rpms/selinux-policy/devel policy-20071130.patch,1.135,1.136

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue May 6 20:43:44 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19397

Modified Files:
	policy-20071130.patch 
Log Message:
* Wed Apr 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-45
- Remove dmesg boolean
- Allow user domains to read/write game data


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -r1.135 -r1.136
--- policy-20071130.patch	6 May 2008 18:15:03 -0000	1.135
+++ policy-20071130.patch	6 May 2008 20:43:08 -0000	1.136
@@ -6887,7 +6887,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-05-06 14:02:43.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-05-06 15:59:51.000000000 -0400
 @@ -75,6 +75,7 @@
  network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) 
  network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
@@ -9496,7 +9496,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-05-06 14:02:43.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-05-06 16:40:13.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -9724,14 +9724,14 @@
 +	filetrans_pattern(httpd_sys_script_t,httpd_sys_content_t,httpd_sys_content_rw_t, { file dir lnk_file })
 +	can_exec(httpd_sys_script_t, httpd_sys_content_t)
 +')
++
++tunable_policy(`allow_httpd_sys_script_anon_write',`
++	miscfiles_manage_public_files(httpd_sys_script_t)
++') 
  
 -	manage_dirs_pattern(httpd_t,httpdcontent,httpdcontent)
 -	manage_files_pattern(httpd_t,httpdcontent,httpdcontent)
 -	manage_lnk_files_pattern(httpd_t,httpdcontent,httpdcontent)
-+tunable_policy(`allow_httpd_sys_script_anon_write',`
-+	miscfiles_manage_public_files(httpd_sys_script_t)
-+') 
-+
 +tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
 +	domtrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_script_t)
 +	filetrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_rw_t, { file dir lnk_file })
@@ -9827,7 +9827,7 @@
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -521,6 +610,20 @@
+@@ -521,6 +610,22 @@
  	userdom_use_sysadm_terms(httpd_helper_t)
  ')
  
@@ -9839,6 +9839,8 @@
 +	domtrans_pattern(httpd_t, httpd_unconfined_script_exec_t, httpd_unconfined_script_t)
 +	unconfined_domain(httpd_unconfined_script_t)
 +
++	role system_r types httpd_unconfined_script_t;
++
 +	tunable_policy(`httpd_tty_comm',`
 +		unconfined_use_terminals(httpd_helper_t)
 +	')
@@ -9848,7 +9850,7 @@
  ########################################
  #
  # Apache PHP script local policy
-@@ -550,18 +653,24 @@
+@@ -550,18 +655,24 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -9876,7 +9878,7 @@
  ')
  
  ########################################
-@@ -585,6 +694,8 @@
+@@ -585,6 +696,8 @@
  manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -9885,7 +9887,7 @@
  kernel_read_kernel_sysctls(httpd_suexec_t)
  kernel_list_proc(httpd_suexec_t)
  kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -593,9 +704,7 @@
+@@ -593,9 +706,7 @@
  
  fs_search_auto_mountpoints(httpd_suexec_t)
  
@@ -9896,7 +9898,7 @@
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -628,6 +737,7 @@
+@@ -628,6 +739,7 @@
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
@@ -9904,7 +9906,7 @@
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
  ')
-@@ -638,6 +748,12 @@
+@@ -638,6 +750,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -9917,7 +9919,7 @@
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -655,10 +771,6 @@
+@@ -655,10 +773,6 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -9928,7 +9930,7 @@
  ########################################
  #
  # Apache system script local policy
-@@ -668,7 +780,8 @@
+@@ -668,7 +782,8 @@
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
@@ -9938,7 +9940,7 @@
  
  allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
  read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -682,15 +795,44 @@
+@@ -682,15 +797,44 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -9984,7 +9986,7 @@
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -700,9 +842,15 @@
+@@ -700,9 +844,15 @@
  	clamav_domtrans_clamscan(httpd_sys_script_t)
  ')
  
@@ -10000,7 +10002,7 @@
  ')
  
  ########################################
-@@ -724,3 +872,47 @@
+@@ -724,3 +874,47 @@
  logging_search_logs(httpd_rotatelogs_t)
  
  miscfiles_read_localization(httpd_rotatelogs_t)
@@ -30102,6 +30104,17 @@
 +	hal_rw_pipes(mount_t)
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
+--- nsaserefpolicy/policy/modules/system/netlabel.te	2008-02-26 08:23:09.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2008-05-06 16:12:12.000000000 -0400
+@@ -9,6 +9,7 @@
+ type netlabel_mgmt_t;
+ type netlabel_mgmt_exec_t;
+ application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
++role system_r types netlabl_mgmt_t;
+ 
+ ########################################
+ #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
 --- nsaserefpolicy/policy/modules/system/qemu.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2008-05-06 14:02:43.000000000 -0400

More information about the fedora-extras-commits mailing list