rpms/selinux-policy/F-9 policy-20071130.patch, 1.207, 1.208 selinux-policy.spec, 1.707, 1.708
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 16 16:54:43 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10424
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Sep 15 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-91
- Allow nsplugin_cong dac capabilities.
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.207
retrieving revision 1.208
diff -u -r1.207 -r1.208
--- policy-20071130.patch 12 Sep 2008 14:46:46 -0000 1.207
+++ policy-20071130.patch 16 Sep 2008 16:54:42 -0000 1.208
@@ -1600,6 +1600,17 @@
#
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.3.1/policy/modules/admin/alsa.te
+--- nsaserefpolicy/policy/modules/admin/alsa.te 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/alsa.te 2008-09-15 14:54:38.000000000 -0400
+@@ -48,6 +48,7 @@
+
+ files_search_home(alsa_t)
+ files_read_etc_files(alsa_t)
++files_read_usr_files(alsa_t)
+
+ auth_use_nsswitch(alsa_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.3.1/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc 2008-09-08 11:45:12.000000000 -0400
@@ -1613,7 +1624,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-09-16 11:22:18.000000000 -0400
@@ -82,8 +82,9 @@
allow amanda_t amanda_config_t:file { getattr read };
@@ -1635,7 +1646,16 @@
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-@@ -146,6 +147,8 @@
+@@ -128,6 +129,8 @@
+ corenet_tcp_bind_all_nodes(amanda_t)
+ corenet_udp_bind_all_nodes(amanda_t)
+ corenet_tcp_bind_all_rpc_ports(amanda_t)
++corenet_tcp_bind_generic_port(amanda_t)
++corenet_dontaudit_tcp_bind_all_ports(amanda_t)
+
+ dev_getattr_all_blk_files(amanda_t)
+ dev_getattr_all_chr_files(amanda_t)
+@@ -146,6 +149,8 @@
fs_list_all(amanda_t)
storage_raw_read_fixed_disk(amanda_t)
@@ -1644,7 +1664,7 @@
# Added for targeted policy
term_use_unallocated_ttys(amanda_t)
-@@ -220,6 +223,7 @@
+@@ -220,6 +225,7 @@
auth_use_nsswitch(amanda_recover_t)
fstools_domtrans(amanda_t)
@@ -2845,7 +2865,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2008-09-16 09:14:37.000000000 -0400
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -2856,7 +2876,16 @@
type rpm_script_t;
type rpm_script_exec_t;
domain_obj_id_change_exemption(rpm_script_t)
-@@ -89,6 +92,9 @@
+@@ -52,7 +55,7 @@
+ # rpm Local policy
+ #
+
+-allow rpm_t self:capability { chown dac_override fowner fsetid setgid setuid sys_chroot sys_tty_config mknod };
++allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
+ allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ allow rpm_t self:process { getattr setexec setfscreate setrlimit };
+ allow rpm_t self:fd use;
+@@ -89,8 +92,12 @@
manage_files_pattern(rpm_t,rpm_var_lib_t,rpm_var_lib_t)
files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
@@ -2865,8 +2894,19 @@
+
kernel_read_system_state(rpm_t)
kernel_read_kernel_sysctls(rpm_t)
++kernel_read_network_state_symlinks(rpm_t)
-@@ -179,7 +185,17 @@
+ corecmd_exec_all_executables(rpm_t)
+
+@@ -117,6 +124,7 @@
+ fs_manage_nfs_symlinks(rpm_t)
+ fs_getattr_all_fs(rpm_t)
+ fs_search_auto_mountpoints(rpm_t)
++fs_list_inotifyfs(rpm_t)
+
+ mls_file_read_all_levels(rpm_t)
+ mls_file_write_all_levels(rpm_t)
+@@ -179,7 +187,17 @@
')
optional_policy(`
@@ -2885,7 +2925,7 @@
')
optional_policy(`
-@@ -190,6 +206,7 @@
+@@ -190,6 +208,7 @@
unconfined_domain(rpm_t)
# yum-updatesd requires this
unconfined_dbus_chat(rpm_t)
@@ -2893,16 +2933,42 @@
')
ifdef(`TODO',`
