rpms/selinux-policy/F-9 policy-20071130.patch, 1.258, 1.259 selinux-policy.spec, 1.741, 1.742

Miroslav Grepl mgrepl at fedoraproject.org
Fri Mar 6 13:34:28 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv793

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
- Fix wine labeling


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.258
retrieving revision 1.259
diff -u -r1.258 -r1.259
--- policy-20071130.patch	5 Mar 2009 13:53:45 -0000	1.258
+++ policy-20071130.patch	6 Mar 2009 13:34:25 -0000	1.259
@@ -578584,8 +578584,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-02-12 22:21:57.000000000 +0100
-@@ -1,4 +1,6 @@
++++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-03-05 19:08:30.000000000 +0100
+@@ -1,4 +1,13 @@
  /usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
  
 -/opt/cxoffice/bin/wine		--	gen_context(system_u:object_r:wine_exec_t,s0)
@@ -578594,6 +578594,13 @@
 +/opt/picasa/wine/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
 +/opt/google/picasa(/.*)?/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
 +HOME_DIR/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
++
++/usr/bin/msiexec                --      gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/notepad                --      gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regsvr32               --      gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regedit                --      gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/uninstaller            --      gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/progman                --      gen_context(system_u:object_r:wine_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	2008-02-26 14:23:12.000000000 +0100
 +++ serefpolicy-3.3.1/policy/modules/apps/wine.if	2009-02-12 22:21:57.000000000 +0100
@@ -650880,7 +650887,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-02-27 09:21:55.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-03-06 12:34:34.000000000 +0100
 @@ -15,6 +15,15 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -650980,7 +650987,7 @@
  files_read_usr_symlinks(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
  files_read_var_lib_files(dovecot_t)
-@@ -184,5 +213,55 @@
+@@ -184,5 +213,59 @@
  ')
  
  optional_policy(`
@@ -650996,7 +651003,7 @@
 +optional_policy(`
 +	postfix_manage_private_sockets(dovecot_auth_t)
 +	postfix_search_spool(dovecot_auth_t)
- ')
++')
 +
 +# for gssapi (kerberos)
 +userdom_list_unpriv_users_tmp(dovecot_auth_t) 
@@ -651012,6 +651019,10 @@
 +allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
 +allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
 +
++manage_dirs_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_lnk_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++
 +kernel_read_all_sysctls(dovecot_deliver_t)
 +kernel_read_system_state(dovecot_deliver_t)
 +
@@ -651035,7 +651046,7 @@
 +
 +optional_policy(`
 +	mta_manage_spool(dovecot_deliver_t)
-+')
+ ')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.3.1/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-02-26 14:23:10.000000000 +0100
@@ -651441,18 +651452,41 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.3.1/policy/modules/services/fetchmail.fc
 --- nsaserefpolicy/policy/modules/services/fetchmail.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-02-12 22:21:57.000000000 +0100
-@@ -17,3 +17,4 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-03-06 12:50:36.000000000 +0100
+@@ -15,5 +15,7 @@
+ # /var
+ #
  
++/var/log/fetchmail\.log         --      gen_context(system_u:object_r:fetchmail_log_t,s0)
  /var/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
  /var/mail/\.fetchmail-UIDL-cache --	gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.3.1/policy/modules/services/fetchmail.if
 --- nsaserefpolicy/policy/modules/services/fetchmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-02-12 22:21:57.000000000 +0100
-@@ -1 +1,44 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-03-06 12:32:36.000000000 +0100
+@@ -1 +1,64 @@
  ## <summary>Remote-mail retrieval and forwarding utility</summary>
 +
++######################################
++## <summary>
++##      Allow the specified domain to append
++##      fetchmail log files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed to transition.
++##      </summary>
++## </param>
++#
++interface(`fetchmail_append_log',`
++        gen_require(`
++                type fetchmail_log_t;
++        ')
++
++        logging_search_logs($1)
++        append_files_pattern($1, fetchmail_log_t, fetchmail_log_t)
++')
++
 +########################################
 +## <summary>
 +##	All of the rules required to administrate 
@@ -651497,8 +651531,8 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.3.1/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-02-12 22:21:57.000000000 +0100
-@@ -14,7 +14,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-03-06 12:32:01.000000000 +0100
+@@ -14,11 +14,14 @@
  files_pid_file(fetchmail_var_run_t)
  
  type fetchmail_etc_t;
@@ -651507,7 +651541,24 @@
  
  type fetchmail_uidl_cache_t;
  files_type(fetchmail_uidl_cache_t)
-@@ -90,6 +90,10 @@
+ 
++type fetchmail_log_t;
++logging_log_file(fetchmail_log_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -40,6 +43,9 @@
+ manage_files_pattern(fetchmail_t,fetchmail_var_run_t,fetchmail_var_run_t)
+ files_pid_filetrans(fetchmail_t,fetchmail_var_run_t,file)
+ 
++manage_files_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
++logging_log_filetrans(fetchmail_t,fetchmail_log_t,file)
++
+ kernel_read_kernel_sysctls(fetchmail_t)
+ kernel_list_proc(fetchmail_t)
+ kernel_getattr_proc_files(fetchmail_t)
+@@ -90,6 +96,10 @@
  ')
  
  optional_policy(`
@@ -660469,7 +660520,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-03-06 12:34:01.000000000 +0100
 @@ -14,6 +14,10 @@
  type procmail_tmp_t;
  files_tmp_file(procmail_tmp_t)
@@ -660503,10 +660554,14 @@
  
  files_read_etc_files(procmail_t)
  files_read_etc_runtime_files(procmail_t)
-@@ -102,6 +114,15 @@
+@@ -102,6 +114,19 @@
  ')
  
  optional_policy(`
++        fetchmail_append_log(procmail_t)
++')
++
++optional_policy(`
 +	cron_read_pipes(procmail_t)
 +')
 +
@@ -660519,7 +660574,7 @@
  	munin_dontaudit_search_lib(procmail_t)
  ')
  
-@@ -116,11 +137,13 @@
+@@ -116,11 +141,13 @@
  
  optional_policy(`
  	pyzor_domtrans(procmail_t)
@@ -660533,7 +660588,7 @@
  	sendmail_rw_tcp_sockets(procmail_t)
  	sendmail_rw_unix_stream_sockets(procmail_t)
  ')
-@@ -129,7 +152,11 @@
+@@ -129,7 +156,11 @@
  	corenet_udp_bind_generic_port(procmail_t)
  	corenet_dontaudit_udp_bind_all_ports(procmail_t)
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.741
retrieving revision 1.742
diff -u -r1.741 -r1.742
--- selinux-policy.spec	27 Feb 2009 08:50:01 -0000	1.741
+++ selinux-policy.spec	6 Mar 2009 13:34:26 -0000	1.742
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 125%{?dist}
+Release: 126%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,10 @@
 %endif
 
 %changelog
+* Fri Mar 6 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-126
+- Fix pcscd policy
+- Allow alsa to read hardware state information
+
 * Thu Feb 27 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-125
 - Fix qemu labeling
 - Fix mysqld_safe policy

More information about the fedora-extras-commits mailing list