rpms/selinux-policy/devel policy-20090105.patch, 1.112, 1.113 selinux-policy.spec, 1.850, 1.851
Daniel J Walsh
dwalsh at fedoraproject.org
Mon May 11 13:11:04 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31981
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Mon May 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-34
- Allow rpcd_t to send signals to kernel threads
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -p -r1.112 -r1.113
--- policy-20090105.patch 8 May 2009 17:12:28 -0000 1.112
+++ policy-20090105.patch 11 May 2009 13:11:03 -0000 1.113
@@ -6015,7 +6015,16 @@ diff -b -B --ignore-all-space --exclude-
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-05-08 11:48:52.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-05-11 08:03:38.000000000 -0400
+@@ -157,7 +157,7 @@
+ type kernel_t;
+ ')
+
+- allow kernel_t $1:process signal;
++ allow $1 kernel_t:process signal;
+ ')
+
+ ########################################
@@ -1197,6 +1197,26 @@
')
@@ -20679,7 +20688,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-05-04 12:28:35.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-05-11 09:09:05.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -20689,7 +20698,13 @@ diff -b -B --ignore-all-space --exclude-
rpc_domain_template(gssd)
-@@ -74,21 +74,33 @@
+@@ -69,26 +69,37 @@
+ kernel_read_sysctl(rpcd_t)
+ kernel_rw_fs_sysctls(rpcd_t)
+ kernel_dontaudit_getattr_core_if(rpcd_t)
++kernel_signal(rpcd_t)
+
+ corecmd_exec_bin(rpcd_t)
files_manage_mounttab(rpcd_t)
@@ -20701,8 +20716,6 @@ diff -b -B --ignore-all-space --exclude-
+storage_getattr_fixed_disk_dev(rpcd_t)
+
-+kernel_signal(rpcd_t)
-+
selinux_dontaudit_read_fs(rpcd_t)
miscfiles_read_certs(rpcd_t)
@@ -20723,7 +20736,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# NFSD local policy
-@@ -116,8 +128,9 @@
+@@ -116,8 +127,9 @@
# for exportfs and rpc.mountd
files_getattr_tmp_dirs(nfsd_t)
# cjp: this should really have its own type
@@ -20734,7 +20747,7 @@ diff -b -B --ignore-all-space --exclude-
fs_mount_nfsd_fs(nfsd_t)
fs_search_nfsd_fs(nfsd_t)
fs_getattr_all_fs(nfsd_t)
-@@ -125,6 +138,7 @@
+@@ -125,6 +137,7 @@
fs_rw_nfsd_fs(nfsd_t)
storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -20742,7 +20755,7 @@ diff -b -B --ignore-all-space --exclude-
# Read access to public_content_t and public_content_rw_t
miscfiles_read_public_files(nfsd_t)
-@@ -141,6 +155,7 @@
+@@ -141,6 +154,7 @@
fs_read_noxattr_fs_files(nfsd_t)
auth_manage_all_files_except_shadow(nfsd_t)
')
@@ -20750,7 +20763,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`nfs_export_all_ro',`
dev_getattr_all_blk_files(nfsd_t)
-@@ -175,6 +190,7 @@
+@@ -175,6 +189,7 @@
corecmd_exec_bin(gssd_t)
@@ -20758,7 +20771,7 @@ diff -b -B --ignore-all-space --exclude-
fs_list_rpc(gssd_t)
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
-@@ -183,9 +199,12 @@
+@@ -183,9 +198,12 @@
files_read_usr_symlinks(gssd_t)
auth_use_nsswitch(gssd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.850
retrieving revision 1.851
diff -u -p -r1.850 -r1.851
--- selinux-policy.spec 8 May 2009 19:43:27 -0000 1.850
+++ selinux-policy.spec 11 May 2009 13:11:03 -0000 1.851
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 33%{?dist}
+Release: 34%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
%endif
%changelog
+* Mon May 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-34
+- Allow rpcd_t to send signals to kernel threads
+
* Fri May 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-33
- Fix upgrade for F10 to F11
More information about the fedora-extras-commits
mailing list