rpms/selinux-policy/devel policy-20071130.patch,1.99,1.100
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Mar 12 12:39:49 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24582
Modified Files:
policy-20071130.patch
Log Message:
* Wed Mar 12 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-16
- Change init_t to an unconfined_domain
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- policy-20071130.patch 12 Mar 2008 12:35:06 -0000 1.99
+++ policy-20071130.patch 12 Mar 2008 12:39:48 -0000 1.100
@@ -26326,7 +26326,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 08:17:43.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-12 08:33:31.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-12 08:37:59.000000000 -0400
@@ -10,6 +10,20 @@
# Declarations
#
@@ -26461,20 +26461,26 @@
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
-@@ -201,10 +239,9 @@
- allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
+@@ -198,13 +236,14 @@
+ allow initrc_t self:udp_socket create_socket_perms;
+ allow initrc_t self:fifo_file rw_file_perms;
+
+-allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
++allow init_t initrc_t:unix_dgram_socket sendto;
++
term_create_pty(initrc_t,initrc_devpts_t)
-# Going to single user mode
-init_exec(initrc_t)
+init_telinit(initrc_t)
++init_chat(initrc_t)
-can_exec(initrc_t,initrc_exec_t)
+can_exec(initrc_t,initscript)
manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
-@@ -257,7 +294,7 @@
+@@ -257,7 +296,7 @@
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
dev_setattr_all_chr_files(initrc_t)
@@ -26483,7 +26489,7 @@
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -283,7 +320,6 @@
+@@ -283,7 +322,6 @@
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
@@ -26491,7 +26497,7 @@
selinux_get_enforce_mode(initrc_t)
-@@ -496,6 +532,31 @@
+@@ -496,6 +534,31 @@
')
')
@@ -26523,7 +26529,7 @@
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -559,14 +620,6 @@
+@@ -559,14 +622,6 @@
')
optional_policy(`
@@ -26538,7 +26544,7 @@
ftp_read_config(initrc_t)
')
-@@ -639,12 +692,6 @@
+@@ -639,12 +694,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -26551,7 +26557,7 @@
optional_policy(`
ifdef(`distro_redhat',`
-@@ -705,6 +752,9 @@
+@@ -705,6 +754,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -26561,7 +26567,7 @@
')
optional_policy(`
-@@ -717,9 +767,11 @@
+@@ -717,9 +769,11 @@
squid_manage_logs(initrc_t)
')
@@ -26576,7 +26582,7 @@
')
optional_policy(`
-@@ -738,6 +790,11 @@
+@@ -738,6 +792,11 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -26588,7 +26594,7 @@
optional_policy(`
unconfined_domain(initrc_t)
-@@ -752,6 +809,10 @@
+@@ -752,6 +811,10 @@
')
optional_policy(`
@@ -26599,7 +26605,7 @@
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -774,3 +835,4 @@
+@@ -774,3 +837,4 @@
optional_policy(`
zebra_read_config(initrc_t)
')
More information about the fedora-extras-commits
mailing list