rpms/selinux-policy/devel policy-20071130.patch, 1.87, 1.88 selinux-policy.spec, 1.624, 1.625

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Mar 4 21:38:22 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16711

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Mon Mar 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-10
- Allow bitlebee to read locale_t


policy-20071130.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.87 -r 1.88 policy-20071130.patch
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- policy-20071130.patch	29 Feb 2008 22:33:21 -0000	1.87
+++ policy-20071130.patch	4 Mar 2008 21:38:18 -0000	1.88
@@ -2613,7 +2613,7 @@
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2007-10-02 09:54:52.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2008-03-04 16:24:35.000000000 -0500
 @@ -28,6 +28,7 @@
  files_purge_tmp(tmpreaper_t)
  # why does it need setattr?
@@ -2622,7 +2622,7 @@
  
  mls_file_read_all_levels(tmpreaper_t)
  mls_file_write_all_levels(tmpreaper_t)
-@@ -42,6 +43,19 @@
+@@ -42,6 +43,22 @@
  
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
@@ -2630,6 +2630,9 @@
 +userdom_delete_all_users_home_content_files(tmpreaper_t)
 +userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
 +
++files_delete_isid_type_dirs(tmpreaper_t)
++files_delete_isid_type_files(tmpreaper_t)
++
 +optional_policy(`
 +	amavis_manage_spool_files(tmpreaper_t)
 +')
@@ -2698,6 +2701,18 @@
  	rpm_use_fds(useradd_t)
  	rpm_rw_pipes(useradd_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
+--- nsaserefpolicy/policy/modules/admin/vbetool.te	2007-12-19 05:32:18.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2008-03-04 16:04:15.000000000 -0500
+@@ -23,6 +23,8 @@
+ dev_rwx_zero(vbetool_t)
+ dev_read_sysfs(vbetool_t)
+ 
++domain_mmap_low(vbetool_t)
++
+ term_use_unallocated_ttys(vbetool_t)
+ 
+ libs_use_ld_so(vbetool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-02-18 14:30:19.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-02-26 08:29:22.000000000 -0500
@@ -3924,7 +3939,7 @@
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2007-10-12 08:56:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-02-26 21:21:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.if	2008-03-03 08:25:05.000000000 -0500
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -4019,7 +4034,7 @@
  	userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_files($1,$1_javaplugin_t)
  	userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
-@@ -156,15 +162,67 @@
+@@ -156,16 +162,63 @@
  	')
  
  	optional_policy(`
@@ -4029,8 +4044,11 @@
  
 -	optional_policy(`
 -		nscd_socket_use($1_javaplugin_t)
+-	')
 +')
-+
+ 
+-	optional_policy(`
+-		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
 +#######################################
 +## <summary>
 +##	The per role template for the java module.
@@ -4062,7 +4080,7 @@
 +	gen_require(`
 +		type java_exec_t;
  	')
- 
++
 +	type $1_java_t;
 +	domain_type($1_java_t)
 +	domain_entry_file($1_java_t,java_exec_t)
@@ -4083,15 +4101,10 @@
 +	dev_read_rand($1_java_t)
 +
 +	fs_dontaudit_rw_tmpfs_files($1_java_t)
-+
- 	optional_policy(`
--		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
-+		xserver_user_x_domain_template($1,$1_java,$1_java_t,$1_tmpfs_t)
-+		xserver_xdm_rw_shm($1_java_t)
- 	')
  ')
  