-@@ -216,7 +233,7 @@
+@@ -215,8 +234,8 @@
+ # rpm-script Local policy
#
- allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
+-allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
-allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
++allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_admin sys_chroot sys_ptrace sys_nice mknod kill };
+allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execheap };
allow rpm_script_t self:fd use;
allow rpm_script_t self:fifo_file rw_fifo_file_perms;
allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-@@ -317,6 +334,7 @@
+@@ -227,12 +246,15 @@
+ allow rpm_script_t self:sem create_sem_perms;
+ allow rpm_script_t self:msgq create_msgq_perms;
+ allow rpm_script_t self:msg { send receive };
++allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+ allow rpm_script_t rpm_tmp_t:file read_file_perms;
+
+ allow rpm_script_t rpm_script_tmp_t:dir mounton;
+ manage_dirs_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
+ manage_files_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
++manage_blk_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
++manage_chr_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
+ files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
+
+ manage_dirs_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
+@@ -298,6 +320,7 @@
+ files_exec_etc_files(rpm_script_t)
+ files_read_etc_runtime_files(rpm_script_t)
+ files_exec_usr_files(rpm_script_t)
++files_relabel_all_files(rpm_script_t)
+
+ init_domtrans_script(rpm_script_t)
+
+@@ -317,6 +340,7 @@
seutil_domtrans_loadpolicy(rpm_script_t)
seutil_domtrans_setfiles(rpm_script_t)
seutil_domtrans_semanage(rpm_script_t)
@@ -2910,7 +2976,18 @@
userdom_use_all_users_fds(rpm_script_t)
-@@ -342,6 +360,7 @@
+@@ -335,6 +359,10 @@
+ ')
+
+ optional_policy(`
++ lvm_domtrans(rpm_script_t)
++')
++
++optional_policy(`
+ tzdata_domtrans(rpm_t)
+ tzdata_domtrans(rpm_script_t)
+ ')
+@@ -342,6 +370,7 @@
optional_policy(`
unconfined_domain(rpm_script_t)
unconfined_domtrans(rpm_script_t)
@@ -2918,7 +2995,7 @@
optional_policy(`
java_domtrans(rpm_script_t)
-@@ -353,6 +372,11 @@
+@@ -353,6 +382,11 @@
')
optional_policy(`
@@ -3675,7 +3752,7 @@
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2008-09-15 14:56:50.000000000 -0400
@@ -33,9 +33,60 @@
## </param>
#
@@ -3875,7 +3952,7 @@
## manage gnome homedir content (.config)
## </summary>
## <param name="userdomain_prefix">
-@@ -186,9 +278,29 @@
+@@ -186,9 +278,30 @@
#
template(`gnome_manage_user_gnome_config',`
gen_require(`
@@ -3885,6 +3962,7 @@
+
+ manage_dirs_pattern($2, user_gnome_home_t, user_gnome_home_t)
+ manage_files_pattern($2, user_gnome_home_t, user_gnome_home_t)
++ manage_lnk_files_pattern($2, user_gnome_home_t, user_gnome_home_t)
+')
+
+########################################
@@ -5781,7 +5859,7 @@
+HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:user_mplayer_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.3.1/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if 2008-09-15 13:04:22.000000000 -0400
@@ -35,6 +35,7 @@
template(`mplayer_per_role_template',`
gen_require(`
@@ -6315,8 +6393,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,230 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-09-15 13:10:07.000000000 -0400
+@@ -0,0 +1,232 @@
+
+policy_module(nsplugin,1.0.0)
+
@@ -6395,6 +6473,7 @@
+dev_read_video_dev(nsplugin_t)
+dev_write_video_dev(nsplugin_t)
+dev_getattr_dri_dev(nsplugin_t)
