rpms/selinux-policy/devel policy-20071130.patch, 1.110, 1.111 selinux-policy.spec, 1.641, 1.642
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Mar 28 21:09:55 UTC 2008
- Previous message (by thread): rpms/fuse-encfs/devel fuse-encfs.spec,1.15,1.16
- Next message (by thread): rpms/kernel/F-8 config-generic, 1.58, 1.59 kernel.spec, 1.409, 1.410 linux-2.6-wireless-pending.patch, 1.37, 1.38 linux-2.6-wireless.patch, 1.31, 1.32 linux-2.6-cfg80211-fixup.patch, 1.1, NONE linux-2.6-iwlwifi-sband-registration.patch, 1.1, NONE linux-2.6-mac80211-enc-off.patch, 1.1, NONE linux-2.6-prism54-mutex-thinko.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23563
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu Mar 27 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-25
- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- policy-20071130.patch 26 Mar 2008 06:17:27 -0000 1.110
+++ policy-20071130.patch 28 Mar 2008 21:09:45 -0000 1.111
@@ -1885,7 +1885,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.3.1/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-02-19 23:24:26.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te 2008-02-26 14:29:22.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te 2008-03-28 10:55:06.000000000 +0100
@@ -96,9 +96,11 @@
files_read_etc_files(logrotate_t)
files_read_etc_runtime_files(logrotate_t)
@@ -3042,7 +3042,7 @@
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-07-23 16:20:12.000000000 +0200
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2008-02-26 14:29:22.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2008-03-27 23:42:35.000000000 +0100
@@ -33,9 +33,60 @@
## </param>
#
@@ -4302,13 +4302,14 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2007-12-19 11:32:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2008-02-26 14:29:22.000000000 +0100
-@@ -44,3 +44,5 @@
++++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2008-03-28 21:10:09.000000000 +0100
+@@ -44,3 +44,6 @@
optional_policy(`
nscd_dontaudit_search_pid(loadkeys_t)
')
+
+userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
++userdom_dontaudit_list_user_home_dirs(user, loadkeys_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-01-02 18:57:22.000000000 +0100
+++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2008-03-03 14:24:51.000000000 +0100
@@ -5085,8 +5086,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc 2008-03-25 22:48:09.000000000 +0100
-@@ -0,0 +1,8 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc 2008-03-27 23:41:57.000000000 +0100
+@@ -0,0 +1,9 @@
+
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
@@ -5095,10 +5096,11 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:user_nsplugin_home_t,s0)
++HOME_DIR/\.local.* gen_context(system_u:object_r:user_nsplugin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-03-25 06:36:27.000000000 +0100
-@@ -0,0 +1,352 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-03-28 08:16:42.000000000 +0100
+@@ -0,0 +1,351 @@
+
+## <summary>policy for nsplugin</summary>
+
@@ -5273,7 +5275,6 @@
+ dontaudit nsplugin_t $2:process ptrace;
+
+ allow nsplugin_t $1_tmpfs_t:file { read getattr };
-+
+ allow $2 nsplugin_t:process { getattr ptrace signal_perms };
+ allow $2 nsplugin_t:unix_stream_socket connectto;
+
@@ -5453,8 +5454,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-03-14 16:50:19.000000000 +0100
-@@ -0,0 +1,176 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-03-28 09:20:56.000000000 +0100
+@@ -0,0 +1,179 @@
+
+policy_module(nsplugin,1.0.0)
+
@@ -5508,9 +5509,11 @@
+')
+
+manage_dirs_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
++exec_files_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
+manage_files_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
+manage_lnk_files_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
+userdom_user_home_dir_filetrans(user, nsplugin_t, user_nsplugin_home_t, {file dir})
++userdom_dontaudit_write_user_home_content_files(user, nsplugin_t)
+
+corecmd_exec_bin(nsplugin_t)
+corecmd_exec_shell(nsplugin_t)
@@ -5575,6 +5578,7 @@
+
+optional_policy(`
+ gnome_exec_gconf(nsplugin_t)
++ gnome_manage_user_gnome_config(user, nsplugin_t)
+')
+
+optional_policy(`
@@ -12462,7 +12466,7 @@
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 17:02:50.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-03-04 16:11:49.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-03-27 23:55:52.000000000 +0100
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -12615,7 +12619,7 @@
')
########################################
-@@ -292,6 +307,59 @@
+@@ -292,6 +307,55 @@
########################################
## <summary>
@@ -12634,10 +12638,6 @@
+## </param>
+#
+template(`dbus_connectto_user_bus',`
-+ gen_require(`
-+ type $1_dbusd_t;
-+ ')
-+
+ allow $2 $1_dbusd_t:unix_stream_socket connectto;
+')
