rpms/selinux-policy/devel .cvsignore, 1.172, 1.173 nsadiff, 1.10, 1.11 policy-F12.patch, 1.20, 1.21 selinux-policy.spec, 1.873, 1.874 sources, 1.192, 1.193
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Jun 26 20:13:35 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30869
Modified Files:
.cvsignore nsadiff policy-F12.patch selinux-policy.spec
sources
Log Message:
* Thu Jun 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.20-1
- Update to upstream
- Fix nlscd_stream_connect
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.172
retrieving revision 1.173
diff -u -p -r1.172 -r1.173
--- .cvsignore 22 Jun 2009 22:27:57 -0000 1.172
+++ .cvsignore 26 Jun 2009 20:13:03 -0000 1.173
@@ -174,3 +174,4 @@ serefpolicy-3.6.16.tgz
serefpolicy-3.6.17.tgz
serefpolicy-3.6.18.tgz
serefpolicy-3.6.19.tgz
+serefpolicy-3.6.20.tgz
Index: nsadiff
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/nsadiff,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- nsadiff 20 Jun 2009 13:44:57 -0000 1.10
+++ nsadiff 26 Jun 2009 20:13:03 -0000 1.11
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.18 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.20 > /tmp/diff
policy-F12.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -p -N -r 1.20 -r 1.21 policy-F12.patch
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- policy-F12.patch 25 Jun 2009 21:43:35 -0000 1.20
+++ policy-F12.patch 26 Jun 2009 20:13:03 -0000 1.21
@@ -1,17 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.6.18/Changelog
---- nsaserefpolicy/Changelog 2009-06-22 17:07:19.000000000 -0400
-+++ serefpolicy-3.6.18/Changelog 2009-06-20 06:26:58.000000000 -0400
-@@ -29,7 +29,6 @@
- pingd (Dan Walsh)
- psad (Dan Walsh)
- portreserve (Dan Walsh)
-- sssd (Dan Walsh)
- ulogd (Dan Walsh)
- webadm (Dan Walsh)
- xguest (Dan Walsh)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.18/config/appconfig-mcs/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.20/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -33,15 +22,15 @@ diff -b -B --ignore-all-space --exclude-
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.18/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.20/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.18/config/appconfig-mcs/failsafe_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/failsafe_context 2009-06-26 14:09:22.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.18/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.20/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/root_default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/root_default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -56,9 +45,9 @@ diff -b -B --ignore-all-space --exclude-
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/securetty_types serefpolicy-3.6.18/config/appconfig-mcs/securetty_types
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/securetty_types serefpolicy-3.6.20/config/appconfig-mcs/securetty_types
--- nsaserefpolicy/config/appconfig-mcs/securetty_types 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.18/config/appconfig-mcs/securetty_types 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/securetty_types 2009-06-26 14:09:22.000000000 -0400
@@ -1 +1,6 @@
+auditadm_tty_device_t
+secadm_tty_device_t
@@ -66,18 +55,18 @@ diff -b -B --ignore-all-space --exclude-
+sysadm_tty_device_t
+unconfined_tty_device_t
user_tty_device_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.18/config/appconfig-mcs/seusers
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.20/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.18/config/appconfig-mcs/seusers 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/seusers 2009-06-26 14:09:22.000000000 -0400
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+root:unconfined_u:s0-mcs_systemhigh
+__default__:unconfined_u:s0-mcs_systemhigh
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.18/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.20/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/staff_u_default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/staff_u_default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -92,9 +81,9 @@ diff -b -B --ignore-all-space --exclude-
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.18/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.20/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/unconfined_u_default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/unconfined_u_default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,4 +1,4 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
@@ -108,15 +97,15 @@ diff -b -B --ignore-all-space --exclude-
+system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.18/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.20/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.18/config/appconfig-mcs/userhelper_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/userhelper_context 2009-06-26 14:09:22.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.18/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.20/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/user_u_default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/user_u_default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -129,20 +118,20 @@ diff -b -B --ignore-all-space --exclude-
-
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.18/config/appconfig-mcs/virtual_domain_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.20/config/appconfig-mcs/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/virtual_domain_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/virtual_domain_context 2009-06-26 14:09:22.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:svirt_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.18/config/appconfig-mcs/virtual_image_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.20/config/appconfig-mcs/virtual_image_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mcs/virtual_image_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mcs/virtual_image_context 2009-06-26 14:09:22.000000000 -0400
@@ -0,0 +1,2 @@
+system_u:object_r:svirt_image_t:s0
