rpms/selinux-policy/F-9 policy-20071130.patch,1.167,1.168

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Jun 2 17:29:28 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9928

Modified Files:
	policy-20071130.patch 
Log Message:
* Fri May 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-63
- Allow policykit_resolve to ptrace user processes


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- policy-20071130.patch	2 Jun 2008 17:09:36 -0000	1.167
+++ policy-20071130.patch	2 Jun 2008 17:28:40 -0000	1.168
@@ -12078,6 +12078,114 @@
 +	fs_dontaudit_rw_cifs_files(consolekit_t)
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
+--- nsaserefpolicy/policy/modules/services/courier.fc	2008-02-26 08:23:10.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2008-06-02 13:18:42.071469000 -0400
+@@ -19,3 +19,5 @@
+ /var/lib/courier(/.*)?			--	gen_context(system_u:object_r:courier_var_lib_t,s0)
+ 
+ /var/run/courier(/.*)?			--	gen_context(system_u:object_r:courier_var_run_t,s0)
++
++/var/spool/courier(/.*)?		gen_context(system_u:object_r:courier_spool_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
+--- nsaserefpolicy/policy/modules/services/courier.if	2008-02-26 08:23:10.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/courier.if	2008-06-02 13:23:16.805431000 -0400
+@@ -123,3 +123,95 @@
+ 
+ 	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
+ ')
++
++########################################
++## <summary>
++##	Allow domain to read courier config files
++## </summary>
++## <param name="prefix">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`courier_read_config',`
++	gen_require(`
++		type courier_etc_t;
++	')
++
++	read_files_pattern($1, courier_etc_t, courier_etc_t)
++')
++
++########################################
++## <summary>
++##	Allow domain to manage courier spool directories
++## </summary>
++## <param name="prefix">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`courier_manage_spool_dirs',`
++	gen_require(`
++		type courier_spool_t;
++	')
++
++	manage_dirs_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++## <summary>
++##	Allow domain to manage courier spool files
++## </summary>
++## <param name="prefix">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`courier_manage_spool_files',`
++	gen_require(`
++		type courier_spool_t;
++	')
++
++	manage_files_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++## <summary>
++##	Allow domain to manage courier spool files
++## </summary>
++## <param name="prefix">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`courier_manage_spool_files',`
++	gen_require(`
++		type courier_spool_t;
++	')
++
++	manage_files_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++## <summary>
++##	Allow attempts to read and write to
++##	courier unnamed pipes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`courier_rw_pipes',`
++	gen_require(`
++		type courier_t;
++	')
++
++	allow $1 courier_t:fifo_file rw_fifo_file_perms; 
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2008-02-26 08:23:10.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/courier.te	2008-06-02 13:05:28.159420000 -0400
@@ -17324,7 +17432,7 @@
 +files_type(mailscanner_spool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.3.1/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2008-06-02 13:05:28.581996000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2008-06-02 13:18:22.386930000 -0400
 @@ -9,8 +9,10 @@
  ')
  
@@ -17340,7 +17448,7 @@
  #ifdef(`postfix.te', `', `
  #/var/spool/postfix(/.*)?	gen_context(system_u:object_r:mail_spool_t,s0)
  #')
-+/var/spool/courier(/.*)?	gen_context(system_u:object_r:mail_spool_t,s0)
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.3.1/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2008-02-26 08:23:10.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/services/mta.if	2008-06-02 13:05:28.585994000 -0400
@@ -17518,7 +17626,7 @@
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-06-02 13:05:28.589988000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2008-06-02 13:23:53.867355000 -0400
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -17587,7 +17695,7 @@
  ')
  
  optional_policy(`
-@@ -73,7 +95,10 @@
+@@ -73,7 +95,18 @@
  
  optional_policy(`
  	cron_read_system_job_tmp_files(system_mail_t)
@@ -17595,10 +17703,18 @@
  	cron_dontaudit_write_pipes(system_mail_t)
 +	cron_dontaudit_write_system_job_tmp_files(system_mail_t)
 +	cron_rw_system_stream_sockets(system_mail_t)
++')
++
++optional_policy(`
++	courier_read_config(system_mail_t)
++	courier_manage_spool_dirs(system_mail_t)
++	courier_manage_spool_files(system_mail_t)
++	courier_rw_pipes(system_mail_t)
++
  ')
  
  optional_policy(`
-@@ -81,6 +106,11 @@
+@@ -81,6 +114,11 @@
  ')
  
  optional_policy(`
@@ -17610,7 +17726,7 @@
  	logrotate_read_tmp_files(system_mail_t)
  ')
  
-@@ -136,11 +166,38 @@
+@@ -136,11 +174,38 @@
  ')
  
  optional_policy(`
@@ -17633,13 +17749,13 @@
 -# should break this up among sections:
 +init_stream_connect_script(mailserver_delivery)
 +init_rw_script_stream_sockets(mailserver_delivery)
- 
++
 +tunable_policy(`use_samba_home_dirs',`
 +	fs_manage_cifs_dirs(mailserver_delivery)
 +	fs_manage_cifs_files(mailserver_delivery)
 +	fs_manage_cifs_symlinks(mailserver_delivery)
 +')
-+
+ 
 +tunable_policy(`use_nfs_home_dirs',`
 +	fs_manage_nfs_dirs(mailserver_delivery)
 +	fs_manage_nfs_files(mailserver_delivery)
@@ -17650,7 +17766,7 @@
  optional_policy(`
  	# why is mail delivered to a directory of type arpwatch_data_t?
  	arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +211,4 @@
+@@ -154,3 +219,4 @@
  		cron_read_system_job_tmp_files(mta_user_agent)
  	')
  ')
@@ -23428,7 +23544,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2008-06-02 13:05:29.128613000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2008-06-02 13:23:21.780257000 -0400
 @@ -149,3 +149,104 @@
  
  	logging_log_filetrans($1,sendmail_log_t,file)

More information about the fedora-extras-commits mailing list