rpms/selinux-policy/F-10 policy-20080710.patch, 1.151, 1.152 selinux-policy.spec, 1.782, 1.783
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Mar 25 08:14:10 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25255
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow hald_t to read/write ppp config
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- policy-20080710.patch 23 Mar 2009 16:03:21 -0000 1.151
+++ policy-20080710.patch 25 Mar 2009 08:14:09 -0000 1.152
@@ -17698,7 +17698,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-03-25 09:04:18.000000000 +0100
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -17748,7 +17748,7 @@
userdom_dontaudit_use_unpriv_user_fds(hald_t)
-@@ -280,6 +296,12 @@
+@@ -280,6 +296,16 @@
')
optional_policy(`
@@ -17758,10 +17758,14 @@
+')
+
+optional_policy(`
++ ppp_read_rw_config(hald_t)
++')
++
++optional_policy(`
rpc_search_nfs_state_data(hald_t)
')
-@@ -300,12 +322,20 @@
+@@ -300,12 +326,20 @@
vbetool_domtrans(hald_t)
')
@@ -17783,7 +17787,7 @@
allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +356,7 @@
+@@ -326,6 +360,7 @@
dev_getattr_all_chr_files(hald_acl_t)
dev_setattr_all_chr_files(hald_acl_t)
dev_getattr_generic_usb_dev(hald_acl_t)
@@ -17791,7 +17795,7 @@
dev_getattr_video_dev(hald_acl_t)
dev_setattr_video_dev(hald_acl_t)
dev_getattr_sound_dev(hald_acl_t)
-@@ -338,19 +369,30 @@
+@@ -338,19 +373,30 @@
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
@@ -17822,7 +17826,7 @@
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -359,6 +401,8 @@
+@@ -359,6 +405,8 @@
manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -17831,7 +17835,7 @@
kernel_read_system_state(hald_mac_t)
dev_read_raw_memory(hald_mac_t)
-@@ -366,10 +410,15 @@
+@@ -366,10 +414,15 @@
dev_read_sysfs(hald_mac_t)
files_read_usr_files(hald_mac_t)
@@ -17847,7 +17851,7 @@
miscfiles_read_localization(hald_mac_t)
########################################
-@@ -388,6 +437,8 @@
+@@ -388,6 +441,8 @@
manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
@@ -17856,7 +17860,7 @@
files_read_usr_files(hald_sonypic_t)
libs_use_ld_so(hald_sonypic_t)
-@@ -408,6 +459,8 @@
+@@ -408,6 +463,8 @@
manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
@@ -17865,7 +17869,7 @@
dev_rw_input_dev(hald_keymap_t)
files_read_usr_files(hald_keymap_t)
-@@ -419,4 +472,50 @@
+@@ -419,4 +476,51 @@
# This is caused by a bug in hald and PolicyKit.
# Should be removed when this is fixed
@@ -17879,6 +17883,7 @@
+allow hald_dccm_t self:capability { net_bind_service };
+allow hald_dccm_t self:process getsched;
+
++allow hald_dccm_t self:unix_dgram_socket create_socket_perms;
+allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
+allow hald_dccm_t self:udp_socket create_socket_perms;
+allow hald_dccm_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -32983,7 +32988,7 @@
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-03-25 01:47:29.000000000 +0100
@@ -6,3 +6,4 @@
/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
@@ -39298,8 +39303,27 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.13/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2009-03-19 18:00:28.000000000 +0100
-@@ -20,6 +20,7 @@
++++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2009-03-25 00:31:36.000000000 +0100
+@@ -1,5 +1,7 @@
+ /dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
+
++/usr/sbin/evtchnd -- gen_context(system_u:object_r:evtchnd_exec_t,s0)
++
+ /usr/bin/virsh -- gen_context(system_u:object_r:xm_exec_t,s0)
+
+ /usr/sbin/xenconsoled -- gen_context(system_u:object_r:xenconsoled_exec_t,s0)
+@@ -12,14 +14,18 @@
+ /var/lib/xend(/.*)? gen_context(system_u:object_r:xend_var_lib_t,s0)
+ /var/lib/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_lib_t,s0)
+
++/var/log/evtchnd\.log -- gen_context(system_u:object_r:evtchnd_var_log_t,s0)
+ /var/log/xen(/.*)? gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xen-hotplug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xend\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+ /var/log/xend-debug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
+
++/var/run/evtchnd\.pid -- gen_context(system_u:object_r:evtchnd_var_run_t,s0)
++/var/run/evtchnd -s gen_context(system_u:object_r:evtchnd_var_run_t,s0)
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.782
retrieving revision 1.783
diff -u -r1.782 -r1.783
--- selinux-policy.spec 23 Mar 2009 12:36:31 -0000 1.782
+++ selinux-policy.spec 25 Mar 2009 08:14:09 -0000 1.783
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 51%{?dist}
+Release: 52%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,9 @@
%endif
%changelog
+* Wed Mar 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-52
+- Allow hald_t to read/write ppp config
+
* Mon Mar 23 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-51
- Add LIRC policy
- Xenner fixes
More information about the fedora-extras-commits
mailing list