+
@@ -12675,7 +12675,7 @@
## Read dbus configuration.
## </summary>
## <param name="domain">
-@@ -366,3 +434,55 @@
+@@ -366,3 +430,55 @@
allow $1 system_dbusd_t:dbus *;
')
@@ -14741,7 +14741,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.3.1/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-11-14 14:17:58.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.fc 2008-03-21 23:49:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.fc 2008-03-28 10:45:08.000000000 +0100
@@ -8,6 +8,7 @@
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -14813,7 +14813,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.3.1/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.te 2008-03-21 23:50:19.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.te 2008-03-28 08:16:08.000000000 +0100
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -14852,7 +14852,15 @@
auth_read_pam_console_data(hald_t)
-@@ -155,6 +160,8 @@
+@@ -121,6 +126,7 @@
+ dev_rw_power_management(hald_t)
+ # hal is now execing pm-suspend
+ dev_rw_sysfs(hald_t)
++dev_read_video_dev(hald_t)
+
+ domain_use_interactive_fds(hald_t)
+ domain_read_all_domains_state(hald_t)
+@@ -155,6 +161,8 @@
selinux_compute_relabel_context(hald_t)
selinux_compute_user_contexts(hald_t)
@@ -14861,7 +14869,7 @@
storage_raw_read_removable_device(hald_t)
storage_raw_write_removable_device(hald_t)
storage_raw_read_fixed_disk(hald_t)
-@@ -172,6 +179,8 @@
+@@ -172,6 +180,8 @@
init_rw_utmp(hald_t)
init_telinit(hald_t)
@@ -14870,7 +14878,7 @@
libs_use_ld_so(hald_t)
libs_use_shared_libs(hald_t)
libs_exec_ld_so(hald_t)
-@@ -244,6 +253,10 @@
+@@ -244,6 +254,10 @@
')
optional_policy(`
@@ -14881,7 +14889,7 @@
hotplug_read_config(hald_t)
')
-@@ -265,6 +278,11 @@
+@@ -265,6 +279,11 @@
')
optional_policy(`
@@ -14893,7 +14901,7 @@
rpc_search_nfs_state_data(hald_t)
')
-@@ -291,7 +309,8 @@
+@@ -291,7 +310,8 @@
#
allow hald_acl_t self:capability { dac_override fowner };
@@ -14903,7 +14911,7 @@
domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
allow hald_t hald_acl_t:process signal;
-@@ -301,9 +320,14 @@
+@@ -301,9 +321,14 @@
manage_files_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_acl_t)
@@ -14918,7 +14926,7 @@
dev_getattr_generic_usb_dev(hald_acl_t)
dev_getattr_video_dev(hald_acl_t)
dev_setattr_video_dev(hald_acl_t)
-@@ -325,6 +349,11 @@
+@@ -325,6 +350,11 @@
miscfiles_read_localization(hald_acl_t)
@@ -14930,7 +14938,7 @@
########################################
#
# Local hald mac policy
-@@ -338,10 +367,14 @@
+@@ -338,10 +368,14 @@
manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -14945,7 +14953,7 @@
libs_use_ld_so(hald_mac_t)
libs_use_shared_libs(hald_mac_t)
-@@ -391,3 +424,7 @@
+@@ -391,3 +425,7 @@
libs_use_shared_libs(hald_keymap_t)
miscfiles_read_localization(hald_keymap_t)
@@ -16432,7 +16440,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.te 2008-03-17 16:21:36.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.te 2008-03-28 11:44:38.000000000 +0100
@@ -25,26 +25,33 @@
type munin_var_run_t alias lrrd_var_run_t;
files_pid_file(munin_var_run_t)
@@ -16521,7 +16529,7 @@
userdom_dontaudit_use_unpriv_user_fds(munin_t)
userdom_dontaudit_search_sysadm_home_dirs(munin_t)
-@@ -108,7 +126,20 @@
+@@ -108,7 +126,21 @@
')
optional_policy(`
@@ -16531,6 +16539,7 @@
+
+optional_policy(`
+ mta_read_config(munin_t)
++ mta_send_mail(munin_t)
+')
+
+optional_policy(`
@@ -16543,7 +16552,7 @@
')
