rpms/selinux-policy/F-9 policy-20071130.patch, 1.230, 1.231 selinux-policy.spec, 1.720, 1.721

Daniel J Walsh dwalsh at fedoraproject.org
Tue Oct 21 18:32:06 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11580

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-104
- Remove mod_fcgid-selinux package


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- policy-20071130.patch	20 Oct 2008 20:16:40 -0000	1.230
+++ policy-20071130.patch	21 Oct 2008 18:32:05 -0000	1.231
@@ -11329,7 +11329,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-10-14 11:43:20.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-10-21 09:36:20.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -11434,17 +11434,20 @@
  # httpd_modules_t is the type given to module files (libraries) 
  # that come with Apache /etc/httpd/modules and /usr/lib/apache
  type httpd_modules_t;
-@@ -180,6 +220,9 @@
+@@ -180,6 +220,12 @@
  
  # setup the system domain for system CGI scripts
  apache_content_template(sys)
++typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
++typealias httpd_sys_content_t alias httpd_fastcgi_content_t;
++typealias httpd_sys_content_rw_t alias httpd_fastcgi_content_rw_t;
 +typeattribute httpd_sys_content_t httpdcontent, httpd_ro_content; # customizable
 +typeattribute httpd_sys_content_rw_t httpdcontent, httpd_rw_content; # customizable
 +typeattribute httpd_sys_content_ra_t httpdcontent; # customizable
  
  type httpd_tmp_t;
  files_tmp_file(httpd_tmp_t)
-@@ -202,12 +245,16 @@
+@@ -202,12 +248,16 @@
  	prelink_object_file(httpd_modules_t)
  ')
  
@@ -11462,7 +11465,7 @@
  dontaudit httpd_t self:capability { net_admin sys_tty_config };
  allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow httpd_t self:fd use;
-@@ -249,6 +296,7 @@
+@@ -249,6 +299,7 @@
  allow httpd_t httpd_modules_t:dir list_dir_perms;
  mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
  read_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -11470,7 +11473,7 @@
  
  apache_domtrans_rotatelogs(httpd_t)
  # Apache-httpd needs to be able to send signals to the log rotate procs.
-@@ -260,9 +308,9 @@
+@@ -260,9 +311,9 @@
  
  allow httpd_t httpd_suexec_exec_t:file { getattr read };
  
@@ -11483,7 +11486,7 @@
  
  manage_dirs_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t)
  manage_files_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t)
-@@ -289,6 +337,7 @@
+@@ -289,6 +340,7 @@
  kernel_read_kernel_sysctls(httpd_t)
  # for modules that want to access /proc/meminfo
  kernel_read_system_state(httpd_t)
@@ -11491,7 +11494,7 @@
  
  corenet_all_recvfrom_unlabeled(httpd_t)
  corenet_all_recvfrom_netlabel(httpd_t)
-@@ -299,6 +348,7 @@
+@@ -299,6 +351,7 @@
  corenet_tcp_sendrecv_all_ports(httpd_t)
  corenet_udp_sendrecv_all_ports(httpd_t)
  corenet_tcp_bind_all_nodes(httpd_t)
@@ -11499,7 +11502,7 @@
  corenet_tcp_bind_http_port(httpd_t)
  corenet_tcp_bind_http_cache_port(httpd_t)
  corenet_sendrecv_http_server_packets(httpd_t)
-@@ -315,9 +365,7 @@
+@@ -315,9 +368,7 @@
  
  auth_use_nsswitch(httpd_t)
  
@@ -11510,7 +11513,7 @@
  
  domain_use_interactive_fds(httpd_t)
  
-@@ -335,6 +383,10 @@
+@@ -335,6 +386,10 @@
  files_read_var_lib_symlinks(httpd_t)
  
  fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -11521,7 +11524,7 @@
  
  libs_use_ld_so(httpd_t)
  libs_use_shared_libs(httpd_t)
-@@ -351,25 +403,50 @@
+@@ -351,25 +406,50 @@
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -11576,7 +11579,7 @@
  tunable_policy(`httpd_can_network_relay',`
  	# allow httpd to work as a relay
  	corenet_tcp_connect_gopher_port(httpd_t)
-@@ -382,12 +459,26 @@
+@@ -382,12 +462,26 @@
  	corenet_sendrecv_http_cache_client_packets(httpd_t)
  ')
  
@@ -11608,7 +11611,7 @@
  ')
  
  tunable_policy(`httpd_enable_ftp_server',`
-@@ -399,11 +490,21 @@
+@@ -399,11 +493,21 @@
  	fs_read_nfs_symlinks(httpd_t)
  ')
  