-@@ -219,3 +277,67 @@
+ ########################################
+@@ -219,3 +272,67 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, java_exec_t, java_t)
  ')
@@ -4223,8 +4236,8 @@
 +userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2008-02-26 08:29:22.000000000 -0500
-@@ -18,3 +18,109 @@
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2008-03-03 08:24:51.000000000 -0500
+@@ -18,3 +18,101 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, mono_exec_t, mono_t)
  ')
@@ -4325,14 +4338,6 @@
 +	domtrans_pattern($2, mono_exec_t, $1_mono_t)
 +
 +	fs_dontaudit_rw_tmpfs_files($1_mono_t)
-+
-+	optional_policy(`
-+		gen_require(`
-+			type $1_tmpfs_t;
-+		')
-+		xserver_user_x_domain_template($1,$1_mono,$1_mono_t,$1_tmpfs_t)
-+		xserver_xdm_rw_shm($1_mono_t)
-+	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2007-12-19 05:32:09.000000000 -0500
@@ -4373,7 +4378,7 @@
  # /bin
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-10-29 07:52:48.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-02-27 13:16:07.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2008-03-04 10:33:57.000000000 -0500
 @@ -35,7 +35,10 @@
  template(`mozilla_per_role_template',`
  	gen_require(`
@@ -4417,7 +4422,12 @@
  	allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
  	allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
  	allow $1_mozilla_t self:sem create_sem_perms;
-@@ -71,10 +80,15 @@
+@@ -66,15 +75,19 @@
+ 	allow $1_mozilla_t self:unix_stream_socket { listen accept };
+ 	# Browse the web, connect to printer
+ 	allow $1_mozilla_t self:tcp_socket create_socket_perms;
+-	allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
+ 
  	# for bash - old mozilla binary
  	can_exec($1_mozilla_t, mozilla_exec_t)
  
@@ -4436,7 +4446,7 @@
  	userdom_search_user_home_dirs($1,$1_mozilla_t)
  
  	# Mozpluggerrc
-@@ -89,22 +103,48 @@
+@@ -89,22 +102,48 @@
  	allow $2 $1_mozilla_t:unix_stream_socket connectto;
  
  	# X access, Home files
@@ -4498,7 +4508,7 @@
  	# Unrestricted inheritance from the caller.
  	allow $2 $1_mozilla_t:process { noatsecure siginh rlimitinh };
  
-@@ -112,11 +152,13 @@
+@@ -112,11 +151,13 @@
  	ps_process_pattern($2,$1_mozilla_t)
  	allow $2 $1_mozilla_t:process signal_perms;
  	
@@ -4514,7 +4524,7 @@
  
  	# Look for plugins 
  	corecmd_list_bin($1_mozilla_t)
-@@ -165,10 +207,23 @@
+@@ -165,13 +206,28 @@
  	files_read_var_files($1_mozilla_t)
  	files_read_var_symlinks($1_mozilla_t)
   	files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -4538,9 +4548,20 @@
  
  	term_dontaudit_getattr_pty_dirs($1_mozilla_t)
  	
-@@ -184,14 +239,10 @@
- 	sysnet_dns_name_resolve($1_mozilla_t)
- 	sysnet_read_config($1_mozilla_t)
++	auth_use_nsswitch($1_mozilla_t)
++
+ 	libs_use_ld_so($1_mozilla_t)
+ 	libs_use_shared_libs($1_mozilla_t)
[...1854 lines suppressed...]
  interface(`userdom_relabelto_staff_home_dirs',`
  	gen_require(`
@@ -30643,7 +30843,7 @@
  ##	users home directory.
  ## </summary>
  ## <param name="domain">
-@@ -4307,12 +4438,27 @@
+@@ -4307,12 +4439,27 @@
  ##	</summary>
  ## </param>
  #
@@ -30674,7 +30874,7 @@
  ')
  
  ########################################
-@@ -4327,13 +4473,13 @@
+@@ -4327,13 +4474,13 @@
  #
  interface(`userdom_read_staff_home_content_files',`
  	gen_require(`
@@ -30692,7 +30892,7 @@
  ')
  
  ########################################
-@@ -4531,10 +4677,10 @@
+@@ -4531,10 +4678,10 @@
  #
  interface(`userdom_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -30705,7 +30905,7 @@
  ')
  
  ########################################
-@@ -4551,10 +4697,10 @@
+@@ -4551,10 +4698,10 @@
  #
  interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
  	gen_require(`
@@ -30718,7 +30918,7 @@
  ')
  
  ########################################
-@@ -4569,10 +4715,10 @@
+@@ -4569,10 +4716,10 @@
  #
  interface(`userdom_search_sysadm_home_dirs',`
  	gen_require(`
@@ -30731,7 +30931,7 @@
  ')
  
