rpms/selinux-policy/devel policy-20090105.patch, 1.112, 1.113 selinux-policy.spec, 1.850, 1.851

Daniel J Walsh dwalsh at fedoraproject.org
Mon May 11 13:11:04 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31981

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Mon May 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-34
- Allow rpcd_t to send signals to kernel threads


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -p -r1.112 -r1.113
--- policy-20090105.patch	8 May 2009 17:12:28 -0000	1.112
+++ policy-20090105.patch	11 May 2009 13:11:03 -0000	1.113
@@ -6015,7 +6015,16 @@ diff -b -B --ignore-all-space --exclude-
  #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2009-05-08 11:48:52.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if	2009-05-11 08:03:38.000000000 -0400
+@@ -157,7 +157,7 @@
+ 		type kernel_t;
+ 	')
+ 
+-	allow kernel_t $1:process signal;
++	allow $1 kernel_t:process signal;
+ ')
+ 
+ ########################################
 @@ -1197,6 +1197,26 @@
  	')
  
@@ -20679,7 +20688,7 @@ diff -b -B --ignore-all-space --exclude-
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-05-04 12:28:35.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-05-11 09:09:05.000000000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -20689,7 +20698,13 @@ diff -b -B --ignore-all-space --exclude-
  
  rpc_domain_template(gssd)
  
-@@ -74,21 +74,33 @@
+@@ -69,26 +69,37 @@
+ kernel_read_sysctl(rpcd_t)
+ kernel_rw_fs_sysctls(rpcd_t)
+ kernel_dontaudit_getattr_core_if(rpcd_t)
++kernel_signal(rpcd_t) 
+ 
+ corecmd_exec_bin(rpcd_t)
  
  files_manage_mounttab(rpcd_t)
  
@@ -20701,8 +20716,6 @@ diff -b -B --ignore-all-space --exclude-
  
 +storage_getattr_fixed_disk_dev(rpcd_t)
 +
-+kernel_signal(rpcd_t) 
-+
  selinux_dontaudit_read_fs(rpcd_t)
  
  miscfiles_read_certs(rpcd_t)
@@ -20723,7 +20736,7 @@ diff -b -B --ignore-all-space --exclude-
  ########################################
  #
  # NFSD local policy
-@@ -116,8 +128,9 @@
+@@ -116,8 +127,9 @@
  # for exportfs and rpc.mountd
  files_getattr_tmp_dirs(nfsd_t) 
  # cjp: this should really have its own type
@@ -20734,7 +20747,7 @@ diff -b -B --ignore-all-space --exclude-
  fs_mount_nfsd_fs(nfsd_t) 
  fs_search_nfsd_fs(nfsd_t) 
  fs_getattr_all_fs(nfsd_t) 
-@@ -125,6 +138,7 @@
+@@ -125,6 +137,7 @@
  fs_rw_nfsd_fs(nfsd_t) 
  
  storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -20742,7 +20755,7 @@ diff -b -B --ignore-all-space --exclude-
  
  # Read access to public_content_t and public_content_rw_t
  miscfiles_read_public_files(nfsd_t)
-@@ -141,6 +155,7 @@
+@@ -141,6 +154,7 @@
  	fs_read_noxattr_fs_files(nfsd_t) 
  	auth_manage_all_files_except_shadow(nfsd_t)
  ')
@@ -20750,7 +20763,7 @@ diff -b -B --ignore-all-space --exclude-
  
  tunable_policy(`nfs_export_all_ro',`
  	dev_getattr_all_blk_files(nfsd_t)
-@@ -175,6 +190,7 @@
+@@ -175,6 +189,7 @@
  
  corecmd_exec_bin(gssd_t)
  
@@ -20758,7 +20771,7 @@ diff -b -B --ignore-all-space --exclude-
  fs_list_rpc(gssd_t) 
  fs_rw_rpc_sockets(gssd_t) 
  fs_read_rpc_files(gssd_t) 
-@@ -183,9 +199,12 @@
+@@ -183,9 +198,12 @@
  files_read_usr_symlinks(gssd_t) 
  
  auth_use_nsswitch(gssd_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.850
retrieving revision 1.851
diff -u -p -r1.850 -r1.851
--- selinux-policy.spec	8 May 2009 19:43:27 -0000	1.850
+++ selinux-policy.spec	11 May 2009 13:11:03 -0000	1.851
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 33%{?dist}
+Release: 34%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
 %endif
 
 %changelog
+* Mon May 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-34
+- Allow rpcd_t to send signals to kernel threads
+
 * Fri May 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-33
 - Fix upgrade for F10 to F11

More information about the fedora-extras-commits mailing list