rpms/selinux-policy/devel policy-F12.patch,1.14,1.15
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Jun 20 13:59:01 UTC 2009
- Previous message (by thread): rpms/clutter/devel .cvsignore, 1.13, 1.14 clutter.spec, 1.17, 1.18 sources, 1.13, 1.14
- Next message (by thread): rpms/libguestfs/devel guestfs-daemon-find.patch, NONE, 1.1 libguestfs.spec, 1.55, 1.56
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7143
Modified Files:
policy-F12.patch
Log Message:
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.18-1
- Update to upstream
* cleanup
* Fri Jun 19 2009 Dan Walsh <dwalsh at redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
policy-F12.patch:
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- policy-F12.patch 20 Jun 2009 13:44:57 -0000 1.14
+++ policy-F12.patch 20 Jun 2009 13:59:00 -0000 1.15
@@ -1686,6 +1686,159 @@ diff -b -B --ignore-all-space --exclude-
+')
+
+permissive cpufreqselector_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.18/policy/modules/apps/gitosis.fc
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.fc 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,4 @@
++
++/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
++
++/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.18/policy/modules/apps/gitosis.if
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.if 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,94 @@
++## <summary>gitosis interface</summary>
++
++#######################################
++## <summary>
++## Execute a domain transition to run gitosis.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gitosis_domtrans',`
++ gen_require(`
++ type gitosis_t, gitosis_exec_t;
++ ')
++
++ domtrans_pattern($1, gitosis_exec_t, gitosis_t)
++')
++
++#######################################
++## <summary>
++## Execute gitosis-serve in the gitosis domain, and
++## allow the specified role the gitosis domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the gpsd domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the role's terminal.
++## </summary>
++## </param>
++#
++interface(`gitosis_run',`
++ gen_require(`
++ type gitosis_t;
++ ')
++
++ gitosis_domtrans($1)
++ role $2 types gitosis_t;
++ allow gitosis_t $3:chr_file rw_term_perms;
++')
++
++#######################################
++## <summary>
++## Allow the specified domain to read
++## gitosis lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gitosis_read_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
++
++######################################
++## <summary>
++## Allow the specified domain to manage
++## gitosis lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gitosis_manage_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.18/policy/modules/apps/gitosis.te
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.18/policy/modules/apps/gitosis.te 2009-06-20 07:15:46.000000000 -0400
+@@ -0,0 +1,43 @@
++policy_module(gitosis,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gitosis_t;
++type gitosis_exec_t;
++application_domain(gitosis_t, gitosis_exec_t)
++role system_r types gitosis_t;
++
++type gitosis_var_lib_t;
++files_type(gitosis_var_lib_t)
++
++########################################
++#
++# gitosis local policy
++#
++
++allow gitosis_t self:fifo_file rw_fifo_file_perms;
++
++exec_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_lnk_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_dirs_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++
++corecmd_exec_bin(gitosis_t)
++corecmd_exec_shell(gitosis_t)
++
++kernel_read_system_state(gitosis_t)
++
++files_read_usr_files(gitosis_t)
++files_search_var_lib(gitosis_t)
++
++libs_use_ld_so(gitosis_t)
++libs_use_shared_libs(gitosis_t)
++
++miscfiles_read_localization(gitosis_t)
++
++optional_policy(`
++ ssh_rw_pipes(gitosis_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.18/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gnome.fc 2009-06-20 06:49:47.000000000 -0400
@@ -28016,7 +28169,7 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.18/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-20 06:26:20.000000000 -0400
-+++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 09:54:49.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -28045,7 +28198,7 @@ diff -b -B --ignore-all-space --exclude-
allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
-+allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_relay };
++allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)
- Previous message (by thread): rpms/clutter/devel .cvsignore, 1.13, 1.14 clutter.spec, 1.17, 1.18 sources, 1.13, 1.14
- Next message (by thread): rpms/libguestfs/devel guestfs-daemon-find.patch, NONE, 1.1 libguestfs.spec, 1.55, 1.56
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list