rpms/selinux-policy/devel policy-20071130.patch, 1.87, 1.88 selinux-policy.spec, 1.624, 1.625
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Mar 4 21:38:22 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16711
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Mar 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-10
- Allow bitlebee to read locale_t
policy-20071130.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.87 -r 1.88 policy-20071130.patch
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- policy-20071130.patch 29 Feb 2008 22:33:21 -0000 1.87
+++ policy-20071130.patch 4 Mar 2008 21:38:18 -0000 1.88
@@ -2613,7 +2613,7 @@
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2007-10-02 09:54:52.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2008-03-04 16:24:35.000000000 -0500
@@ -28,6 +28,7 @@
files_purge_tmp(tmpreaper_t)
# why does it need setattr?
@@ -2622,7 +2622,7 @@
mls_file_read_all_levels(tmpreaper_t)
mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +43,19 @@
+@@ -42,6 +43,22 @@
cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
@@ -2630,6 +2630,9 @@
+userdom_delete_all_users_home_content_files(tmpreaper_t)
+userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
+
++files_delete_isid_type_dirs(tmpreaper_t)
++files_delete_isid_type_files(tmpreaper_t)
++
+optional_policy(`
+ amavis_manage_spool_files(tmpreaper_t)
+')
@@ -2698,6 +2701,18 @@
rpm_use_fds(useradd_t)
rpm_rw_pipes(useradd_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-12-19 05:32:18.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te 2008-03-04 16:04:15.000000000 -0500
+@@ -23,6 +23,8 @@
+ dev_rwx_zero(vbetool_t)
+ dev_read_sysfs(vbetool_t)
+
++domain_mmap_low(vbetool_t)
++
+ term_use_unallocated_ttys(vbetool_t)
+
+ libs_use_ld_so(vbetool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-02-18 14:30:19.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-02-26 08:29:22.000000000 -0500
@@ -3924,7 +3939,7 @@
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 21:21:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-03-03 08:25:05.000000000 -0500
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -4019,7 +4034,7 @@
userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
userdom_manage_user_home_content_files($1,$1_javaplugin_t)
userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
-@@ -156,15 +162,67 @@
+@@ -156,16 +162,63 @@
')
optional_policy(`
@@ -4029,8 +4044,11 @@
- optional_policy(`
- nscd_socket_use($1_javaplugin_t)
+- ')
+')
-+
+
+- optional_policy(`
+- xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
+#######################################
+## <summary>
+## The per role template for the java module.
@@ -4062,7 +4080,7 @@
+ gen_require(`
+ type java_exec_t;
')
-
++
+ type $1_java_t;
+ domain_type($1_java_t)
+ domain_entry_file($1_java_t,java_exec_t)
@@ -4083,15 +4101,10 @@
+ dev_read_rand($1_java_t)
+
+ fs_dontaudit_rw_tmpfs_files($1_java_t)
-+
- optional_policy(`
-- xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
-+ xserver_user_x_domain_template($1,$1_java,$1_java_t,$1_tmpfs_t)
-+ xserver_xdm_rw_shm($1_java_t)
- ')
')
-@@ -219,3 +277,67 @@
+ ########################################
+@@ -219,3 +272,67 @@
corecmd_search_bin($1)
domtrans_pattern($1, java_exec_t, java_t)
')
@@ -4223,8 +4236,8 @@
+userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2008-02-26 08:29:22.000000000 -0500
-@@ -18,3 +18,109 @@
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2008-03-03 08:24:51.000000000 -0500
+@@ -18,3 +18,101 @@
corecmd_search_bin($1)
domtrans_pattern($1, mono_exec_t, mono_t)
')
@@ -4325,14 +4338,6 @@
+ domtrans_pattern($2, mono_exec_t, $1_mono_t)
+
+ fs_dontaudit_rw_tmpfs_files($1_mono_t)
-+
-+ optional_policy(`
-+ gen_require(`
-+ type $1_tmpfs_t;
-+ ')
-+ xserver_user_x_domain_template($1,$1_mono,$1_mono_t,$1_tmpfs_t)
-+ xserver_xdm_rw_shm($1_mono_t)
-+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2007-12-19 05:32:09.000000000 -0500
@@ -4373,7 +4378,7 @@
# /bin
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-29 07:52:48.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if 2008-02-27 13:16:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if 2008-03-04 10:33:57.000000000 -0500
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -4417,7 +4422,12 @@
allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
allow $1_mozilla_t self:sem create_sem_perms;
-@@ -71,10 +80,15 @@
+@@ -66,15 +75,19 @@
+ allow $1_mozilla_t self:unix_stream_socket { listen accept };
+ # Browse the web, connect to printer
+ allow $1_mozilla_t self:tcp_socket create_socket_perms;
+- allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
+
# for bash - old mozilla binary
can_exec($1_mozilla_t, mozilla_exec_t)
@@ -4436,7 +4446,7 @@
userdom_search_user_home_dirs($1,$1_mozilla_t)
# Mozpluggerrc
-@@ -89,22 +103,48 @@
+@@ -89,22 +102,48 @@
allow $2 $1_mozilla_t:unix_stream_socket connectto;
