Jan 2008 19:57:58 -0000	1.90
+++ policy-20070501.patch	8 Jan 2008 20:29:53 -0000	1.91
@@ -4559,6 +4559,31 @@
  dev_read_sound(entropyd_t)
  
  fs_getattr_all_fs(entropyd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-2.6.4/policy/modules/services/automount.if
+--- nsaserefpolicy/policy/modules/services/automount.if	2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/automount.if	2008-01-08 15:20:46.000000000 -0500
+@@ -74,3 +74,21 @@
+ 
+ 	dontaudit $1 automount_tmp_t:dir getattr;
+ ')
++
++########################################
++## <summary>
++##	Do not audit attempts to file descriptors for automount.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`automount_dontaudit_use_fds',`
++	gen_require(`
++		type automount_t;
++	')
++
++	dontaudit $1 automount_t:fd use;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.6.4/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/automount.te	2008-01-02 11:27:47.000000000 -0500
@@ -10239,7 +10264,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.6.4/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rpc.te	2008-01-08 13:55:38.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/rpc.te	2008-01-08 15:27:04.000000000 -0500
 @@ -1,5 +1,5 @@
  
 -policy_module(rpc,1.5.0)
@@ -10308,7 +10333,7 @@
 +dev_dontaudit_getattr_all_chr_files(nfsd_t) 
 +
 +dev_read_lvm_control(nfsd_t)
-+storage_dontaudit_raw_read_fixed_disk(nfsd_t)
++storage_dontaudit_read_fixed_disk(nfsd_t)
 +
  # for /proc/fs/nfs/exports - should we have a new type?
  kernel_read_system_state(nfsd_t) 
@@ -10333,12 +10358,8 @@
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
-@@ -156,14 +176,12 @@
- files_list_tmp(gssd_t) 
- files_read_usr_symlinks(gssd_t) 
+@@ -158,12 +178,7 @@
  
-+auth_read_cache(gssd_t) 
-+
  miscfiles_read_certs(gssd_t)
  
 -ifdef(`targeted_policy',`
@@ -10347,7 +10368,6 @@
 -	# Manage the users kerberos tgt file
 -	files_manage_generic_tmp_files(gssd_t) 
 -')
-+userdom_dontaudit_search_users_home_dirs(rpcd_t)
 +userdom_dontaudit_search_sysadm_home_dirs(rpcd_t)
  
  tunable_policy(`allow_gssd_read_tmp',`

More information about the fedora-extras-commits mailing list