rpms/selinux-policy/devel booleans-minimum.conf, 1.1, 1.2 booleans-targeted.conf, 1.43, 1.44 policy-20080710.patch, 1.77, 1.78 selinux-policy.spec, 1.735, 1.736

Daniel J Walsh dwalsh at fedoraproject.org
Tue Oct 28 20:06:44 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24681

Modified Files:
	booleans-minimum.conf booleans-targeted.conf 
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Mon Oct 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-9
- Allow openoffice execstack/execmem privs



Index: booleans-minimum.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-minimum.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- booleans-minimum.conf	9 Oct 2008 12:02:27 -0000	1.1
+++ booleans-minimum.conf	28 Oct 2008 20:06:14 -0000	1.2
@@ -8,7 +8,7 @@
 
 # Allow making the stack executable via mprotect.Also requires allow_execmem.
 # 
-allow_execstack = false
+allow_execstack = true
 
 # Allow ftpd to read cifs directories.
 # 


Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-targeted.conf,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- booleans-targeted.conf	30 Jul 2008 13:44:15 -0000	1.43
+++ booleans-targeted.conf	28 Oct 2008 20:06:14 -0000	1.44
@@ -8,7 +8,7 @@
 
 # Allow making the stack executable via mprotect.Also requires allow_execmem.
 # 
-allow_execstack = false
+allow_execstack = true
 
 # Allow ftpd to read cifs directories.
 # 

policy-20080710.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.77 -r 1.78 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- policy-20080710.patch	27 Oct 2008 21:07:05 -0000	1.77
+++ policy-20080710.patch	28 Oct 2008 20:06:14 -0000	1.78
@@ -1,6 +1,6 @@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.13/Makefile
 --- nsaserefpolicy/Makefile	2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.13/Makefile	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/Makefile	2008-10-28 10:56:19.000000000 -0400
 @@ -311,20 +311,22 @@
  
  # parse-rolemap modulename,outputfile
@@ -47,7 +47,7 @@
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.13/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/Rules.modular	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/Rules.modular	2008-10-28 10:56:19.000000000 -0400
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -96,7 +96,7 @@
  $(appdir)/customizable_types: $(base_conf)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.13/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -120,13 +120,13 @@
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context	2008-10-28 10:56:19.000000000 -0400
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -136,7 +136,7 @@
 +guest_r:guest_t:s0		guest_r:guest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,11 +1,7 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -151,9 +151,18 @@
  #
 -#system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.5.13/config/appconfig-mcs/seusers
+--- nsaserefpolicy/config/appconfig-mcs/seusers	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/seusers	2008-10-28 11:08:43.000000000 -0400
+@@ -1,3 +1,3 @@
+ system_u:system_u:s0-mcs_systemhigh
+-root:root:s0-mcs_systemhigh
+-__default__:user_u:s0
++root:unconfined_u:s0-mcs_systemhigh
++__default__:unconfined_u:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,10 +1,12 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -170,7 +179,7 @@
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -6,4 +6,6 @@
  system_r:sshd_t:s0		unconfined_r:unconfined_t:s0
  system_r:sysadm_su_t:s0		unconfined_r:unconfined_t:s0
@@ -180,7 +189,7 @@
  system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,8 +1,9 @@
  system_r:local_login_t:s0	user_r:user_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0
@@ -195,13 +204,13 @@
 +user_r:user_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context	2008-10-28 10:56:19.000000000 -0400
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -212,7 +221,7 @@
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.13/config/appconfig-mls/default_contexts
 --- nsaserefpolicy/config/appconfig-mls/default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -236,7 +245,7 @@
 +system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -244,7 +253,7 @@
 +system_r:crond_t:s0		guest_r:guest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,11 +1,11 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
 -system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -265,7 +274,7 @@
 +#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,7 +1,7 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -277,7 +286,7 @@
  staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,7 +1,7 @@
  system_r:local_login_t:s0	user_r:user_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0
@@ -289,7 +298,7 @@
  user_r:user_sudo_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -300,7 +309,7 @@
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t	guest_r:guest_t
 +system_r:remote_login_t	guest_r:guest_t
@@ -308,7 +317,7 @@
 +system_r:crond_t	guest_r:guest_crond_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/root_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,11 +1,7 @@
  system_r:crond_t	unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
  system_r:local_login_t  unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -324,7 +333,7 @@
 +system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/staff_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
 @@ -1,7 +1,7 @@
  system_r:local_login_t		staff_r:staff_t sysadm_r:sysadm_t
  system_r:remote_login_t		staff_r:staff_t
@@ -336,7 +345,7 @@
  staff_r:staff_sudo_t		staff_r:staff_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-standard/user_u_default_contexts	2008-10-28 10:56:19.000000000 -0400
[...3982 lines suppressed...]
+ #
+-interface(`userdom_getattr_all_users',`
++interface(`userdom_dontaudit_use_unpriv_users_ttys',`
+ 	gen_require(`
+-		attribute userdomain;
++		attribute user_ttynode;
+ 	')
+ 
+-	allow $1 userdomain:process getattr;
++	dontaudit $1 user_ttynode:chr_file rw_file_perms;
++')
++
++########################################
++## <summary>
++##	Read the process state of all user domains.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
@@ -32044,17 +32145,18 @@
 +##	</summary>
 +## </param>
 +#
-+interface(`userdom_manage_unpriv_users_tmp_files',`
++interface(`userdom_read_all_users_state',`
 +	gen_require(`
-+		type user_tmp_t;
++		attribute userdomain;
 +	')
 +
-+	manage_files_pattern($1, user_tmp_t,  user_tmp_t)
++	ps_process_pattern($1, userdomain)
++	kernel_search_proc($1)
 +')
 +
 +########################################
 +## <summary>
-+##	Write all unprivileged users lnk_files in /tmp
++##	Get the attributes of all user domains.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
@@ -32062,33 +32164,19 @@
 +##	</summary>
 +## </param>
 +#
-+interface(`userdom_manage_unpriv_users_tmp_symlinks',`
++interface(`userdom_getattr_all_users',`
 +	gen_require(`
-+		type user_tmp_t;
++		attribute userdomain;
 +	')
 +
-+	manage_lnk_files_pattern($1, user_tmp_t,  user_tmp_t)
-+')
-+
-+########################################
-+## <summary>
- ##	Read and write unprivileged user ttys.
- ## </summary>
- ## <param name="domain">
-@@ -5368,7 +5470,7 @@
- 		attribute userdomain;
- 	')
- 
--	read_files_pattern($1,userdomain,userdomain)
-+	ps_process_pattern($1, userdomain)
- 	kernel_search_proc($1)
++	allow $1 userdomain:process getattr;
  ')
  
