rpms/selinux-policy/F-8 policy-20070703.patch,1.207,1.208

Tue May 13 18:50:30 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25702

Modified Files:
	policy-20070703.patch 
Log Message:
* Tue May 13 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-103
-Fix labeling on /var/spool/fax and /var/spool/voice


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.207
retrieving revision 1.208
diff -u -r1.207 -r1.208

--- policy-20070703.patch	13 May 2008 17:13:01 -0000	1.207
+++ policy-20070703.patch	13 May 2008 18:49:51 -0000	1.208
@@ -18992,7 +18992,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-05-13 11:39:04.617949000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-05-13 14:26:59.442650000 -0400
 @@ -9,6 +9,13 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -19060,7 +19060,7 @@
 +userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
 +userdom_dontaudit_write_user_home_content_files(user, pam_t)
 +userdom_append_unpriv_users_home_content_files(pam_t)
-+userdom_dontaudit_read_user_tmp_files(pam_t)
++userdom_dontaudit_read_user_tmp_files(user, pam_t)
  
  optional_policy(`
  	locallogin_use_fds(pam_t)
@@ -19387,7 +19387,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.if	2008-05-13 14:35:09.563203000 -0400
 @@ -211,6 +211,21 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -19558,7 +19558,7 @@
  ')
  
  ########################################
-@@ -1273,3 +1318,64 @@
+@@ -1273,3 +1318,83 @@
  	files_search_pids($1)
  	allow $1 initrc_var_run_t:file manage_file_perms;
  ')
@@ -19623,6 +19623,25 @@
 +	domain_entry_file(initrc_t,$1)
 +
 +')
++
++########################################
++## <summary>
++##	Execute a file in a bin directory
++##	in the initrc_t domain 
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_bin_domtrans_spec',`
++	gen_require(`
++		type initrc_t;
++	')
++
++	corecmd_bin_domtrans($1, initrc_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.0.8/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2007-10-22 13:21:40.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/system/init.te	2008-04-04 16:11:03.000000000 -0400
@@ -19997,7 +20016,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.0.8/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/iptables.te	2008-05-13 11:33:34.065230000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/iptables.te	2008-05-13 13:29:53.001644000 -0400
 @@ -64,13 +64,14 @@
  init_use_script_ptys(iptables_t)
  # to allow rules to be saved on reboot:
@@ -20008,9 +20027,10 @@
  libs_use_shared_libs(iptables_t)
  
  logging_send_syslog_msg(iptables_t)
- # system-config-network appends to /var/log
+-# system-config-network appends to /var/log
 -#logging_append_system_logs(iptables_t)
-+logging_append_system_logs(iptables_t)
++# system-config-network appends to /var/lo
++logging_append_all_logs(iptables_t)
  
  miscfiles_read_localization(iptables_t)
  