++dev_rwx_zero(nsplugin_t)
+
+kernel_read_kernel_sysctls(nsplugin_t)
+kernel_read_system_state(nsplugin_t)
@@ -6458,6 +6537,7 @@
+
+optional_policy(`
+ mplayer_exec(nsplugin_t)
++ mplayer_read_user_home_files(user, nsplugin_t)
+')
+
+optional_policy(`
@@ -6481,7 +6561,7 @@
+# nsplugin_config local policy
+#
+
-+allow nsplugin_config_t self:capability { sys_nice setuid setgid };
++allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
+allow nsplugin_config_t self:process { setsched sigkill getsched execmem };
+
+allow nsplugin_config_t self:fifo_file rw_file_perms;
@@ -13526,7 +13606,7 @@
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cron.if 2008-09-12 13:45:31.000000000 -0400
@@ -35,38 +35,24 @@
#
template(`cron_per_role_template',`
@@ -14390,7 +14470,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te 2008-09-08 11:55:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/cups.te 2008-09-12 13:42:32.000000000 -0400
@@ -43,14 +43,13 @@
type cupsd_var_run_t;
@@ -26933,8 +27013,16 @@
userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.3.1/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.fc 2008-09-08 11:45:13.000000000 -0400
-@@ -17,3 +17,6 @@
++++ serefpolicy-3.3.1/policy/modules/services/snmp.fc 2008-09-15 12:30:57.000000000 -0400
+@@ -8,6 +8,7 @@
+ #
+ # /var
+ #
++/var/agentx(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+
+@@ -17,3 +18,6 @@
/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
@@ -32929,8 +33017,22 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2008-09-08 11:45:13.000000000 -0400
-@@ -69,8 +69,8 @@
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2008-09-12 11:17:23.000000000 -0400
+@@ -55,11 +55,12 @@
+
+ allow ipsec_t self:capability { net_admin dac_override dac_read_search };
+ dontaudit ipsec_t self:capability sys_tty_config;
+-allow ipsec_t self:process signal;
++allow ipsec_t self:process { signal setsched };
+ allow ipsec_t self:netlink_route_socket r_netlink_socket_perms;
+ allow ipsec_t self:tcp_socket create_stream_socket_perms;
+ allow ipsec_t self:key_socket { create write read setopt };
+ allow ipsec_t self:fifo_file { read getattr };
++allow ipsec_t self:netlink_xfrm_socket create_socket_perms;
+
+ allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
+ read_files_pattern(ipsec_t,ipsec_conf_file_t,ipsec_conf_file_t)
+@@ -69,8 +70,8 @@
read_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
read_lnk_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
@@ -33526,7 +33628,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te 2008-09-08 11:45:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.te 2008-09-15 13:03:33.000000000 -0400
@@ -61,10 +61,29 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -33565,7 +33667,34 @@
domain_read_all_domains_state(auditctl_t)
domain_use_interactive_fds(auditctl_t)
-@@ -158,9 +178,12 @@
+@@ -112,6 +132,7 @@
+ allow auditd_t self:file { getattr read write };
+ allow auditd_t self:unix_dgram_socket create_socket_perms;
+ allow auditd_t self:fifo_file rw_file_perms;
++allow auditd_t self:tcp_socket create_stream_socket_perms;
+
+ allow auditd_t auditd_etc_t:dir list_dir_perms;
+ allow auditd_t auditd_etc_t:file read_file_perms;
+@@ -133,9 +154,18 @@
+
+ fs_getattr_all_fs(auditd_t)
+ fs_search_auto_mountpoints(auditd_t)
++fs_rw_anon_inodefs_files(auditd_t)
+
+ selinux_search_fs(auditctl_t)
+
++corenet_all_recvfrom_unlabeled(auditd_t)
++corenet_all_recvfrom_netlabel(auditd_t)
