rpms/selinux-policy/devel booleans-minimum.conf, 1.1, 1.2 booleans-targeted.conf, 1.43, 1.44 policy-20080710.patch, 1.77, 1.78 selinux-policy.spec, 1.735, 1.736
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Oct 28 20:06:44 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24681
Modified Files:
booleans-minimum.conf booleans-targeted.conf
policy-20080710.patch selinux-policy.spec
Log Message:
* Mon Oct 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-9
- Allow openoffice execstack/execmem privs
Index: booleans-minimum.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-minimum.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- booleans-minimum.conf 9 Oct 2008 12:02:27 -0000 1.1
+++ booleans-minimum.conf 28 Oct 2008 20:06:14 -0000 1.2
@@ -8,7 +8,7 @@
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
-allow_execstack = false
+allow_execstack = true
# Allow ftpd to read cifs directories.
#
Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-targeted.conf,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- booleans-targeted.conf 30 Jul 2008 13:44:15 -0000 1.43
+++ booleans-targeted.conf 28 Oct 2008 20:06:14 -0000 1.44
@@ -8,7 +8,7 @@
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
-allow_execstack = false
+allow_execstack = true
# Allow ftpd to read cifs directories.
#
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.77 -r 1.78 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- policy-20080710.patch 27 Oct 2008 21:07:05 -0000 1.77
+++ policy-20080710.patch 28 Oct 2008 20:06:14 -0000 1.78
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.13/Makefile
--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.13/Makefile 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/Makefile 2008-10-28 10:56:19.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -47,7 +47,7 @@
$(verbose) $(INSTALL) -m 644 $< $@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.13/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/Rules.modular 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/Rules.modular 2008-10-28 10:56:19.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -96,7 +96,7 @@
$(appdir)/customizable_types: $(base_conf)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.13/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -120,13 +120,13 @@
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context 2008-10-28 10:56:19.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -136,7 +136,7 @@
+guest_r:guest_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -151,9 +151,18 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.5.13/config/appconfig-mcs/seusers
+--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/seusers 2008-10-28 11:08:43.000000000 -0400
+@@ -1,3 +1,3 @@
+ system_u:system_u:s0-mcs_systemhigh
+-root:root:s0-mcs_systemhigh
+-__default__:user_u:s0
++root:unconfined_u:s0-mcs_systemhigh
++__default__:unconfined_u:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -170,7 +179,7 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -180,7 +189,7 @@
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -195,13 +204,13 @@
+user_r:user_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context 2008-10-28 10:56:19.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -212,7 +221,7 @@
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.13/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -236,7 +245,7 @@
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -244,7 +253,7 @@
+system_r:crond_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -265,7 +274,7 @@
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -277,7 +286,7 @@
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -289,7 +298,7 @@
user_r:user_sudo_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -300,7 +309,7 @@
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
@@ -308,7 +317,7 @@
+system_r:crond_t guest_r:guest_crond_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -324,7 +333,7 @@
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t
system_r:remote_login_t staff_r:staff_t
@@ -336,7 +345,7 @@
staff_r:staff_sudo_t staff_r:staff_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
[...3982 lines suppressed...]
+ #
+-interface(`userdom_getattr_all_users',`
++interface(`userdom_dontaudit_use_unpriv_users_ttys',`
+ gen_require(`
+- attribute userdomain;
++ attribute user_ttynode;
+ ')
+
+- allow $1 userdomain:process getattr;
++ dontaudit $1 user_ttynode:chr_file rw_file_perms;
++')
++
++########################################
++## <summary>
++## Read the process state of all user domains.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -32044,17 +32145,18 @@
+## </summary>
+## </param>
+#
-+interface(`userdom_manage_unpriv_users_tmp_files',`
++interface(`userdom_read_all_users_state',`
+ gen_require(`
-+ type user_tmp_t;
++ attribute userdomain;
+ ')
+
-+ manage_files_pattern($1, user_tmp_t, user_tmp_t)
++ ps_process_pattern($1, userdomain)
++ kernel_search_proc($1)
+')
+
+########################################
+## <summary>
-+## Write all unprivileged users lnk_files in /tmp
++## Get the attributes of all user domains.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -32062,33 +32164,19 @@
+## </summary>
+## </param>
+#
-+interface(`userdom_manage_unpriv_users_tmp_symlinks',`
++interface(`userdom_getattr_all_users',`
+ gen_require(`
-+ type user_tmp_t;
++ attribute userdomain;
+ ')
+
-+ manage_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
-+')
-+
-+########################################
-+## <summary>
- ## Read and write unprivileged user ttys.
