rpms/selinux-policy/devel modules-targeted.conf, 1.97, 1.98 policy-20080710.patch, 1.30, 1.31
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 16 13:47:33 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19461
Modified Files:
modules-targeted.conf policy-20080710.patch
Log Message:
* Thu Sep 11 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-1
- Merge upstream changes
- Add Xavier Toth patches
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- modules-targeted.conf 12 Sep 2008 20:36:20 -0000 1.97
+++ modules-targeted.conf 16 Sep 2008 13:47:03 -0000 1.98
@@ -1598,6 +1598,11 @@
prelude = module
# Layer: services
+# Module: pads
+#
+pads = module
+
+# Layer: services
# Module: kerneloops
#
# program to collect and submit kernel oopses to kerneloops.org
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policy-20080710.patch 12 Sep 2008 20:36:20 -0000 1.30
+++ policy-20080710.patch 16 Sep 2008 13:47:03 -0000 1.31
@@ -284,8 +284,12 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.5.8/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/admin/alsa.te 2008-09-12 10:59:28.000000000 -0400
-@@ -51,6 +51,8 @@
++++ serefpolicy-3.5.8/policy/modules/admin/alsa.te 2008-09-15 14:54:22.000000000 -0400
+@@ -48,9 +48,12 @@
+
+ files_search_home(alsa_t)
+ files_read_etc_files(alsa_t)
++files_read_usr_files(alsa_t)
auth_use_nsswitch(alsa_t)
@@ -1162,7 +1166,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.5.8/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/admin/rpm.te 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/admin/rpm.te 2008-09-16 09:14:33.000000000 -0400
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1173,7 +1177,17 @@
type rpm_script_t;
type rpm_script_exec_t;
domain_obj_id_change_exemption(rpm_script_t)
-@@ -89,6 +92,9 @@
+@@ -52,7 +55,8 @@
+ # rpm Local policy
+ #
+
+-allow rpm_t self:capability { chown dac_override fowner fsetid setgid setuid sys_chroot sys_tty_config mknod };
++allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
++
+ allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ allow rpm_t self:process { getattr setexec setfscreate setrlimit };
+ allow rpm_t self:fd use;
+@@ -89,8 +93,12 @@
manage_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
files_var_lib_filetrans(rpm_t, rpm_var_lib_t, dir)
@@ -1182,8 +1196,19 @@
+
kernel_read_system_state(rpm_t)
kernel_read_kernel_sysctls(rpm_t)
++kernel_read_network_state_symlinks(rpm_t)
-@@ -179,10 +185,20 @@
+ corecmd_exec_all_executables(rpm_t)
+
+@@ -117,6 +125,7 @@
+ fs_manage_nfs_symlinks(rpm_t)
+ fs_getattr_all_fs(rpm_t)
+ fs_search_auto_mountpoints(rpm_t)
++fs_list_inotifyfs(rpm_t)
+
+ mls_file_read_all_levels(rpm_t)
+ mls_file_write_all_levels(rpm_t)
+@@ -179,10 +188,20 @@
')
optional_policy(`
@@ -1204,7 +1229,7 @@
prelink_domtrans(rpm_t)
')
-@@ -190,6 +206,7 @@
+@@ -190,6 +209,7 @@
unconfined_domain(rpm_t)
# yum-updatesd requires this
unconfined_dbus_chat(rpm_t)
@@ -1212,16 +1237,42 @@
')
ifdef(`TODO',`
-@@ -216,7 +233,7 @@
+@@ -215,8 +235,8 @@
+ # rpm-script Local policy
#
- allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
+-allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
-allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
++allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_admin sys_chroot sys_ptrace sys_nice mknod kill };
+allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execheap };
allow rpm_script_t self:fd use;
allow rpm_script_t self:fifo_file rw_fifo_file_perms;
allow rpm_script_t self:unix_dgram_socket create_socket_perms;
-@@ -317,6 +334,7 @@
+@@ -227,12 +247,15 @@
