rpms/selinux-policy/devel policy-20071130.patch, 1.104, 1.105 selinux-policy.spec, 1.634, 1.635

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Fri Mar 14 21:13:30 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1382

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-20
- Fix bug in mozilla policy to allow xguest transition
- This will fix the 


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- policy-20071130.patch	14 Mar 2008 15:59:07 -0000	1.104
+++ policy-20071130.patch	14 Mar 2008 21:13:24 -0000	1.105
@@ -29997,7 +29997,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-03-14 10:48:11.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-03-14 14:50:39.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -32368,11 +32368,11 @@
 +#
 +interface(`userdom_list_user_files',`
 +	gen_require(`
-+		attribute $1_home_type;
++		attribute user_home_type;
 +	')
 +
-+	allow $2 $1_home_type:dir search_dir_perms;
-+	allow $2 $1_home_type:file getattr;
++	allow $2 user_home_type:dir search_dir_perms;
++	allow $2 user_home_type:file getattr;
 +')
 +
 +########################################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.634
retrieving revision 1.635
diff -u -r1.634 -r1.635
--- selinux-policy.spec	14 Mar 2008 15:17:23 -0000	1.634
+++ selinux-policy.spec	14 Mar 2008 21:13:24 -0000	1.635
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -121,7 +121,7 @@
 %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
 %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
 %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
-#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
+#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/ seusers \
 %dir %{_sysconfdir}/selinux/%1/policy/ \
 %ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
 %dir %{_sysconfdir}/selinux/%1/contexts \
@@ -157,8 +157,7 @@
 %define loadpolicy() \
 ( cd /usr/share/selinux/%1; \
 semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
-);\
-rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew;
+) > /dev/null 2>&1; \
 
 %define relabel() \
 . %{_sysconfdir}/selinux/config; \
@@ -253,7 +252,7 @@
 	ln -sf ../selinux/config /etc/sysconfig/selinux 
 	restorecon /etc/selinux/config 2> /dev/null || :
 else
-	. /etc/selinux/config
+			. /etc/selinux/config
 	# if first time update booleans.local needs to be copied to sandbox
 	[ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
 	[ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
@@ -291,17 +290,17 @@
 %saveFileContext targeted
 
 %post targeted
-semodule -s targeted -r moilscanner 2>/dev/null
+if [ $1 -eq 1 ]; then
 %loadpolicy targeted
-
-if [ $1 = 1 ]; then
-semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 
+semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
 semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__ 2> /dev/null
 semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 root 2> /dev/null
 semanage user -a -P guest -R guest_r guest_u
 semanage user -a -P xguest -R xguest_r xguest_u 
 restorecon -R /root /var/log /var/run 2> /dev/null
 else
+semodule -s targeted -r moilscanner 2>/dev/null
+%loadpolicy targeted
 %relabel targeted
 fi
 exit 0
@@ -310,7 +309,7 @@
 %triggerpostun targeted -- selinux-policy-targeted < 3.2.5-9.fc9
 setsebool -P use_nfs_home_dirs=1
 semanage user -l | grep -s unconfined_u 
-if [ $? == 0 ]; then
+if [ $? -eq 0 ]; then
    semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u  2> /dev/null
 else
    semanage user -a -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u  2> /dev/null
@@ -347,7 +346,7 @@
 %post olpc 
 %loadpolicy olpc
 
-if [ $1 != 1 ]; then
+if [ $1 -ne 1 ]; then
 %relabel olpc
 fi
 exit 0
@@ -388,6 +387,15 @@
 %endif
 
 %changelog
+* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-20
+- Fix bug in mozilla policy to allow xguest transition
+- This will fix the 
+
+libsemanage.dbase_llist_query: could not find record value
+libsemanage.dbase_llist_query: could not query record value (No such file or
+directory)
+ bug in xguest
+
 * Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-19
 - Allow nsplugin to run acroread
 




More information about the fedora-extras-commits mailing list