@@ -11630,7 +11633,7 @@
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
  	allow httpd_sys_script_t httpd_t:fd use;
-@@ -437,8 +538,13 @@
+@@ -437,8 +541,13 @@
  ')
  
  optional_policy(`
@@ -11646,7 +11649,7 @@
  ')
  
  optional_policy(`
-@@ -450,19 +556,13 @@
+@@ -450,19 +559,13 @@
  ')
  
  optional_policy(`
@@ -11667,7 +11670,7 @@
  ')
  
  optional_policy(`
-@@ -472,13 +572,23 @@
+@@ -472,13 +575,23 @@
  	openca_kill(httpd_t)
  ')
  
@@ -11695,7 +11698,7 @@
  ')
  
  optional_policy(`
-@@ -486,6 +596,7 @@
+@@ -486,6 +599,7 @@
  ')
  
  optional_policy(`
@@ -11703,7 +11706,7 @@
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -521,6 +632,22 @@
+@@ -521,6 +635,22 @@
  	userdom_use_sysadm_terms(httpd_helper_t)
  ')
  
@@ -11726,7 +11729,7 @@
  ########################################
  #
  # Apache PHP script local policy
-@@ -550,18 +677,26 @@
+@@ -550,18 +680,26 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -11756,7 +11759,7 @@
  ')
  
  ########################################
-@@ -585,6 +720,8 @@
+@@ -585,6 +723,8 @@
  manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -11765,7 +11768,7 @@
  kernel_read_kernel_sysctls(httpd_suexec_t)
  kernel_list_proc(httpd_suexec_t)
  kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -593,9 +730,7 @@
+@@ -593,9 +733,7 @@
  
  fs_search_auto_mountpoints(httpd_suexec_t)
  
@@ -11776,7 +11779,7 @@
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -628,6 +763,7 @@
+@@ -628,6 +766,7 @@
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
@@ -11784,7 +11787,7 @@
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
  ')
-@@ -638,6 +774,12 @@
+@@ -638,6 +777,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -11797,7 +11800,7 @@
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -655,10 +797,6 @@
+@@ -655,10 +800,6 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -11808,7 +11811,7 @@
  ########################################
  #
  # Apache system script local policy
-@@ -668,7 +806,8 @@
+@@ -668,7 +809,8 @@
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
  
@@ -11818,7 +11821,7 @@
  
  allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
  read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -682,15 +821,46 @@
+@@ -682,15 +824,46 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -11866,7 +11869,7 @@
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -703,6 +873,10 @@
+@@ -703,6 +876,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -11877,7 +11880,7 @@
  ')
  
  ########################################
-@@ -724,3 +898,71 @@
+@@ -724,3 +901,71 @@
  logging_search_logs(httpd_rotatelogs_t)
  
  miscfiles_read_localization(httpd_rotatelogs_t)
@@ -22854,7 +22857,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2008-10-14 11:43:20.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2008-10-21 11:22:47.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -23056,17 +23059,21 @@
  	uucp_domtrans_uux(postfix_pipe_t)
  ')
  
-@@ -436,8 +489,7 @@
+@@ -436,8 +489,11 @@
  ')
  
  optional_policy(`
 -	ppp_use_fds(postfix_postqueue_t)
 -	ppp_sigchld(postfix_postqueue_t)
++	sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
++')
++
++optional_policy(`
 +	uucp_manage_spool(postfix_postdrop_t)
  ')
  
  #######################################
-@@ -463,6 +515,15 @@
+@@ -463,6 +519,15 @@
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
  
@@ -23082,7 +23089,7 @@
  ########################################
  #
  # Postfix qmgr local policy
-@@ -532,9 +593,6 @@
+@@ -532,9 +597,6 @@
  # connect to master process
  stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
  
@@ -23092,7 +23099,7 @@
  # for prng_exch
  allow postfix_smtpd_t postfix_spool_t:file rw_file_perms;
  allow postfix_smtpd_t postfix_prng_t:file rw_file_perms;
-@@ -557,6 +615,10 @@
+@@ -557,6 +619,10 @@
  	sasl_connect(postfix_smtpd_t)
  ')
  
@@ -23103,7 +23110,7 @@
  ########################################
  #
  # Postfix virtual local policy
-@@ -572,7 +634,7 @@
+@@ -572,7 +638,7 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.720
retrieving revision 1.721
diff -u -r1.720 -r1.721
--- selinux-policy.spec	20 Oct 2008 19:53:49 -0000	1.720
+++ selinux-policy.spec	21 Oct 2008 18:32:06 -0000	1.721
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 103%{?dist}
+Release: 104%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -278,6 +278,7 @@
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
 Requires(pre): coreutils
 Requires(pre): selinux-policy = %{version}-%{release}
+Obsoletes: mod_fcgid-selinux
 
 %description targeted
 SELinux Reference policy targeted base module.
@@ -386,6 +387,9 @@
 %endif
 
 %changelog
+* Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-104
+- Remove mod_fcgid-selinux package
+
 * Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-103
 - More fixes for new netoworkmanager
 - Fixes for MLS initrc scripts

More information about the fedora-extras-commits mailing list