rpms/selinux-policy/devel policy-20090105.patch, 1.64, 1.65 selinux-policy.spec, 1.807, 1.808

Daniel J Walsh dwalsh at fedoraproject.org
Wed Mar 18 19:34:58 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5985

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Wed Mar 18 2009 Dan Walsh <dwalsh at redhat.com> 3.6.9-4
- Allow mdadm to read/write mls override


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- policy-20090105.patch	17 Mar 2009 19:52:34 -0000	1.64
+++ policy-20090105.patch	18 Mar 2009 19:34:57 -0000	1.65
@@ -9869,7 +9869,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.9/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.9/policy/modules/services/cups.fc	2009-03-12 13:35:00.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cups.fc	2009-03-18 09:22:37.000000000 -0400
 @@ -5,27 +5,38 @@
  /etc/cups/classes\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/cupsd\.conf.* --	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -11036,8 +11036,8 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.9/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.9/policy/modules/services/devicekit.te	2009-03-17 15:39:17.000000000 -0400
-@@ -0,0 +1,209 @@
++++ serefpolicy-3.6.9/policy/modules/services/devicekit.te	2009-03-18 09:06:43.000000000 -0400
+@@ -0,0 +1,210 @@
 +policy_module(devicekit,1.0.0)
 +
 +########################################
@@ -11204,6 +11204,7 @@
 +
 +files_manage_mnt_dirs(devicekit_disk_t)
 +files_read_etc_files(devicekit_disk_t)
++files_read_etc_runtime_files(devicekit_disk_t)
 +files_read_usr_files(devicekit_disk_t)
 +
 +fs_list_inotifyfs(devicekit_disk_t)
@@ -12219,6 +12220,18 @@
 +	polkit_read_reload(gnomeclock_t)
 +')
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.9/policy/modules/services/gpm.te
+--- nsaserefpolicy/policy/modules/services/gpm.te	2009-01-05 15:39:43.000000000 -0500
++++ serefpolicy-3.6.9/policy/modules/services/gpm.te	2009-03-18 08:58:52.000000000 -0400
+@@ -54,6 +54,8 @@
+ dev_rw_input_dev(gpm_t)
+ dev_rw_mouse(gpm_t)
+ 
++files_read_etc_files(gpm_t)
++
+ fs_getattr_all_fs(gpm_t)
+ fs_search_auto_mountpoints(gpm_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.9/policy/modules/services/gpsd.fc
 --- nsaserefpolicy/policy/modules/services/gpsd.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.9/policy/modules/services/gpsd.fc	2009-03-12 13:35:00.000000000 -0400
@@ -24851,7 +24864,7 @@
 +miscfiles_read_localization(iscsid_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.9/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.9/policy/modules/system/libraries.fc	2009-03-12 13:35:00.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/libraries.fc	2009-03-18 09:23:12.000000000 -0400
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -25000,7 +25013,7 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
-@@ -310,3 +336,30 @@
+@@ -310,3 +336,32 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
@@ -25031,6 +25044,8 @@
 +/usr/matlab.*\.so(\.[^/]*)*		gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/opt/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib/libcncpmslld328\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.9/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2009-01-05 15:39:43.000000000 -0500
 +++ serefpolicy-3.6.9/policy/modules/system/libraries.te	2009-03-12 13:35:00.000000000 -0400
@@ -25991,7 +26006,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.9/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.9/policy/modules/system/raid.te	2009-03-12 13:35:00.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/raid.te	2009-03-18 14:48:18.000000000 -0400
 @@ -39,6 +39,7 @@
  dev_dontaudit_getattr_generic_files(mdadm_t)
  dev_dontaudit_getattr_generic_chr_files(mdadm_t)
@@ -26000,6 +26015,16 @@
  
  fs_search_auto_mountpoints(mdadm_t)
  fs_dontaudit_list_tmpfs(mdadm_t)
+@@ -48,6 +49,9 @@
+ storage_dev_filetrans_fixed_disk(mdadm_t)
+ storage_read_scsi_generic(mdadm_t)
+ 
++mls_file_read_all_levels(mdadm_t)
++mls_file_write_all_levels(mdadm_t)
++
+ term_dontaudit_list_ptys(mdadm_t)
+ 
+ # Helper program access
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2008-08-07 11:15:12.000000000 -0400
 +++ serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc	2009-03-12 13:35:00.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.807
retrieving revision 1.808
diff -u -r1.807 -r1.808
--- selinux-policy.spec	17 Mar 2009 19:52:35 -0000	1.807
+++ selinux-policy.spec	18 Mar 2009 19:34:57 -0000	1.808
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
 %endif
 
 %changelog
+* Wed Mar 18 2009 Dan Walsh <dwalsh at redhat.com> 3.6.9-4
+- Allow mdadm to read/write mls override
+
 * Tue Mar 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.9-3
 - Change to svirt to only access svirt_image_t

More information about the fedora-extras-commits mailing list