optional_policy(`
-@@ -118,3 +149,9 @@
+@@ -118,3 +150,9 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -25374,7 +25383,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-25 08:25:28.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 22:07:37.000000000 +0100
@@ -8,6 +8,14 @@
## <desc>
@@ -25447,7 +25456,7 @@
type iceauth_exec_t;
-application_executable_file(iceauth_exec_t)
+application_domain(iceauth_t,iceauth_exec_t)
-
++
+type input_xevent_t, xevent_type;
+type manage_xevent_t, xevent_type;
+type output_xext_t, xextension_type;
@@ -25463,7 +25472,7 @@
+type x_rootcolormap_t;
+type x_rootscreen_t;
+type x_rootwindow_t;
-+
+
+type xauth_t;
type xauth_exec_t;
-application_executable_file(xauth_exec_t)
@@ -25529,13 +25538,15 @@
optional_policy(`
prelink_object_file(xkb_var_lib_t)
')
-@@ -95,8 +196,11 @@
+@@ -95,8 +196,13 @@
# XDM Local policy
#
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
+allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
++allow xdm_t self:capability { getcap setcap };
++
+dontaudit xdm_t self:capability sys_admin;
+
+allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
@@ -25543,7 +25554,7 @@
allow xdm_t self:fifo_file rw_fifo_file_perms;
allow xdm_t self:shm create_shm_perms;
allow xdm_t self:sem create_sem_perms;
-@@ -109,6 +213,8 @@
+@@ -109,6 +215,8 @@
allow xdm_t self:key { search link write };
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
@@ -25552,7 +25563,7 @@
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -131,15 +237,22 @@
+@@ -131,15 +239,22 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -25576,7 +25587,7 @@
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -153,6 +266,7 @@
+@@ -153,6 +268,7 @@
allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xdm_xserver_t:shm rw_shm_perms;
@@ -25584,7 +25595,7 @@
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
-@@ -173,6 +287,8 @@
+@@ -173,6 +289,8 @@
corecmd_exec_shell(xdm_t)
corecmd_exec_bin(xdm_t)
@@ -25593,7 +25604,7 @@
corenet_all_recvfrom_unlabeled(xdm_t)
corenet_all_recvfrom_netlabel(xdm_t)
-@@ -184,6 +300,7 @@
+@@ -184,6 +302,7 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_all_nodes(xdm_t)
corenet_udp_bind_all_nodes(xdm_t)
@@ -25601,7 +25612,7 @@
corenet_tcp_connect_all_ports(xdm_t)
corenet_sendrecv_all_client_packets(xdm_t)
# xdm tries to bind to biff_port_t
-@@ -196,6 +313,7 @@
+@@ -196,6 +315,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -25609,7 +25620,7 @@
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -208,8 +326,8 @@
+@@ -208,8 +328,8 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -25620,7 +25631,7 @@
dev_getattr_power_mgmt_dev(xdm_t)
dev_setattr_power_mgmt_dev(xdm_t)
-@@ -226,9 +344,12 @@
+@@ -226,9 +346,12 @@
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -25633,7 +25644,7 @@
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -237,6 +358,7 @@
+@@ -237,6 +360,7 @@
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -25641,7 +25652,7 @@
term_setattr_console(xdm_t)
term_use_unallocated_ttys(xdm_t)
-@@ -245,6 +367,7 @@
+@@ -245,6 +369,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -25649,7 +25660,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -256,12 +379,11 @@
+@@ -256,12 +381,11 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -25663,7 +25674,7 @@
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_dontaudit_search_sysadm_home_dirs(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -270,8 +392,13 @@
