rpms/selinux-policy/F-11 policy-20090521.patch, 1.27, 1.28 selinux-policy.spec, 1.883, 1.884
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Jul 7 07:55:54 UTC 2009
- Previous message (by thread): rpms/slashem/F-10 slashem-config.patch, NONE, 1.1 slashem.desktop, NONE, 1.1 slashem.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/system-config-language/devel s-c-l-bug-598975.patch, NONE, 1.1 system-config-language.spec, 1.50, 1.51
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6057
Modified Files:
policy-20090521.patch selinux-policy.spec
Log Message:
- Fixes for kpropd
- Fix up kismet policy
policy-20090521.patch:
Index: policy-20090521.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090521.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- policy-20090521.patch 3 Jul 2009 09:40:09 -0000 1.27
+++ policy-20090521.patch 7 Jul 2009 07:55:53 -0000 1.28
@@ -57,6 +57,50 @@ diff -b -B --ignore-all-space --exclude-
logging_send_syslog_msg(certwatch_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.12/policy/modules/admin/kismet.te
+--- nsaserefpolicy/policy/modules/admin/kismet.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.te 2009-07-07 08:55:43.000000000 +0200
+@@ -23,6 +23,9 @@
+ type kismet_var_lib_t;
+ files_type(kismet_var_lib_t)
+
++type kismet_tmpfs_t;
++files_tmp_file(kismet_tmpfs_t)
++
+ ########################################
+ #
+ # kismet local policy
+@@ -44,6 +47,10 @@
+ manage_files_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t)
+ files_tmp_filetrans(kismet_t, kismet_tmp_t, { file dir })
+
++manage_dirs_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
++manage_files_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
++fs_tmpfs_filetrans(kismet_t, kismet_tmpfs_t, file)
++
+ allow kismet_t kismet_var_lib_t:file manage_file_perms;
+ allow kismet_t kismet_var_lib_t:dir manage_dir_perms;
+ files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir })
+@@ -53,6 +60,7 @@
+ files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir })
+
+ kernel_search_debugfs(kismet_t)
++kernel_read_system_state(kismet_t)
+
+ corecmd_exec_bin(kismet_t)
+
+@@ -75,3 +83,11 @@
+
+ userdom_use_user_terminals(kismet_t)
+ userdom_read_user_tmpfs_files(kismet_t)
++
++optional_policy(`
++ dbus_system_bus_client(kismet_t)
++
++ optional_policy(`
++ networkmanager_dbus_chat(kismet_t)
++ ')
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-06-25 10:19:43.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/admin/prelink.te 2009-06-25 10:21:01.000000000 +0200
@@ -604,6 +648,18 @@ diff -b -B --ignore-all-space --exclude-
xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.12/policy/modules/apps/nsplugin.if
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if 2009-07-07 08:51:57.000000000 +0200
+@@ -89,6 +89,8 @@
+ role $1 types nsplugin_config_t;
+
+ allow nsplugin_t $2:process signull;
++ allow nsplugin_t $2:sem rw_sem_perms;
++ allow nsplugin_t $2:shm rw_shm_perms;
+
+ list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-06-25 10:19:43.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2009-06-25 10:21:01.000000000 +0200
@@ -1400,7 +1456,7 @@ diff -b -B --ignore-all-space --exclude-
type lvm_control_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2009-07-07 08:21:23.000000000 +0200
@@ -44,34 +44,6 @@
interface(`domain_type',`
# start with basic domain
@@ -1436,6 +1492,27 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
+@@ -1338,3 +1310,20 @@
+ typeattribute $1 process_uncond_exempt;
+ ')
+
++#######################################
++## <summary>
++## Send generic signals to the unconfined domains.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`domain_unconfined_signal',`
++ gen_require(`
++ type unconfined_domain_type;
++ ')
++
++ allow $1 unconfined_domain_type:process signal;
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2009-06-25 10:19:44.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/kernel/domain.te 2009-06-26 15:48:29.000000000 +0200
@@ -1836,6 +1913,18 @@ diff -b -B --ignore-all-space --exclude-
/usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/sbin/ptal-printd -- gen_context(system_u:object_r:ptal_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.12/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cups.te 2009-07-07 09:04:11.000000000 +0200
+@@ -733,6 +733,8 @@
+ files_read_etc_files(cups_pdf_t)
+ files_read_usr_files(cups_pdf_t)
+
++fs_rw_anon_inodefs_files(cups_pdf_t)
++
+ kernel_read_system_state(cups_pdf_t)
+
+ auth_use_nsswitch(cups_pdf_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2009-06-25 10:19:44.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2009-06-25 10:21:01.000000000 +0200
@@ -2124,11 +2213,21 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-06-25 10:21:01.000000000 +0200
-@@ -287,6 +287,11 @@
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-07-07 08:19:18.000000000 +0200
+@@ -277,6 +277,8 @@
+ #
+