+system_u:object_r:virt_content_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.18/config/appconfig-mls/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.20/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mls/default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mls/default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -164,9 +153,9 @@ diff -b -B --ignore-all-space --exclude-
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.18/config/appconfig-mls/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.20/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mls/root_default_contexts 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mls/root_default_contexts 2009-06-26 14:09:22.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -185,20 +174,20 @@ diff -b -B --ignore-all-space --exclude-
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.18/config/appconfig-mls/virtual_domain_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.20/config/appconfig-mls/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mls/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mls/virtual_domain_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mls/virtual_domain_context 2009-06-26 14:09:22.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:qemu_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.18/config/appconfig-mls/virtual_image_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.20/config/appconfig-mls/virtual_image_context
--- nsaserefpolicy/config/appconfig-mls/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.18/config/appconfig-mls/virtual_image_context 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-mls/virtual_image_context 2009-06-26 14:09:22.000000000 -0400
@@ -0,0 +1,2 @@
+system_u:object_r:virt_image_t:s0
+system_u:object_r:virt_content_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/securetty_types serefpolicy-3.6.18/config/appconfig-standard/securetty_types
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/securetty_types serefpolicy-3.6.20/config/appconfig-standard/securetty_types
--- nsaserefpolicy/config/appconfig-standard/securetty_types 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.18/config/appconfig-standard/securetty_types 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/config/appconfig-standard/securetty_types 2009-06-26 14:09:22.000000000 -0400
@@ -1 +1,6 @@
+auditadm_tty_device_t
+secadm_tty_device_t
@@ -206,9 +195,9 @@ diff -b -B --ignore-all-space --exclude-
+sysadm_tty_device_t
+unconfined_tty_device_t
user_tty_device_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.18/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.20/Makefile
--- nsaserefpolicy/Makefile 2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.18/Makefile 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/Makefile 2009-06-26 14:09:22.000000000 -0400
@@ -241,7 +241,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -271,9 +260,9 @@ diff -b -B --ignore-all-space --exclude-
$(appdir)/%: $(appconf)/%
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.18/policy/global_tunables
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.20/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2008-11-11 16:13:50.000000000 -0500
[...5329 lines suppressed...]
files_search_pids($1)
- stream_connect_pattern($1,xend_var_run_t,xend_var_run_t,xend_t)
+ stream_connect_pattern($1, xend_var_run_t, xend_var_run_t, xend_t)
+
+ files_search_var_lib($1)
+ stream_connect_pattern($1, xend_var_lib_t, xend_var_lib_t, xend_t)
@@ -31735,7 +31476,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
@@ -191,3 +196,46 @@
- domtrans_pattern($1,xm_exec_t,xm_t)
+ domtrans_pattern($1, xm_exec_t, xm_t)
')
+
+########################################
@@ -31780,9 +31521,9 @@ diff -b -B --ignore-all-space --exclude-
+ files_search_pids($1)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.18/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2009-06-20 06:26:20.000000000 -0400
-+++ serefpolicy-3.6.18/policy/modules/system/xen.te 2009-06-20 06:49:47.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.20/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te 2009-06-26 13:59:21.000000000 -0400
++++ serefpolicy-3.6.20/policy/modules/system/xen.te 2009-06-26 14:09:22.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -31806,7 +31547,7 @@ diff -b -B --ignore-all-space --exclude-
type xenstored_t;
type xenstored_exec_t;
-domain_type(xenstored_t)
--domain_entry_file(xenstored_t,xenstored_exec_t)
+-domain_entry_file(xenstored_t, xenstored_exec_t)
-role system_r types xenstored_t;
+init_daemon_domain(xenstored_t, xenstored_exec_t)
+
@@ -31829,7 +31570,7 @@ diff -b -B --ignore-all-space --exclude-
type xenconsoled_t;
type xenconsoled_exec_t;
-domain_type(xenconsoled_t)
--domain_entry_file(xenconsoled_t,xenconsoled_exec_t)
+-domain_entry_file(xenconsoled_t, xenconsoled_exec_t)
+init_daemon_domain(xenconsoled_t, xenconsoled_exec_t)
role system_r types xenconsoled_t;
@@ -31854,35 +31595,35 @@ diff -b -B --ignore-all-space --exclude-
#
# xend local policy
@@ -95,7 +120,7 @@
- read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
- rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
+ read_lnk_files_pattern(xend_t, xen_image_t, xen_image_t)
+ rw_blk_files_pattern(xend_t, xen_image_t, xen_image_t)
-allow xend_t xenctl_t:fifo_file manage_file_perms;
+allow xend_t xenctl_t:fifo_file manage_fifo_file_perms;
dev_filetrans(xend_t, xenctl_t, fifo_file)
- manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
+ manage_files_pattern(xend_t, xend_tmp_t, xend_tmp_t)
@@ -103,14 +128,14 @@
files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
# pid file
-allow xend_t xend_var_run_t:dir setattr;
+manage_dirs_pattern(xend_t, xend_var_run_t, xend_var_run_t)
- manage_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
- manage_sock_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
- manage_fifo_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
--files_pid_filetrans(xend_t,xend_var_run_t, { file sock_file fifo_file })
+ manage_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+ manage_sock_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+ manage_fifo_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+-files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file })
+files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file dir })
# log files
-allow xend_t xend_var_log_t:dir setattr;
