rpms/selinux-policy/devel policy-20071130.patch, 1.104, 1.105 selinux-policy.spec, 1.634, 1.635
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Mar 14 21:13:30 UTC 2008
- Previous message (by thread): rpms/xorg-x11-drv-amd/devel .cvsignore, 1.8, 1.9 sources, 1.10, 1.11 xorg-x11-drv-amd.spec, 1.19, 1.20 amd-pciaccess-fix.patch, 1.1, NONE lx-disable-compression.patch, 1.1, NONE
- Next message (by thread): rpms/pidgin/devel pidgin.spec, 1.46, 1.47 purple-fedora-prefs.xml, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1382
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-20
- Fix bug in mozilla policy to allow xguest transition
- This will fix the
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- policy-20071130.patch 14 Mar 2008 15:59:07 -0000 1.104
+++ policy-20071130.patch 14 Mar 2008 21:13:24 -0000 1.105
@@ -29997,7 +29997,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 10:48:11.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 14:50:39.000000000 -0400
@@ -29,9 +29,14 @@
')
@@ -32368,11 +32368,11 @@
+#
+interface(`userdom_list_user_files',`
+ gen_require(`
-+ attribute $1_home_type;
++ attribute user_home_type;
+ ')
+
-+ allow $2 $1_home_type:dir search_dir_perms;
-+ allow $2 $1_home_type:file getattr;
++ allow $2 user_home_type:dir search_dir_perms;
++ allow $2 user_home_type:file getattr;
+')
+
+########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.634
retrieving revision 1.635
diff -u -r1.634 -r1.635
--- selinux-policy.spec 14 Mar 2008 15:17:23 -0000 1.634
+++ selinux-policy.spec 14 Mar 2008 21:13:24 -0000 1.635
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 19%{?dist}
+Release: 20%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -121,7 +121,7 @@
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
-#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
+#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/ seusers \
%dir %{_sysconfdir}/selinux/%1/policy/ \
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
%dir %{_sysconfdir}/selinux/%1/contexts \
@@ -157,8 +157,7 @@
%define loadpolicy() \
( cd /usr/share/selinux/%1; \
semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
-);\
-rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew;
+) > /dev/null 2>&1; \
%define relabel() \
. %{_sysconfdir}/selinux/config; \
@@ -253,7 +252,7 @@
ln -sf ../selinux/config /etc/sysconfig/selinux
restorecon /etc/selinux/config 2> /dev/null || :
else
- . /etc/selinux/config
+ . /etc/selinux/config
# if first time update booleans.local needs to be copied to sandbox
[ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
[ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
@@ -291,17 +290,17 @@
%saveFileContext targeted
%post targeted
-semodule -s targeted -r moilscanner 2>/dev/null
+if [ $1 -eq 1 ]; then
%loadpolicy targeted
-
-if [ $1 = 1 ]; then
-semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
+semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__ 2> /dev/null
semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 root 2> /dev/null
semanage user -a -P guest -R guest_r guest_u
semanage user -a -P xguest -R xguest_r xguest_u
restorecon -R /root /var/log /var/run 2> /dev/null
else
+semodule -s targeted -r moilscanner 2>/dev/null
+%loadpolicy targeted
%relabel targeted
fi
exit 0
@@ -310,7 +309,7 @@
%triggerpostun targeted -- selinux-policy-targeted < 3.2.5-9.fc9
setsebool -P use_nfs_home_dirs=1
semanage user -l | grep -s unconfined_u
-if [ $? == 0 ]; then
+if [ $? -eq 0 ]; then
semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
else
semanage user -a -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
@@ -347,7 +346,7 @@
%post olpc
%loadpolicy olpc
-if [ $1 != 1 ]; then
+if [ $1 -ne 1 ]; then
%relabel olpc
fi
exit 0
@@ -388,6 +387,15 @@
%endif
%changelog
+* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-20
+- Fix bug in mozilla policy to allow xguest transition
+- This will fix the
+
+libsemanage.dbase_llist_query: could not find record value
+libsemanage.dbase_llist_query: could not query record value (No such file or
+directory)
+ bug in xguest
+
* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-19
- Allow nsplugin to run acroread
- Previous message (by thread): rpms/xorg-x11-drv-amd/devel .cvsignore, 1.8, 1.9 sources, 1.10, 1.11 xorg-x11-drv-amd.spec, 1.19, 1.20 amd-pciaccess-fix.patch, 1.1, NONE lx-disable-compression.patch, 1.1, NONE
- Next message (by thread): rpms/pidgin/devel pidgin.spec, 1.46, 1.47 purple-fedora-prefs.xml, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list