rpms/selinux-policy/F-9 policy-20071130.patch, 1.258, 1.259 selinux-policy.spec, 1.741, 1.742
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Mar 6 13:34:28 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv793
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
- Fix wine labeling
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.258
retrieving revision 1.259
diff -u -r1.258 -r1.259
--- policy-20071130.patch 5 Mar 2009 13:53:45 -0000 1.258
+++ policy-20071130.patch 6 Mar 2009 13:34:25 -0000 1.259
@@ -578584,8 +578584,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.fc 2009-02-12 22:21:57.000000000 +0100
-@@ -1,4 +1,6 @@
++++ serefpolicy-3.3.1/policy/modules/apps/wine.fc 2009-03-05 19:08:30.000000000 +0100
+@@ -1,4 +1,13 @@
/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -578594,6 +578594,13 @@
+/opt/picasa/wine/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+HOME_DIR/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
++
++/usr/bin/msiexec -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regedit -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 2008-02-26 14:23:12.000000000 +0100
+++ serefpolicy-3.3.1/policy/modules/apps/wine.if 2009-02-12 22:21:57.000000000 +0100
@@ -650880,7 +650887,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te 2009-02-27 09:21:55.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te 2009-03-06 12:34:34.000000000 +0100
@@ -15,6 +15,15 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -650980,7 +650987,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -184,5 +213,55 @@
+@@ -184,5 +213,59 @@
')
optional_policy(`
@@ -650996,7 +651003,7 @@
+optional_policy(`
+ postfix_manage_private_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
- ')
++')
+
+# for gssapi (kerberos)
+userdom_list_unpriv_users_tmp(dovecot_auth_t)
@@ -651012,6 +651019,10 @@
+allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
+
++manage_dirs_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_lnk_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++
+kernel_read_all_sysctls(dovecot_deliver_t)
+kernel_read_system_state(dovecot_deliver_t)
+
@@ -651035,7 +651046,7 @@
+
+optional_policy(`
+ mta_manage_spool(dovecot_deliver_t)
-+')
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.3.1/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-02-26 14:23:10.000000000 +0100
@@ -651441,18 +651452,41 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.3.1/policy/modules/services/fetchmail.fc
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc 2009-02-12 22:21:57.000000000 +0100
-@@ -17,3 +17,4 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc 2009-03-06 12:50:36.000000000 +0100
+@@ -15,5 +15,7 @@
+ # /var
+ #
++/var/log/fetchmail\.log -- gen_context(system_u:object_r:fetchmail_log_t,s0)
/var/run/fetchmail/.* -- gen_context(system_u:object_r:fetchmail_var_run_t,s0)
/var/mail/\.fetchmail-UIDL-cache -- gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.3.1/policy/modules/services/fetchmail.if
--- nsaserefpolicy/policy/modules/services/fetchmail.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if 2009-02-12 22:21:57.000000000 +0100
-@@ -1 +1,44 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if 2009-03-06 12:32:36.000000000 +0100
+@@ -1 +1,64 @@
## <summary>Remote-mail retrieval and forwarding utility</summary>
+
++######################################
++## <summary>
++## Allow the specified domain to append
++## fetchmail log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`fetchmail_append_log',`
++ gen_require(`
++ type fetchmail_log_t;
++ ')
++
++ logging_search_logs($1)
++ append_files_pattern($1, fetchmail_log_t, fetchmail_log_t)
++')
++
+########################################
+## <summary>
+## All of the rules required to administrate
@@ -651497,8 +651531,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.3.1/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te 2009-02-12 22:21:57.000000000 +0100
-@@ -14,7 +14,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te 2009-03-06 12:32:01.000000000 +0100
+@@ -14,11 +14,14 @@
files_pid_file(fetchmail_var_run_t)
type fetchmail_etc_t;
@@ -651507,7 +651541,24 @@
type fetchmail_uidl_cache_t;
files_type(fetchmail_uidl_cache_t)
-@@ -90,6 +90,10 @@
+
++type fetchmail_log_t;
++logging_log_file(fetchmail_log_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -40,6 +43,9 @@
+ manage_files_pattern(fetchmail_t,fetchmail_var_run_t,fetchmail_var_run_t)
+ files_pid_filetrans(fetchmail_t,fetchmail_var_run_t,file)
+
++manage_files_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
++logging_log_filetrans(fetchmail_t,fetchmail_log_t,file)
++
+ kernel_read_kernel_sysctls(fetchmail_t)
+ kernel_list_proc(fetchmail_t)
+ kernel_getattr_proc_files(fetchmail_t)
+@@ -90,6 +96,10 @@
')
optional_policy(`
@@ -660469,7 +660520,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te 2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te 2009-03-06 12:34:01.000000000 +0100
@@ -14,6 +14,10 @@
type procmail_tmp_t;
files_tmp_file(procmail_tmp_t)
@@ -660503,10 +660554,14 @@
files_read_etc_files(procmail_t)
files_read_etc_runtime_files(procmail_t)
-@@ -102,6 +114,15 @@
+@@ -102,6 +114,19 @@
')
optional_policy(`
++ fetchmail_append_log(procmail_t)
++')
++
++optional_policy(`
+ cron_read_pipes(procmail_t)
+')
+
@@ -660519,7 +660574,7 @@
munin_dontaudit_search_lib(procmail_t)
')
-@@ -116,11 +137,13 @@
+@@ -116,11 +141,13 @@
optional_policy(`
pyzor_domtrans(procmail_t)
@@ -660533,7 +660588,7 @@
sendmail_rw_tcp_sockets(procmail_t)
sendmail_rw_unix_stream_sockets(procmail_t)
')
-@@ -129,7 +152,11 @@
+@@ -129,7 +156,11 @@
corenet_udp_bind_generic_port(procmail_t)
corenet_dontaudit_udp_bind_all_ports(procmail_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.741
retrieving revision 1.742
diff -u -r1.741 -r1.742
--- selinux-policy.spec 27 Feb 2009 08:50:01 -0000 1.741
+++ selinux-policy.spec 6 Mar 2009 13:34:26 -0000 1.742
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 125%{?dist}
+Release: 126%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,10 @@
%endif
%changelog
+* Fri Mar 6 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-126
+- Fix pcscd policy
+- Allow alsa to read hardware state information
+
* Thu Feb 27 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-125
- Fix qemu labeling
- Fix mysqld_safe policy
More information about the fedora-extras-commits
mailing list