+@@ -270,8 +394,13 @@
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -25677,7 +25688,7 @@
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_t)
-@@ -301,10 +428,15 @@
+@@ -301,10 +430,15 @@
optional_policy(`
alsa_domtrans(xdm_t)
@@ -25694,7 +25705,7 @@
')
optional_policy(`
-@@ -312,6 +444,23 @@
+@@ -312,6 +446,23 @@
')
optional_policy(`
@@ -25718,7 +25729,7 @@
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
-@@ -322,6 +471,10 @@
+@@ -322,6 +473,10 @@
')
optional_policy(`
@@ -25729,7 +25740,7 @@
loadkeys_exec(xdm_t)
')
-@@ -335,6 +488,11 @@
+@@ -335,6 +490,11 @@
')
optional_policy(`
@@ -25741,7 +25752,7 @@
seutil_sigchld_newrole(xdm_t)
')
-@@ -343,8 +501,8 @@
+@@ -343,8 +503,8 @@
')
optional_policy(`
@@ -25751,7 +25762,7 @@
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -380,7 +538,7 @@
+@@ -380,7 +540,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -25760,7 +25771,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -392,6 +550,15 @@
+@@ -392,6 +552,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -25776,7 +25787,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -404,9 +571,17 @@
+@@ -404,9 +573,17 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_unpriv_users_home_content_files(xdm_xserver_t)
@@ -25794,7 +25805,7 @@
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_xserver_t)
fs_manage_nfs_files(xdm_xserver_t)
-@@ -420,6 +595,22 @@
+@@ -420,6 +597,22 @@
')
optional_policy(`
@@ -25817,7 +25828,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -429,47 +620,139 @@
+@@ -429,47 +622,139 @@
')
optional_policy(`
@@ -29507,7 +29518,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-02-06 16:33:22.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-03-25 06:46:13.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2008-03-28 13:41:55.000000000 +0100
@@ -45,7 +45,7 @@
dontaudit dhcpc_t self:capability sys_tty_config;
# for access("/etc/bashrc", X_OK) on Red Hat
@@ -30353,7 +30364,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 15:52:56.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-25 08:52:58.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-27 23:47:44.000000000 +0100
@@ -29,9 +29,14 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.641
retrieving revision 1.642
diff -u -r1.641 -r1.642
--- selinux-policy.spec 26 Mar 2008 06:17:27 -0000 1.641
+++ selinux-policy.spec 28 Mar 2008 21:09:45 -0000 1.642
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 24%{?dist}
+Release: 25%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,10 @@
%endif
%changelog
+* Thu Mar 27 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-25
+- Additional access for nsplugin
+- Allow xdm setcap/getcap until pulseaudio is fixed
+
* Tue Mar 25 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-24
- Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs
- Previous message (by thread): rpms/fuse-encfs/devel fuse-encfs.spec,1.15,1.16
- Next message (by thread): rpms/kernel/F-8 config-generic, 1.58, 1.59 kernel.spec, 1.409, 1.410 linux-2.6-wireless-pending.patch, 1.37, 1.38 linux-2.6-wireless.patch, 1.31, 1.32 linux-2.6-cfg80211-fixup.patch, 1.1, NONE linux-2.6-iwlwifi-sband-registration.patch, 1.1, NONE linux-2.6-mac80211-enc-off.patch, 1.1, NONE linux-2.6-prism54-mutex-thinko.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list