rpms/selinux-policy/devel policy-20090105.patch, 1.27, 1.28 selinux-policy.spec, 1.779, 1.780
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Jan 30 16:49:42 UTC 2009
- Previous message (by thread): rpms/xml-commons-apis/devel xml-commons-apis-MANIFEST.MF, NONE, 1.1 xml-commons-apis.spec, 1.5, 1.6
- Next message (by thread): rpms/plplot/devel plplot-5.9.1-multiarch.patch, NONE, 1.1 plplot-5.9.1-octave.patch, NONE, 1.1 plplot-5.9.2-info.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 plplot.spec, 1.66, 1.67 sources, 1.14, 1.15 plplot-5.7.4-info.patch, 1.1, NONE plplot-5.8.0-multiarch.patch, 1.1, NONE plplot-5.9.0-svn8985.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4628
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Fri Jan 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.3-12
- Add back transition from xguest to mozilla
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20090105.patch 30 Jan 2009 15:06:44 -0000 1.27
+++ policy-20090105.patch 30 Jan 2009 16:49:11 -0000 1.28
@@ -57,13 +57,13 @@
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.3/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.3/config/appconfig-mcs/seusers 2009-01-19 13:10:02.000000000 -0500
++++ serefpolicy-3.6.3/config/appconfig-mcs/seusers 2009-01-30 10:44:12.000000000 -0500
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+root:unconfined_u:s0-mcs_systemhigh
-+__default__:unconfined_u:s0
++__default__:unconfined_u:s0-mcs_systemhigh
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.3/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
+++ serefpolicy-3.6.3/config/appconfig-mcs/staff_u_default_contexts 2009-01-19 13:10:02.000000000 -0500
@@ -359,6 +359,40 @@
+gen_tunable(allow_console_login,false)
+
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.3/policy/mcs
+--- nsaserefpolicy/policy/mcs 2008-08-07 11:15:13.000000000 -0400
++++ serefpolicy-3.6.3/policy/mcs 2009-01-30 10:40:41.000000000 -0500
+@@ -67,7 +67,7 @@
+ # Note that getattr on files is always permitted.
+ #
+ mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+- ( h1 dom h2 );
++ (( h1 dom h2 ) or ( t1 == mlsfilewrite ));
+
+ mlsconstrain dir { create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }
+ (( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
+@@ -75,7 +75,7 @@
+ # New filesystem object labels must be dominated by the relabeling subject
+ # clearance, also the objects are single-level.
+ mlsconstrain file { create relabelto }
+- (( h1 dom h2 ) and ( l2 eq h2 ));
++ ((( h1 dom h2 ) and ( l2 eq h2 )) or ( t1 == mlsfilewrite ));
+
+ # At this time we do not restrict "ps" type operations via MCS. This
+ # will probably change in future.
+@@ -84,10 +84,10 @@
+
+ # new file labels must be dominated by the relabeling subject clearance
+ mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
+- ( h1 dom h2 );
++ (( h1 dom h2 ) or ( t1 == mlsfilewrite ));
+
+ mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
+- (( h1 dom h2 ) and ( l2 eq h2 ));
++ ((( h1 dom h2 ) and ( l2 eq h2 )) or ( t1 == mlsfilewrite ));
+
+ mlsconstrain process { transition dyntransition }
+ (( h1 dom h2 ) or ( t1 == mcssetcats ));
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.3/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2009-01-05 15:39:44.000000000 -0500
+++ serefpolicy-3.6.3/policy/modules/admin/anaconda.te 2009-01-19 13:10:02.000000000 -0500
@@ -6646,8 +6680,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.3/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/roles/guest.te 2009-01-19 13:10:02.000000000 -0500
-@@ -0,0 +1,36 @@
