rpms/selinux-policy/F-11 policy-20090105.patch, 1.104, 1.105 selinux-policy.spec, 1.840, 1.841
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Apr 24 17:50:55 UTC 2009
- Previous message (by thread): rpms/selinux-policy/devel policy-20090105.patch, 1.97, 1.98 selinux-policy.spec, 1.834, 1.835
- Next message (by thread): rpms/policycoreutils/F-11 policycoreutils-rhat.patch, 1.416, 1.417 policycoreutils-sepolgen.patch, 1.22, 1.23 policycoreutils.spec, 1.604, 1.605
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28678
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Fri Apr 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-18
- Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090105.patch,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- policy-20090105.patch 24 Apr 2009 13:16:27 -0000 1.104
+++ policy-20090105.patch 24 Apr 2009 17:50:54 -0000 1.105
@@ -770,26 +770,45 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.12/policy/modules/admin/readahead.fc
--- nsaserefpolicy/policy/modules/admin/readahead.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc 2009-04-23 17:15:49.000000000 -0400
-@@ -1,3 +1,4 @@
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc 2009-04-24 13:03:55.000000000 -0400
+@@ -1,3 +1,7 @@
/etc/readahead.d(/.*)? gen_context(system_u:object_r:readahead_etc_rw_t,s0)
-/usr/sbin/readahead -- gen_context(system_u:object_r:readahead_exec_t,s0)
+/usr/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
+/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
++
++/var/lib/readahead(/.*)? gen_context(system_u:object_r:readahead_var_lib_t,s0)
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-04-24 09:02:26.000000000 -0400
-@@ -24,7 +24,7 @@
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-04-24 13:45:16.000000000 -0400
+@@ -11,8 +11,8 @@
+ init_daemon_domain(readahead_t, readahead_exec_t)
+ application_domain(readahead_t, readahead_exec_t)
+
+-type readahead_etc_rw_t;
+-files_pid_file(readahead_etc_rw_t)
++type readahead_var_lib_t;
++files_type(readahead_var_lib_t)
+
+ type readahead_var_run_t;
+ files_pid_file(readahead_var_run_t)
+@@ -24,9 +24,11 @@
allow readahead_t self:capability { fowner dac_override dac_read_search };
dontaudit readahead_t self:capability sys_tty_config;
-allow readahead_t self:process signal_perms;
+allow readahead_t self:process { setsched signal_perms };
- manage_files_pattern(readahead_t, readahead_etc_rw_t, readahead_etc_rw_t)
-
-@@ -58,6 +58,7 @@
+-manage_files_pattern(readahead_t, readahead_etc_rw_t, readahead_etc_rw_t)
++files_search_var_lib(readahead_t)
++manage_dirs_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
++manage_files_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
+
+ manage_files_pattern(readahead_t, readahead_var_run_t, readahead_var_run_t)
+ files_pid_filetrans(readahead_t, readahead_var_run_t, file)
+@@ -58,6 +60,7 @@
fs_dontaudit_search_ramfs(readahead_t)
fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
@@ -797,7 +816,7 @@
fs_read_tmpfs_symlinks(readahead_t)
fs_list_inotifyfs(readahead_t)
-@@ -72,6 +73,7 @@
+@@ -72,6 +75,7 @@
init_getattr_initctl(readahead_t)
logging_send_syslog_msg(readahead_t)
@@ -11791,7 +11810,7 @@
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.12/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.if 2009-04-23 10:31:43.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dbus.if 2009-04-24 13:45:56.000000000 -0400
@@ -44,6 +44,7 @@
attribute session_bus_type;
@@ -11993,7 +12012,7 @@
+
+ ifdef(`hide_broken_symptoms', `
+ dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
-+ ');
++ ')
+
+ userdom_dontaudit_search_admin_dir($1)
+')
@@ -14836,7 +14855,16 @@
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.12/policy/modules/services/milter.if
--- nsaserefpolicy/policy/modules/services/milter.if 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.if 2009-04-24 07:22:51.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/milter.if 2009-04-24 13:45:41.000000000 -0400
+@@ -24,7 +24,7 @@
+
+ # Type for the milter data (e.g. the socket used to communicate with the MTA)
+ type $1_milter_data_t, milter_data_type;
+- files_type($1_milter_data_t);
++ files_type($1_milter_data_t)
+
+ allow $1_milter_t self:fifo_file rw_fifo_file_perms;
+
@@ -77,3 +77,24 @@
getattr_dirs_pattern($1, milter_data_type, milter_data_type)
getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.840
retrieving revision 1.841
diff -u -r1.840 -r1.841
--- selinux-policy.spec 24 Apr 2009 13:16:28 -0000 1.840
+++ selinux-policy.spec 24 Apr 2009 17:50:54 -0000 1.841
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 17%{?dist}
+Release: 18%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -446,9 +446,11 @@
%endif
%changelog
-* Fri Apr 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-17
+* Fri Apr 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-18
- Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
+- Fix milter policy
+- Add /var/lib/readahead
* Fri Apr 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-16
- Update to latest milter code from Paul Howarth
- Previous message (by thread): rpms/selinux-policy/devel policy-20090105.patch, 1.97, 1.98 selinux-policy.spec, 1.834, 1.835
- Next message (by thread): rpms/policycoreutils/F-11 policycoreutils-rhat.patch, 1.416, 1.417 policycoreutils-sepolgen.patch, 1.22, 1.23 policycoreutils.spec, 1.604, 1.605
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list