# X access, Home files
@@ -4498,7 +4508,7 @@
# Unrestricted inheritance from the caller.
allow $2 $1_mozilla_t:process { noatsecure siginh rlimitinh };
-@@ -112,11 +152,13 @@
+@@ -112,11 +151,13 @@
ps_process_pattern($2,$1_mozilla_t)
allow $2 $1_mozilla_t:process signal_perms;
@@ -4514,7 +4524,7 @@
# Look for plugins
corecmd_list_bin($1_mozilla_t)
-@@ -165,10 +207,23 @@
+@@ -165,13 +206,28 @@
files_read_var_files($1_mozilla_t)
files_read_var_symlinks($1_mozilla_t)
files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -4538,9 +4548,20 @@
term_dontaudit_getattr_pty_dirs($1_mozilla_t)
-@@ -184,14 +239,10 @@
- sysnet_dns_name_resolve($1_mozilla_t)
- sysnet_read_config($1_mozilla_t)
++ auth_use_nsswitch($1_mozilla_t)
++
+ libs_use_ld_so($1_mozilla_t)
+ libs_use_shared_libs($1_mozilla_t)
[...1854 lines suppressed...]
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -30643,7 +30843,7 @@
## users home directory.
## </summary>
## <param name="domain">
-@@ -4307,12 +4438,27 @@
+@@ -4307,12 +4439,27 @@
## </summary>
## </param>
#
@@ -30674,7 +30874,7 @@
')
########################################
-@@ -4327,13 +4473,13 @@
+@@ -4327,13 +4474,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@@ -30692,7 +30892,7 @@
')
########################################
-@@ -4531,10 +4677,10 @@
+@@ -4531,10 +4678,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@@ -30705,7 +30905,7 @@
')
########################################
-@@ -4551,10 +4697,10 @@
+@@ -4551,10 +4698,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@@ -30718,7 +30918,7 @@
')
########################################
-@@ -4569,10 +4715,10 @@
+@@ -4569,10 +4716,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@@ -30731,7 +30931,7 @@
')
########################################
-@@ -4588,10 +4734,10 @@
+@@ -4588,10 +4735,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@@ -30744,7 +30944,7 @@
')
########################################
-@@ -4606,10 +4752,10 @@
+@@ -4606,10 +4753,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@@ -30757,7 +30957,7 @@
')
########################################
-@@ -4625,10 +4771,10 @@
+@@ -4625,10 +4772,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@@ -30770,7 +30970,7 @@
')
########################################
-@@ -4644,12 +4790,11 @@
+@@ -4644,12 +4791,11 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
@@ -30786,7 +30986,7 @@
')
########################################
-@@ -4676,10 +4821,10 @@
+@@ -4676,10 +4822,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@@ -30799,7 +30999,7 @@
')
########################################
-@@ -4694,10 +4839,10 @@
+@@ -4694,10 +4840,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@@ -30812,7 +31012,7 @@
')
########################################
-@@ -4712,13 +4857,13 @@
+@@ -4712,13 +4858,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@@ -30830,7 +31030,7 @@
')
########################################
-@@ -4754,11 +4899,49 @@
+@@ -4754,11 +4900,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -30881,7 +31081,7 @@
')
########################################
-@@ -4778,6 +4961,14 @@
+@@ -4778,6 +4962,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -30896,7 +31096,7 @@
')
########################################
-@@ -4839,6 +5030,26 @@
+@@ -4839,6 +5031,26 @@
########################################
## <summary>
@@ -30923,7 +31123,7 @@
## Create, read, write, and delete all directories
## in all users home directories.
## </summary>
-@@ -4859,6 +5070,25 @@
+@@ -4859,6 +5071,25 @@
########################################
## <summary>
@@ -30949,7 +31149,7 @@
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
-@@ -4879,6 +5109,26 @@
+@@ -4879,6 +5110,26 @@
########################################
## <summary>
@@ -30976,7 +31176,7 @@
## Create, read, write, and delete all symlinks
## in all users home directories.
## </summary>
-@@ -5115,7 +5365,7 @@
+@@ -5115,7 +5366,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -30985,7 +31185,7 @@
')
files_search_home($1)
-@@ -5304,6 +5554,50 @@
+@@ -5304,6 +5555,50 @@
########################################
## <summary>
@@ -31036,7 +31236,7 @@
## Create, read, write, and delete directories in
## unprivileged users home directories.
## </summary>
-@@ -5509,6 +5803,42 @@
+@@ -5509,6 +5804,42 @@
########################################
## <summary>
@@ -31079,7 +31279,7 @@
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
-@@ -5674,6 +6004,42 @@
+@@ -5674,6 +6005,42 @@
########################################
## <summary>
@@ -31122,7 +31322,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5704,3 +6070,368 @@
+@@ -5704,3 +6071,368 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.624
retrieving revision 1.625
diff -u -r1.624 -r1.625
--- selinux-policy.spec 29 Feb 2008 22:33:22 -0000 1.624
+++ selinux-policy.spec 4 Mar 2008 21:38:18 -0000 1.625
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -388,6 +388,9 @@
%endif
%changelog
+* Mon Mar 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-10
+- Allow bitlebee to read locale_t
+
* Fri Feb 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-9
- More xselinux rules
More information about the fedora-extras-commits
mailing list