+ allow rpm_script_t self:sem create_sem_perms;
+ allow rpm_script_t self:msgq create_msgq_perms;
+ allow rpm_script_t self:msg { send receive };
++allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+ allow rpm_script_t rpm_tmp_t:file read_file_perms;
+
+ allow rpm_script_t rpm_script_tmp_t:dir mounton;
+ manage_dirs_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
+ manage_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
++manage_blk_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
++manage_chr_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
+ files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
+
+ manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+@@ -298,6 +321,7 @@
+ files_exec_etc_files(rpm_script_t)
+ files_read_etc_runtime_files(rpm_script_t)
+ files_exec_usr_files(rpm_script_t)
++files_relabel_all_files(rpm_script_t)
+
+ init_domtrans_script(rpm_script_t)
+
+@@ -317,6 +341,7 @@
seutil_domtrans_loadpolicy(rpm_script_t)
seutil_domtrans_setfiles(rpm_script_t)
seutil_domtrans_semanage(rpm_script_t)
@@ -1229,7 +1280,18 @@
userdom_use_all_users_fds(rpm_script_t)
-@@ -342,6 +360,7 @@
+@@ -335,6 +360,10 @@
+ ')
+
+ optional_policy(`
++ lvm_domtrans(rpm_script_t)
++')
++
++optional_policy(`
+ tzdata_domtrans(rpm_t)
+ tzdata_domtrans(rpm_script_t)
+ ')
+@@ -342,6 +371,7 @@
optional_policy(`
unconfined_domain(rpm_script_t)
unconfined_domtrans(rpm_script_t)
@@ -1237,7 +1299,7 @@
optional_policy(`
java_domtrans(rpm_script_t)
-@@ -352,6 +371,11 @@
+@@ -352,6 +382,11 @@
')
')
@@ -1933,7 +1995,7 @@
+HOME_DIR/.pulse(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.8/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/apps/gnome.if 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/apps/gnome.if 2008-09-15 14:57:34.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
type gconfd_exec_t, gconf_etc_t;
@@ -2081,7 +2143,7 @@
## </summary>
## <param name="userdomain_prefix">
## <summary>
-@@ -183,11 +200,95 @@
+@@ -183,11 +200,96 @@
## </summary>
## </param>
#
@@ -2117,6 +2179,7 @@
+
+ manage_dirs_pattern($2, gnome_home_t, gnome_home_t)
+ manage_files_pattern($2, gnome_home_t, gnome_home_t)
++ manage_lnk_files_pattern($2, gnome_home_t, gnome_home_t)
+')
+
+########################################
@@ -4464,8 +4527,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.8/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te 2008-09-12 10:59:28.000000000 -0400
-@@ -0,0 +1,226 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te 2008-09-15 13:09:59.000000000 -0400
+@@ -0,0 +1,228 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4547,6 +4610,7 @@
+dev_read_video_dev(nsplugin_t)
+dev_write_video_dev(nsplugin_t)
+dev_getattr_dri_dev(nsplugin_t)
++dev_rwx_zero(nsplugin_t)
+
+kernel_read_kernel_sysctls(nsplugin_t)
+kernel_read_system_state(nsplugin_t)
@@ -4605,6 +4669,7 @@
+
+optional_policy(`
+ mplayer_exec(nsplugin_t)
++ mplayer_read_user_home_files(user, nsplugin_t)
+')
+
+optional_policy(`
@@ -4629,7 +4694,7 @@
+# nsplugin_config local policy
+#
+
-+allow nsplugin_config_t self:capability { sys_nice setuid setgid };
++allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
+allow nsplugin_config_t self:process { setsched sigkill getsched execmem };
+#execing pulseaudio
+dontaudit nsplugin_t self:process { getcap setcap };
@@ -7091,7 +7156,7 @@
# /emul
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.8/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/kernel/files.if 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/kernel/files.if 2008-09-16 09:05:30.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -8453,8 +8518,8 @@