-@@ -5483,7 +5585,43 @@
+ ########################################
+@@ -5483,6 +5584,42 @@
  
  ########################################
  ## <summary>
--##	Send a dbus message to all user domains.
 +##	Manage keys for all user domains.
 +## </summary>
 +## <param name="domain">
@@ -32125,11 +32213,10 @@
 +
 +########################################
 +## <summary>
-+##	Send a dbus message to all user domains.
+ ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
- ##	<summary>
-@@ -5513,3 +5651,548 @@
+@@ -5513,3 +5650,548 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -32497,7 +32584,7 @@
 +#
 +template(`userdom_admin_login_user_template',`
 +					      
-+  userdom_unpriv_user_template($1)
++  userdom_login_user_template($1)
 +
 +  allow $1_t self:capability sys_nice;
 +
@@ -32680,7 +32767,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.te	2008-10-27 09:04:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.te	2008-10-28 10:56:19.000000000 -0400
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -32722,7 +32809,7 @@
  # The privhome attribute identifies every domain that can create files under
  # regular user home directories in the regular context (IE act on behalf of
  # a user in writing regular files)
-@@ -81,6 +73,75 @@
+@@ -81,6 +73,76 @@
  
  # unprivileged user domains
  attribute unpriv_userdomain;
@@ -32798,9 +32885,10 @@
 +	manage_sock_files_pattern(privhome, cifs_t, cifs_t)
 +	manage_fifo_files_pattern(privhome, cifs_t, cifs_t)
 +')
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.13/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.fc	2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.fc	2008-10-28 10:56:19.000000000 -0400
 @@ -20,6 +20,7 @@
  /var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
  /var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -32811,7 +32899,7 @@
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.13/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.if	2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.if	2008-10-28 10:56:19.000000000 -0400
 @@ -167,11 +167,14 @@
  #
  interface(`xen_stream_connect',`
@@ -32855,7 +32943,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.13/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.te	2008-10-20 09:29:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.te	2008-10-28 10:56:19.000000000 -0400
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -33081,7 +33169,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/policy_capabilities serefpolicy-3.5.13/policy/policy_capabilities
 --- nsaserefpolicy/policy/policy_capabilities	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/policy_capabilities	2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/policy_capabilities	2008-10-28 10:56:19.000000000 -0400
 @@ -29,4 +29,4 @@
  # chr_file: open
  # blk_file: open
@@ -33090,7 +33178,7 @@
 +#policycap open_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt	2008-10-17 10:31:27.000000000 -0400
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt	2008-10-28 10:56:19.000000000 -0400
 @@ -59,22 +59,22 @@
  # 
  # Permissions for executing files.
@@ -33240,16 +33328,18 @@
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
 --- nsaserefpolicy/policy/users	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/users	2008-10-17 10:31:27.000000000 -0400
-@@ -25,11 +25,8 @@
++++ serefpolicy-3.5.13/policy/users	2008-10-28 11:14:49.000000000 -0400
+@@ -24,12 +24,9 @@
+ # SELinux user identity for a Linux user.  If you do not want to
  # permit any access to such users, then remove this entry.
  #
- gen_user(user_u, user, user_r, s0, s0)
+-gen_user(user_u, user, user_r, s0, s0)
 -gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
 -
 -# Until order dependence is fixed for users:
 -gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
++#gen_user(user_u, user, user_r, s0, s0)
 +gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 +gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
  
@@ -33267,7 +33357,7 @@
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/support/Makefile.devel	2008-10-24 09:40:08.000000000 -0400
++++ serefpolicy-3.5.13/support/Makefile.devel	2008-10-28 10:56:19.000000000 -0400
 @@ -181,8 +181,7 @@
  tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
  	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.735
retrieving revision 1.736
diff -u -r1.735 -r1.736
--- selinux-policy.spec	27 Oct 2008 21:07:05 -0000	1.735
+++ selinux-policy.spec	28 Oct 2008 20:06:14 -0000	1.736
@@ -323,15 +323,10 @@
 %post targeted
 if [ $1 -eq 1 ]; then
 %loadpolicy targeted
-semanage -S targeted -i - << __eof
-user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 
-user -a -P user -R guest_r guest_u
-user -a -P user -R xguest_r xguest_u 
-__eof
-semanage -S targeted -i - << __eof
-login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
-login -m  -s unconfined_u -r s0-s0:c0.c1023 root
-__eof
+#semanage -S targeted -i - << __eof
+#login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
+#login -m  -s unconfined_u -r s0-s0:c0.c1023 root
+#__eof
 restorecon -R /root /var/log /var/run 2> /dev/null
 else
 semodule -s targeted -r moilscanner 2>/dev/null

More information about the fedora-extras-commits mailing list