rpms/selinux-policy/devel policy-20071130.patch,1.93,1.94

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Mar 10 20:58:11 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30512

Modified Files:
	policy-20071130.patch 
Log Message:
* Mon Mar 10 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-13
- Additional changes for MLS policy


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- policy-20071130.patch	10 Mar 2008 20:16:22 -0000	1.93
+++ policy-20071130.patch	10 Mar 2008 20:58:06 -0000	1.94
@@ -14490,7 +14490,7 @@
 +cron_read_system_job_lib_files(hald_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.3.1/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2008-03-10 16:49:55.000000000 -0400
 @@ -30,6 +30,10 @@
  type inetd_child_var_run_t;
  files_pid_file(inetd_child_var_run_t)
@@ -23383,7 +23383,7 @@
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2008-03-10 14:41:25.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2008-03-10 16:54:19.000000000 -0400
 @@ -12,9 +12,15 @@
  ##	</summary>
  ## </param>
@@ -23847,7 +23847,7 @@
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -542,25 +540,540 @@
+@@ -542,25 +540,541 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -23995,6 +23995,7 @@
 +		class x_synthetic_event all_x_synthetic_event_perms;
 +
 +		attribute xdm_x_domain;
++		attribute xserver_unconfined_type;
 +	')
 +
 +	allow $1 self:x_cursor { create use setattr };
@@ -24084,6 +24085,7 @@
 +	allow $1 input_xevent_t:{ x_event x_synthetic_event } receive;
 +	allow $1 $1:{ x_event x_synthetic_event } { send receive };
 +	allow $1 default_xevent_t:x_event receive;
++	allow $1 default_xevent_t:x_synthetic_event send;
 +
 +	# can receive certain root window events
 +	allow $1 focus_xevent_t:x_event receive;
@@ -24122,7 +24124,6 @@
 +	allow $1 xdm_xserver_t:x_device { getattr getfocus use setattr };
 +	allow $1 xdm_xserver_t:x_resource read;
 +	allow $1 xdm_xserver_t:x_server grab;
-+
 +')
 +
 +#######################################
@@ -24394,7 +24395,7 @@
  	')
  ')
  
-@@ -593,26 +1106,44 @@
+@@ -593,26 +1107,44 @@
  #
  template(`xserver_use_user_fonts',`
  	gen_require(`
@@ -24446,15 +24447,14 @@
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -638,10 +1169,77 @@
+@@ -638,10 +1170,77 @@
  #
  template(`xserver_domtrans_user_xauth',`
  	gen_require(`
 -		type $1_xauth_t, xauth_exec_t;
 +		type xauth_exec_t, xauth_t;
- 	')
- 
--	domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
++	')
++
 +	domtrans_pattern($2, xauth_exec_t, xauth_t)
 +')
 +
@@ -24519,14 +24519,15 @@
 +template(`xserver_read_user_iceauth',`
 +	gen_require(`
 +		type user_iceauth_home_t;
-+	')
-+
+ 	')
+ 
+-	domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
 +	# Read .Iceauthority file
 +	allow $2 user_iceauth_home_t:file { getattr read };
  ')
  
  ########################################
-@@ -671,10 +1269,10 @@
+@@ -671,10 +1270,10 @@
  #
  template(`xserver_user_home_dir_filetrans_user_xauth',`
  	gen_require(`
@@ -24539,7 +24540,7 @@
  ')
  
  ########################################
-@@ -760,7 +1358,7 @@
+@@ -760,7 +1359,7 @@
  		type xconsole_device_t;
  	')
  
@@ -24548,7 +24549,7 @@
  ')
  
  ########################################
-@@ -860,6 +1458,25 @@
+@@ -860,6 +1459,25 @@
  
  ########################################
  ## <summary>
@@ -24574,7 +24575,7 @@
  ##	Read xdm-writable configuration files.
  ## </summary>
  ## <param name="domain">
-@@ -914,6 +1531,7 @@
+@@ -914,6 +1532,7 @@
  	files_search_tmp($1)
  	allow $1 xdm_tmp_t:dir list_dir_perms;
  	create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -24582,7 +24583,7 @@
  ')
  
  ########################################
-@@ -955,6 +1573,24 @@
+@@ -955,6 +1574,24 @@
  
  ########################################
  ## <summary>
@@ -24607,7 +24608,7 @@
  ##	Execute the X server in the XDM X server domain.
  ## </summary>
  ## <param name="domain">
-@@ -965,15 +1601,47 @@
+@@ -965,15 +1602,47 @@
  #
  interface(`xserver_domtrans_xdm_xserver',`
  	gen_require(`
@@ -24656,7 +24657,7 @@
  ##	Make an X session script an entrypoint for the specified domain.
  ## </summary>
  ## <param name="domain">
-@@ -1123,7 +1791,7 @@
+@@ -1123,7 +1792,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -24665,7 +24666,7 @@
  ')
  
  ########################################
-@@ -1312,3 +1980,83 @@
+@@ -1312,3 +1981,83 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')

More information about the fedora-extras-commits mailing list