  ########################################
-@@ -4588,10 +4734,10 @@
+@@ -4588,10 +4735,10 @@
  #
  interface(`userdom_dontaudit_search_sysadm_home_dirs',`
  	gen_require(`
@@ -30744,7 +30944,7 @@
  ')
  
  ########################################
-@@ -4606,10 +4752,10 @@
+@@ -4606,10 +4753,10 @@
  #
  interface(`userdom_list_sysadm_home_dirs',`
  	gen_require(`
@@ -30757,7 +30957,7 @@
  ')
  
  ########################################
-@@ -4625,10 +4771,10 @@
+@@ -4625,10 +4772,10 @@
  #
  interface(`userdom_dontaudit_list_sysadm_home_dirs',`
  	gen_require(`
@@ -30770,7 +30970,7 @@
  ')
  
  ########################################
-@@ -4644,12 +4790,11 @@
+@@ -4644,12 +4791,11 @@
  #
  interface(`userdom_dontaudit_read_sysadm_home_content_files',`
  	gen_require(`
@@ -30786,7 +30986,7 @@
  ')
  
  ########################################
-@@ -4676,10 +4821,10 @@
+@@ -4676,10 +4822,10 @@
  #
  interface(`userdom_sysadm_home_dir_filetrans',`
  	gen_require(`
@@ -30799,7 +30999,7 @@
  ')
  
  ########################################
-@@ -4694,10 +4839,10 @@
+@@ -4694,10 +4840,10 @@
  #
  interface(`userdom_search_sysadm_home_content_dirs',`
  	gen_require(`
@@ -30812,7 +31012,7 @@
  ')
  
  ########################################
-@@ -4712,13 +4857,13 @@
+@@ -4712,13 +4858,13 @@
  #
  interface(`userdom_read_sysadm_home_content_files',`
  	gen_require(`
@@ -30830,7 +31030,7 @@
  ')
  
  ########################################
-@@ -4754,11 +4899,49 @@
+@@ -4754,11 +4900,49 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -30881,7 +31081,7 @@
  ')
  
  ########################################
-@@ -4778,6 +4961,14 @@
+@@ -4778,6 +4962,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -30896,7 +31096,7 @@
  ')
  
  ########################################
-@@ -4839,6 +5030,26 @@
+@@ -4839,6 +5031,26 @@
  
  ########################################
  ## <summary>
@@ -30923,7 +31123,7 @@
  ##	Create, read, write, and delete all directories
  ##	in all users home directories.
  ## </summary>
-@@ -4859,6 +5070,25 @@
+@@ -4859,6 +5071,25 @@
  
  ########################################
  ## <summary>
@@ -30949,7 +31149,7 @@
  ##	Create, read, write, and delete all files
  ##	in all users home directories.
  ## </summary>
-@@ -4879,6 +5109,26 @@
+@@ -4879,6 +5110,26 @@
  
  ########################################
  ## <summary>
@@ -30976,7 +31176,7 @@
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5365,7 @@
+@@ -5115,7 +5366,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -30985,7 +31185,7 @@
  	')
  
  	files_search_home($1)
-@@ -5304,6 +5554,50 @@
+@@ -5304,6 +5555,50 @@
  
  ########################################
  ## <summary>
@@ -31036,7 +31236,7 @@
  ##	Create, read, write, and delete directories in
  ##	unprivileged users home directories.
  ## </summary>
-@@ -5509,6 +5803,42 @@
+@@ -5509,6 +5804,42 @@
  
  ########################################
  ## <summary>
@@ -31079,7 +31279,7 @@
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5674,6 +6004,42 @@
+@@ -5674,6 +6005,42 @@
  
  ########################################
  ## <summary>
@@ -31122,7 +31322,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6070,368 @@
+@@ -5704,3 +6071,368 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.624
retrieving revision 1.625
diff -u -r1.624 -r1.625
--- selinux-policy.spec	29 Feb 2008 22:33:22 -0000	1.624
+++ selinux-policy.spec	4 Mar 2008 21:38:18 -0000	1.625
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -388,6 +388,9 @@
 %endif
 
 %changelog
+* Mon Mar 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-10
+- Allow bitlebee to read locale_t
+
 * Fri Feb 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-9
 - More xselinux rules
 




More information about the fedora-extras-commits mailing list