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.8/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/roles/staff.te 2008-09-12 10:59:28.000000000 -0400
-@@ -8,23 +8,52 @@
++++ serefpolicy-3.5.8/policy/modules/roles/staff.te 2008-09-15 14:58:31.000000000 -0400
+@@ -8,23 +8,55 @@
role staff_r;
@@ -8467,6 +8532,9 @@
#
+kernel_read_ring_buffer(staff_t)
++kernel_getattr_core_if(staff_t)
++kernel_getattr_message_if(staff_t)
++kernel_read_software_raid_state(staff_t)
+
+auth_domtrans_pam_console(staff_t)
+
@@ -20147,7 +20215,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.5.8/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/services/pads.te 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/pads.te 2008-09-15 13:00:58.000000000 -0400
@@ -0,0 +1,66 @@
+
+policy_module(pads, 0.0.1)
@@ -20163,7 +20231,7 @@
+role system_r types pads_t;
+
+type pads_script_exec_t;
-+init_script_type(pads_script_exec_t)
++init_script_file(pads_script_exec_t)
+
+type pads_config_t;
+files_config_file(pads_config_t)
@@ -20213,7 +20281,7 @@
+sysnet_dns_name_resolve(pads_t)
+
+optional_policy(`
-+ prelude_rw_spool(pads_t)
++ prelude_manage_spool(pads_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.5.8/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2008-08-07 11:15:11.000000000 -0400
@@ -20880,7 +20948,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.8/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/postfix.te 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/postfix.te 2008-09-15 10:53:20.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -21098,17 +21166,21 @@
uucp_domtrans_uux(postfix_pipe_t)
')
-@@ -443,8 +491,7 @@
+@@ -443,8 +491,11 @@
')
optional_policy(`
- ppp_use_fds(postfix_postqueue_t)
- ppp_sigchld(postfix_postqueue_t)
++ sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
++')
++
++optional_policy(`
+ uucp_manage_spool(postfix_postdrop_t)
')
#######################################
-@@ -470,6 +517,15 @@
+@@ -470,6 +521,15 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -21124,18 +21196,18 @@
########################################
#
# Postfix qmgr local policy
-@@ -564,6 +620,10 @@
- sasl_connect(postfix_smtpd_t)
- ')
+@@ -553,6 +613,10 @@
+ mta_read_aliases(postfix_smtpd_t)
-+optional_policy(`
+ optional_policy(`
+ dovecot_auth_stream_connect(postfix_smtpd_t)
+')
+
- ########################################
- #
- # Postfix virtual local policy
-@@ -579,7 +639,7 @@
++optional_policy(`
+ mailman_read_data_files(postfix_smtpd_t)
+ ')
+
+@@ -579,7 +643,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -24891,8 +24963,16 @@
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.5.8/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/snmp.fc 2008-09-12 10:59:29.000000000 -0400
-@@ -17,3 +17,6 @@
++++ serefpolicy-3.5.8/policy/modules/services/snmp.fc 2008-09-15 12:30:27.000000000 -0400
+@@ -8,6 +8,7 @@
+ #
+ # /var
+ #
++/var/agentx(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+ /var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
+
+@@ -17,3 +18,6 @@
/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
@@ -30587,7 +30667,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.8/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-09-03 10:17:00.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/logging.te 2008-09-12 10:59:29.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/system/logging.te 2008-09-15 13:03:25.000000000 -0400
@@ -72,6 +72,12 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -30601,7 +30681,15 @@
ifdef(`enable_mls',`