+manage_dirs_pattern(xend_t, xend_var_log_t, xend_var_log_t)
- manage_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
- manage_sock_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
- logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
+ manage_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
+ manage_sock_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
+ logging_log_filetrans(xend_t, xend_var_log_t,{ sock_file file dir })
@@ -122,12 +147,13 @@
- manage_fifo_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
- files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
+ manage_fifo_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
+ files_var_lib_filetrans(xend_t, xend_var_lib_t,{ file dir })
+init_stream_connect_script(xend_t)
+
@@ -31898,7 +31639,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(xend_t)
@@ -173,6 +199,7 @@
files_manage_etc_runtime_files(xend_t)
- files_etc_filetrans_etc_runtime(xend_t,file)
+ files_etc_filetrans_etc_runtime(xend_t, file)
files_read_usr_files(xend_t)
+files_read_default_symlinks(xend_t)
@@ -31921,7 +31662,7 @@ diff -b -B --ignore-all-space --exclude-
+fs_list_tmpfs(xenconsoled_t)
+
- term_create_pty(xenconsoled_t,xen_devpts_t)
+ term_create_pty(xenconsoled_t, xen_devpts_t)
term_use_generic_ptys(xenconsoled_t)
term_use_console(xenconsoled_t)
@@ -248,7 +281,7 @@
@@ -31947,9 +31688,9 @@ diff -b -B --ignore-all-space --exclude-
+files_tmp_filetrans(xenstored_t, xenstored_tmp_t, { file dir })
+
# pid file
- manage_files_pattern(xenstored_t,xenstored_var_run_t,xenstored_var_run_t)
- manage_sock_files_pattern(xenstored_t,xenstored_var_run_t,xenstored_var_run_t)
- files_pid_filetrans(xenstored_t,xenstored_var_run_t, { file sock_file })
+ manage_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
+ manage_sock_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
+ files_pid_filetrans(xenstored_t, xenstored_var_run_t, { file sock_file })
+# log files
+manage_dirs_pattern(xenstored_t, xenstored_var_log_t, xenstored_var_log_t)
@@ -31958,10 +31699,10 @@ diff -b -B --ignore-all-space --exclude-
+logging_log_filetrans(xenstored_t, xenstored_var_log_t, { sock_file file dir })
+
# var/lib files for xenstored
- manage_dirs_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
- manage_files_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
- manage_sock_files_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
- files_var_lib_filetrans(xenstored_t,xenstored_var_lib_t,{ file dir sock_file })
+ manage_dirs_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+ manage_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+ manage_sock_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+ files_var_lib_filetrans(xenstored_t, xenstored_var_lib_t,{ file dir sock_file })
+# write and connect to evtchnd socket
+evtchnd_stream_connect(xenstored_t)
@@ -31979,8 +31720,8 @@ diff -b -B --ignore-all-space --exclude-
allow xm_t self:fifo_file rw_fifo_file_perms;
@@ -312,24 +359,28 @@
- manage_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
- manage_fifo_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
+ manage_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
+ manage_fifo_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
+manage_sock_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
files_search_var_lib(xm_t)
@@ -32077,9 +31818,9 @@ diff -b -B --ignore-all-space --exclude-
+libs_use_ld_so(evtchnd_t)
+libs_use_shared_libs(evtchnd_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.18/policy/support/obj_perm_sets.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.20/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.18/policy/support/obj_perm_sets.spt 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/policy/support/obj_perm_sets.spt 2009-06-26 14:09:22.000000000 -0400
@@ -201,7 +201,7 @@
define(`setattr_file_perms',`{ setattr }')
define(`read_file_perms',`{ getattr open read lock ioctl }')
@@ -32112,9 +31853,9 @@ diff -b -B --ignore-all-space --exclude-
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.18/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.20/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.18/policy/users 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/policy/users 2009-06-26 14:09:22.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -32139,9 +31880,9 @@ diff -b -B --ignore-all-space --exclude-
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.18/Rules.modular
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.20/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/Rules.modular 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/Rules.modular 2009-06-26 14:09:22.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -32171,9 +31912,9 @@ diff -b -B --ignore-all-space --exclude-
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.18/support/Makefile.devel
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.20/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.18/support/Makefile.devel 2009-06-20 06:49:47.000000000 -0400
++++ serefpolicy-3.6.20/support/Makefile.devel 2009-06-26 14:09:22.000000000 -0400
@@ -185,8 +185,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.873
retrieving revision 1.874
diff -u -p -r1.873 -r1.874
--- selinux-policy.spec 25 Jun 2009 21:43:36 -0000 1.873
+++ selinux-policy.spec 26 Jun 2009 20:13:03 -0000 1.874
@@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.6.19
-Release: 5%{?dist}
+Version: 3.6.20
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -183,7 +183,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 3002.
+Based off of reference policy: Checked out revision 3005.
%build
@@ -473,6 +473,10 @@ exit 0
%endif
%changelog
+* Thu Jun 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.20-1
+- Update to upstream
+- Fix nlscd_stream_connect
+
* Thu Jun 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.19-5
- Add rtkit policy
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -p -r1.192 -r1.193
--- sources 22 Jun 2009 22:27:58 -0000 1.192
+++ sources 26 Jun 2009 20:13:04 -0000 1.193
@@ -1 +1 @@
-c0dc13f604297fb85fc945cffae899e0 serefpolicy-3.6.19.tgz
+d347e58dd29c66f67f18f946f44bd828 serefpolicy-3.6.20.tgz
More information about the fedora-extras-commits
mailing list