+ allow kpropd_t self:capability net_bind_service;
++allow kpropd_t self:process setfscreate;
++
+ allow kpropd_t self:fifo_file rw_file_perms;
+ allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
+ allow kpropd_t self:tcp_socket create_stream_socket_perms;
+@@ -287,6 +289,12 @@
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
++read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
+filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
+
+manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
@@ -2137,6 +2236,21 @@ diff -b -B --ignore-all-space --exclude-
corecmd_exec_bin(kpropd_t)
+@@ -302,10 +310,14 @@
+ files_read_etc_files(kpropd_t)
+ files_search_tmp(kpropd_t)
+
++selinux_validate_context(kpropd_t)
++
+ logging_send_syslog_msg(kpropd_t)
+
+ miscfiles_read_localization(kpropd_t)
+
++seutil_read_file_contexts(kpropd_t)
++
+ sysnet_dns_name_resolve(kpropd_t)
+
+ kerberos_use(kpropd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 2009-06-25 10:19:44.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2009-06-25 10:21:01.000000000 +0200
@@ -2563,7 +2677,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-07-07 08:35:34.000000000 +0200
@@ -95,6 +95,10 @@
userdom_signal_unpriv_users(rpcd_t)
@@ -2575,7 +2689,18 @@ diff -b -B --ignore-all-space --exclude-
nis_read_ypserv_config(rpcd_t)
')
-@@ -214,6 +218,10 @@
+@@ -103,6 +107,10 @@
+ unconfined_signal(rpcd_t)
+ ')
+
++optional_policy(`
++ domain_unconfined_signal(rpcd_t)
++')
++
+ ########################################
+ #
+ # NFSD local policy
+@@ -214,6 +222,10 @@
')
optional_policy(`
@@ -2917,12 +3042,24 @@ diff -b -B --ignore-all-space --exclude-
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-06-25 10:21:01.000000000 +0200
-@@ -1,3 +1,4 @@
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-07-07 08:44:02.000000000 +0200
+@@ -1,13 +1,15 @@
+/root/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/spamassassin -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/mimedefang.* -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+
+ /usr/bin/sa-learn -- gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamassassin -- gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamc -- gen_context(system_u:object_r:spamc_exec_t,s0)
+-/usr/bin/spamd -- gen_context(system_u:object_r:spamassassin_exec_t,s0)
+
++/usr/bin/spamd -- gen_context(system_u:object_r:spamd_exec_t,s0)
+ /usr/sbin/spamd -- gen_context(system_u:object_r:spamd_exec_t,s0)
+ /usr/bin/mimedefang-multiplexor -- gen_context(system_u:object_r:spamd_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.12/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-06-25 10:19:44.000000000 +0200
+++ serefpolicy-3.6.12/policy/modules/services/ssh.te 2009-06-29 22:52:07.000000000 +0200
@@ -2939,7 +3076,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-07-07 09:47:39.000000000 +0200
@@ -95,6 +95,8 @@
files_search_home(uucpd_t)
files_search_spool(uucpd_t)
@@ -3692,7 +3829,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-06-29 14:16:57.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-07-07 09:20:48.000000000 +0200
@@ -139,6 +139,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -3701,7 +3838,16 @@ diff -b -B --ignore-all-space --exclude-
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -190,6 +191,7 @@
+@@ -167,6 +168,8 @@
+ /usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
++/usr/share/hplip/prnt/plugins(/.*)? gen_context(system_u:object_r:lib_t,s0)
++
+ ifdef(`distro_debian',`
+ /usr/lib32 -l gen_context(system_u:object_r:lib_t,s0)
+ ')
+@@ -190,6 +193,7 @@
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -3709,7 +3855,7 @@ diff -b -B --ignore-all-space --exclude-
/usr/lib/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -284,6 +286,7 @@
+@@ -284,6 +288,7 @@
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
@@ -3717,7 +3863,7 @@ diff -b -B --ignore-all-space --exclude-
/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -366,9 +369,10 @@
+@@ -366,9 +371,10 @@
/usr/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.883
retrieving revision 1.884
diff -u -p -r1.883 -r1.884
--- selinux-policy.spec 3 Jul 2009 09:40:09 -0000 1.883
+++ selinux-policy.spec 7 Jul 2009 07:55:53 -0000 1.884
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 63%{?dist}
+Release: 64%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,10 @@ exit 0
%endif
%changelog
+* Tue Jul 7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-64
+- Fixes for kpropd
+- Fix up kismet policy
+
* Fri Jul 3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.6.12-63
- Allow ftpd to create shm
- Previous message (by thread): rpms/slashem/F-10 slashem-config.patch, NONE, 1.1 slashem.desktop, NONE, 1.1 slashem.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/system-config-language/devel s-c-l-bug-598975.patch, NONE, 1.1 system-config-language.spec, 1.50, 1.51
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list