init_ranged_daemon_domain(auditd_t, auditd_exec_t, mls_systemhigh)
init_ranged_daemon_domain(syslogd_t, syslogd_exec_t, mls_systemhigh)
-@@ -145,6 +151,7 @@
+@@ -124,6 +130,7 @@
+ allow auditd_t self:file { getattr read write };
+ allow auditd_t self:unix_dgram_socket create_socket_perms;
+ allow auditd_t self:fifo_file rw_file_perms;
++allow auditd_t self:tcp_socket create_stream_socket_perms;
+
+ allow auditd_t auditd_etc_t:dir list_dir_perms;
+ allow auditd_t auditd_etc_t:file read_file_perms;
+@@ -145,9 +152,18 @@
fs_getattr_all_fs(auditd_t)
fs_search_auto_mountpoints(auditd_t)
@@ -30609,7 +30697,18 @@
selinux_search_fs(auditctl_t)
-@@ -241,6 +248,7 @@
++corenet_all_recvfrom_unlabeled(auditd_t)
++corenet_all_recvfrom_netlabel(auditd_t)
++corenet_tcp_sendrecv_all_if(auditd_t)
++corenet_tcp_sendrecv_all_nodes(auditd_t)
++corenet_tcp_sendrecv_all_ports(auditd_t)
++corenet_tcp_bind_all_nodes(auditd_t)
++corenet_tcp_bind_audit_port(auditd_t)
++
+ # Needs to be able to run dispatcher. see /etc/audit/auditd.conf
+ # Probably want a transition, and a new auditd_helper app
+ corecmd_exec_bin(auditd_t)
+@@ -241,6 +257,7 @@
corenet_all_recvfrom_netlabel(audisp_remote_t)
corenet_tcp_sendrecv_all_if(audisp_remote_t)
corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
@@ -31625,7 +31724,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.8/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/selinuxutil.te 2008-09-12 10:59:29.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/system/selinuxutil.te 2008-09-15 11:59:39.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -31708,17 +31807,16 @@
logging_send_syslog_msg(newrole_t)
miscfiles_read_localization(newrole_t)
-@@ -347,6 +351,9 @@
+@@ -347,6 +351,8 @@
seutil_libselinux_linked(restorecond_t)
-+userdom_read_all_users_home_dirs_symlinks(restorecond_t)
+userdom_read_all_users_home_content_symlinks(restorecond_t)
+
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(restorecond_t)
-@@ -365,7 +372,7 @@
+@@ -365,7 +371,7 @@
allow run_init_t self:process setexec;
allow run_init_t self:capability setuid;
allow run_init_t self:fifo_file rw_file_perms;
@@ -31727,7 +31825,7 @@
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
-@@ -396,7 +403,6 @@
+@@ -396,7 +402,6 @@
auth_use_nsswitch(run_init_t)
auth_domtrans_chk_passwd(run_init_t)
@@ -31735,7 +31833,7 @@
auth_dontaudit_read_shadow(run_init_t)
init_spec_domtrans_script(run_init_t)
-@@ -435,64 +441,22 @@
+@@ -435,64 +440,22 @@
# semodule local policy
#
@@ -31808,7 +31906,7 @@
# netfilter_contexts:
seutil_manage_default_contexts(semanage_t)
-@@ -501,12 +465,27 @@
+@@ -501,12 +464,27 @@
files_read_var_lib_symlinks(semanage_t)
')
@@ -31836,7 +31934,7 @@
# cjp: need a more general way to handle this:
ifdef(`enable_mls',`
# read secadm tmp files
-@@ -514,121 +493,42 @@
+@@ -514,121 +492,42 @@
# Handle pp files created in homedir and /tmp
sysadm_read_home_content_files(semanage_t)
sysadm_read_tmp_files(semanage_t)
@@ -33142,7 +33240,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/userdomain.if 2008-09-12 10:59:29.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/system/userdomain.if 2008-09-15 11:58:54.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -36115,7 +36213,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.8/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.8/policy/support/file_patterns.spt 2008-09-12 10:59:29.000000000 -0400
++++ serefpolicy-3.5.8/policy/support/file_patterns.spt 2008-09-16 09:08:28.000000000 -0400
@@ -537,3 +537,18 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
More information about the fedora-extras-commits
mailing list