++++ serefpolicy-3.6.3/policy/modules/roles/guest.te 2009-01-30 11:41:43.000000000 -0500
+@@ -0,0 +1,26 @@
+
+policy_module(guest, 1.0.0)
+
@@ -6673,16 +6707,6 @@
+ mono_role_template(guest, guest_r, guest_t)
+')
+
-+
-+optional_policy(`
-+ gen_require(`
-+ type xguest_t;
-+ role xguest_r;
-+ ')
-+
-+ mozilla_role(xguest, xguest_t, xguest_r)
-+')
-+
+gen_user(guest_u, user, guest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.6.3/policy/modules/roles/logadm.fc
--- nsaserefpolicy/policy/modules/roles/logadm.fc 1969-12-31 19:00:00.000000000 -0500
@@ -7776,7 +7800,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.3/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/roles/xguest.te 2009-01-19 13:10:02.000000000 -0500
++++ serefpolicy-3.6.3/policy/modules/roles/xguest.te 2009-01-30 10:50:34.000000000 -0500
@@ -0,0 +1,87 @@
+
+policy_module(xguest, 1.0.0)
@@ -7816,9 +7840,9 @@
+# Local policy
+#
+
-+#optional_policy(`
-+# mozilla_role(xguest_r, xguest_t)
-+#')
++optional_policy(`
++ mozilla_role(xguest_r, xguest_t)
++')
+
+optional_policy(`
+ java_role_template(xguest, xguest_r, xguest_t)
@@ -27846,8 +27870,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.3/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/system/unconfined.te 2009-01-19 13:10:02.000000000 -0500
-@@ -6,35 +6,76 @@
++++ serefpolicy-3.6.3/policy/modules/system/unconfined.te 2009-01-30 10:55:24.000000000 -0500
+@@ -6,35 +6,77 @@
# Declarations
#
@@ -27925,13 +27949,14 @@
mcs_killall(unconfined_t)
mcs_ptrace_all(unconfined_t)
++mls_file_write_all_levels(unconfined_t)
init_run_daemon(unconfined_t, unconfined_r)
+init_domtrans_script(unconfined_t)
libs_run_ldconfig(unconfined_t, unconfined_r)
-@@ -42,26 +83,39 @@
+@@ -42,26 +84,39 @@
logging_run_auditctl(unconfined_t, unconfined_r)
mount_run_unconfined(unconfined_t, unconfined_r)
@@ -27973,7 +27998,7 @@
')
optional_policy(`
-@@ -102,12 +156,24 @@
+@@ -102,12 +157,24 @@
')
optional_policy(`
@@ -27998,7 +28023,7 @@
')
optional_policy(`
-@@ -119,31 +185,33 @@
+@@ -119,31 +186,33 @@
')
optional_policy(`
@@ -28039,7 +28064,7 @@
')
optional_policy(`
-@@ -155,36 +223,38 @@
+@@ -155,36 +224,38 @@
')
optional_policy(`
@@ -28090,7 +28115,7 @@
')
optional_policy(`
-@@ -192,7 +262,7 @@
+@@ -192,7 +263,7 @@
')
optional_policy(`
@@ -28099,7 +28124,7 @@
')
optional_policy(`
-@@ -204,11 +274,12 @@
+@@ -204,11 +275,12 @@
')
optional_policy(`
@@ -28114,7 +28139,7 @@
')
########################################
-@@ -218,14 +289,60 @@
+@@ -218,14 +290,60 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.779
retrieving revision 1.780
diff -u -r1.779 -r1.780
--- selinux-policy.spec 30 Jan 2009 14:20:51 -0000 1.779
+++ selinux-policy.spec 30 Jan 2009 16:49:11 -0000 1.780
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.3
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
%endif
%changelog
+* Fri Jan 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.3-12
+- Add back transition from xguest to mozilla
+
* Fri Jan 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.3-11
- Add virt_content_ro_t and labeling for isos directory
- Previous message (by thread): rpms/xml-commons-apis/devel xml-commons-apis-MANIFEST.MF, NONE, 1.1 xml-commons-apis.spec, 1.5, 1.6
- Next message (by thread): rpms/plplot/devel plplot-5.9.1-multiarch.patch, NONE, 1.1 plplot-5.9.1-octave.patch, NONE, 1.1 plplot-5.9.2-info.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 plplot.spec, 1.66, 1.67 sources, 1.14, 1.15 plplot-5.7.4-info.patch, 1.1, NONE plplot-5.8.0-multiarch.patch, 1.1, NONE plplot-5.9.0-svn8985.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list