- ## </summary>
- ## <param name="domain">
-@@ -5368,7 +5470,7 @@
- attribute userdomain;
- ')
-
-- read_files_pattern($1,userdomain,userdomain)
-+ ps_process_pattern($1, userdomain)
- kernel_search_proc($1)
++ allow $1 userdomain:process getattr;
')
-@@ -5483,7 +5585,43 @@
+ ########################################
+@@ -5483,6 +5584,42 @@
########################################
## <summary>
--## Send a dbus message to all user domains.
+## Manage keys for all user domains.
+## </summary>
+## <param name="domain">
@@ -32125,11 +32213,10 @@
+
+########################################
+## <summary>
-+## Send a dbus message to all user domains.
+ ## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
- ## <summary>
-@@ -5513,3 +5651,548 @@
+@@ -5513,3 +5650,548 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -32497,7 +32584,7 @@
+#
+template(`userdom_admin_login_user_template',`
+
-+ userdom_unpriv_user_template($1)
++ userdom_login_user_template($1)
+
+ allow $1_t self:capability sys_nice;
+
@@ -32680,7 +32767,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2008-10-27 09:04:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2008-10-28 10:56:19.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -32722,7 +32809,7 @@
# The privhome attribute identifies every domain that can create files under
# regular user home directories in the regular context (IE act on behalf of
# a user in writing regular files)
-@@ -81,6 +73,75 @@
+@@ -81,6 +73,76 @@
# unprivileged user domains
attribute unpriv_userdomain;
@@ -32798,9 +32885,10 @@
+ manage_sock_files_pattern(privhome, cifs_t, cifs_t)
+ manage_fifo_files_pattern(privhome, cifs_t, cifs_t)
+')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.13/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2008-10-28 10:56:19.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -32811,7 +32899,7 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.13/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.if 2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.if 2008-10-28 10:56:19.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -32855,7 +32943,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.13/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-10-20 09:29:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-10-28 10:56:19.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -33081,7 +33169,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/policy_capabilities serefpolicy-3.5.13/policy/policy_capabilities
--- nsaserefpolicy/policy/policy_capabilities 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/policy_capabilities 2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/policy_capabilities 2008-10-28 10:56:19.000000000 -0400
@@ -29,4 +29,4 @@
# chr_file: open
# blk_file: open
@@ -33090,7 +33178,7 @@
+#policycap open_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2008-10-28 10:56:19.000000000 -0400
@@ -59,22 +59,22 @@
#
# Permissions for executing files.
@@ -33240,16 +33328,18 @@
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/users 2008-10-17 10:31:27.000000000 -0400
-@@ -25,11 +25,8 @@
++++ serefpolicy-3.5.13/policy/users 2008-10-28 11:14:49.000000000 -0400
+@@ -24,12 +24,9 @@
+ # SELinux user identity for a Linux user. If you do not want to
# permit any access to such users, then remove this entry.
#
- gen_user(user_u, user, user_r, s0, s0)
+-gen_user(user_u, user, user_r, s0, s0)
-gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-# Until order dependence is fixed for users:
-gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
++#gen_user(user_u, user, user_r, s0, s0)
+gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
+gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
@@ -33267,7 +33357,7 @@
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-24 09:40:08.000000000 -0400
++++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-28 10:56:19.000000000 -0400
@@ -181,8 +181,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.735
retrieving revision 1.736
diff -u -r1.735 -r1.736
--- selinux-policy.spec 27 Oct 2008 21:07:05 -0000 1.735
+++ selinux-policy.spec 28 Oct 2008 20:06:14 -0000 1.736
@@ -323,15 +323,10 @@
%post targeted
if [ $1 -eq 1 ]; then
%loadpolicy targeted
-semanage -S targeted -i - << __eof
-user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
-user -a -P user -R guest_r guest_u
-user -a -P user -R xguest_r xguest_u
-__eof
-semanage -S targeted -i - << __eof
-login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
-login -m -s unconfined_u -r s0-s0:c0.c1023 root
-__eof
+#semanage -S targeted -i - << __eof
+#login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
+#login -m -s unconfined_u -r s0-s0:c0.c1023 root
+#__eof
restorecon -R /root /var/log /var/run 2> /dev/null
else
semodule -s targeted -r moilscanner 2>/dev/null
More information about the fedora-extras-commits
mailing list