++corenet_tcp_sendrecv_all_if(auditd_t)
++corenet_tcp_sendrecv_all_nodes(auditd_t)
++corenet_tcp_sendrecv_all_ports(auditd_t)
++corenet_tcp_bind_all_nodes(auditd_t)
++corenet_tcp_bind_audit_port(auditd_t)
++
+ # Needs to be able to run dispatcher. see /etc/audit/auditd.conf
+ # Probably want a transition, and a new auditd_helper app
+ corecmd_exec_bin(auditd_t)
+@@ -158,9 +188,12 @@
mls_file_read_all_levels(auditd_t)
mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
@@ -33578,7 +33707,7 @@
userdom_dontaudit_use_unpriv_user_fds(auditd_t)
userdom_dontaudit_search_sysadm_home_dirs(auditd_t)
-@@ -171,6 +194,10 @@
+@@ -171,6 +204,10 @@
')
optional_policy(`
@@ -33589,7 +33718,7 @@
seutil_sigchld_newrole(auditd_t)
')
-@@ -208,6 +235,7 @@
+@@ -208,6 +245,7 @@
fs_getattr_all_fs(klogd_t)
fs_search_auto_mountpoints(klogd_t)
@@ -33597,7 +33726,7 @@
domain_use_interactive_fds(klogd_t)
-@@ -252,7 +280,6 @@
+@@ -252,7 +290,6 @@
dontaudit syslogd_t self:capability sys_tty_config;
# setpgid for metalog
allow syslogd_t self:process { signal_perms setpgid };
@@ -33605,7 +33734,7 @@
# receive messages to be logged
allow syslogd_t self:unix_dgram_socket create_socket_perms;
allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -262,7 +289,7 @@
+@@ -262,7 +299,7 @@
allow syslogd_t self:tcp_socket create_stream_socket_perms;
allow syslogd_t syslog_conf_t:file read_file_perms;
@@ -33614,7 +33743,7 @@
# Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
files_pid_filetrans(syslogd_t,devlog_t,sock_file)
-@@ -274,6 +301,9 @@
+@@ -274,6 +311,9 @@
# Allow access for syslog-ng
allow syslogd_t var_log_t:dir { create setattr };
@@ -33624,7 +33753,7 @@
# manage temporary files
manage_dirs_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
-@@ -289,12 +319,14 @@
+@@ -289,12 +329,14 @@
manage_files_pattern(syslogd_t,syslogd_var_run_t,syslogd_var_run_t)
files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
@@ -33639,7 +33768,7 @@
dev_filetrans(syslogd_t,devlog_t,sock_file)
dev_read_sysfs(syslogd_t)
-@@ -327,6 +359,8 @@
+@@ -327,6 +369,8 @@
# Allow users to define additional syslog ports to connect to
corenet_tcp_bind_syslogd_port(syslogd_t)
corenet_tcp_connect_syslogd_port(syslogd_t)
@@ -33648,7 +33777,7 @@
# syslog-ng can send or receive logs
corenet_sendrecv_syslogd_client_packets(syslogd_t)
-@@ -339,19 +373,20 @@
+@@ -339,19 +383,20 @@
domain_use_interactive_fds(syslogd_t)
files_read_etc_files(syslogd_t)
@@ -33671,7 +33800,7 @@
miscfiles_read_localization(syslogd_t)
userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
-@@ -380,15 +415,11 @@
+@@ -380,15 +425,11 @@
')
optional_policy(`
@@ -33689,7 +33818,7 @@
')
optional_policy(`
-@@ -399,3 +430,67 @@
+@@ -399,3 +440,67 @@
# log to the xconsole
xserver_rw_console(syslogd_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.707
retrieving revision 1.708
diff -u -r1.707 -r1.708
--- selinux-policy.spec 12 Sep 2008 14:46:47 -0000 1.707
+++ selinux-policy.spec 16 Sep 2008 16:54:43 -0000 1.708
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 90%{?dist}
+Release: 91%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
%endif
%changelog
+* Mon Sep 15 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-91
+- Allow nsplugin_cong dac capabilities.
+
* Tue Sep 2 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-90
- Add rpcbind to mls policy
- Fix up policy so permissive domains will work
More information about the fedora-extras-commits
mailing list