rpms/selinux-policy/devel policy-20080509.patch, 1.31, 1.32 selinux-policy.spec, 1.680, 1.681
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jul 7 17:57:18 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12421
Modified Files:
policy-20080509.patch selinux-policy.spec
Log Message:
* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-12
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems
policy-20080509.patch:
Index: policy-20080509.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080509.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- policy-20080509.patch 4 Jul 2008 12:30:16 -0000 1.31
+++ policy-20080509.patch 7 Jul 2008 17:56:28 -0000 1.32
@@ -284,7 +284,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.4.2/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/admin/amanda.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/admin/amanda.te 2008-07-07 11:14:20.000000000 -0400
@@ -82,8 +82,9 @@
allow amanda_t amanda_config_t:file { getattr read };
@@ -297,7 +297,16 @@
# access to amanda_dumpdates_t
allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
-@@ -220,6 +221,7 @@
+@@ -146,6 +147,8 @@
+ fs_list_all(amanda_t)
+
+ storage_raw_read_fixed_disk(amanda_t)
++storage_read_tape(amanda_t)
++storage_write_tape(amanda_t)
+
+ # Added for targeted policy
+ term_use_unallocated_ttys(amanda_t)
+@@ -220,6 +223,7 @@
auth_use_nsswitch(amanda_recover_t)
fstools_domtrans(amanda_t)
@@ -1460,7 +1469,7 @@
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.4.2/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/admin/sudo.if 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/admin/sudo.if 2008-07-07 11:49:07.000000000 -0400
@@ -55,7 +55,7 @@
#
@@ -1510,7 +1519,7 @@
domain_use_interactive_fds($1_sudo_t)
domain_sigchld_interactive_fds($1_sudo_t)
-@@ -106,32 +108,49 @@
+@@ -106,32 +108,50 @@
files_getattr_usr_files($1_sudo_t)
# for some PAM modules and for cwd
files_dontaudit_search_home($1_sudo_t)
@@ -1549,6 +1558,7 @@
# for some PAM modules and for cwd
+ sysadm_search_home_content_dirs($1_sudo_t)
userdom_dontaudit_search_all_users_home_content($1_sudo_t)
++ userdom_manage_all_users_keys($1_sudo_t)
- ifdef(`TODO',`
- # for when the network connection is killed
@@ -7375,7 +7385,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.4.2/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-06-12 23:25:02.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.te 2008-07-07 12:19:45.000000000 -0400
@@ -21,7 +21,6 @@
# Use xattrs for the following filesystem types.
@@ -7396,6 +7406,14 @@
type eventpollfs_t;
fs_type(eventpollfs_t)
# change to task SID 20060628
+@@ -241,6 +245,7 @@
+ genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+
+ ########################################
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.4.2/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-06-12 23:25:03.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/kernel.if 2008-07-02 08:47:04.000000000 -0400
@@ -21376,7 +21394,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.4.2/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-06-12 23:25:06.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/prelude.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/prelude.te 2008-07-07 11:27:54.000000000 -0400
@@ -19,12 +19,31 @@
type prelude_var_lib_t;
files_type(prelude_var_lib_t)
@@ -21520,12 +21538,14 @@
########################################
#
# prewikka_cgi Declarations
-@@ -135,6 +234,10 @@
+@@ -135,6 +234,12 @@
apache_content_template(prewikka)
files_read_etc_files(httpd_prewikka_script_t)
+ auth_use_nsswitch(httpd_prewikka_script_t)
+
++ logging_send_syslog_msg(httpd_prewikka_script_t)
++
+ can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
+
optional_policy(`
@@ -28282,7 +28302,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.4.2/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/authlogin.if 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/authlogin.if 2008-07-07 11:48:48.000000000 -0400
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -29779,7 +29799,7 @@
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.4.2/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/logging.if 2008-07-02 08:55:06.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/logging.if 2008-07-07 11:43:15.000000000 -0400
@@ -213,12 +213,7 @@
## </param>
#
@@ -29884,7 +29904,7 @@
')
########################################
-@@ -771,6 +803,131 @@
+@@ -771,6 +803,132 @@
## <rolecap/>
#
interface(`logging_admin',`
@@ -29995,6 +30015,7 @@
+ role system_r types $1;
+
+ domtrans_pattern(audisp_t,$2,$1)
++ allow $1 audisp_t:process signal;
+
+ allow audisp_t $2:file getattr;
+ allow $1 audisp_t:unix_stream_socket rw_socket_perms;
@@ -33457,7 +33478,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.680
retrieving revision 1.681
diff -u -r1.680 -r1.681
--- selinux-policy.spec 3 Jul 2008 20:14:23 -0000 1.680
+++ selinux-policy.spec 7 Jul 2008 17:56:28 -0000 1.681
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.4.2
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,11 @@
%endif
%changelog
+* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-12
+- Allow amanda to read tape
+- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
+- Add support for netware file systems
+
* Thu Jul 3 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-11
- Allow ypbind apps to net_bind_service
More information about the fedora-extras-commits
mailing list