rpms/selinux-policy/F-10 policy-20080710.patch, 1.166, 1.167 selinux-policy.spec, 1.793, 1.794
Miroslav Grepl
mgrepl at fedoraproject.org
Fri May 15 08:05:31 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9973
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Fixes for kpropd
- Add /usr/share/selinux/packages
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -p -r1.166 -r1.167
--- policy-20080710.patch 7 May 2009 10:39:46 -0000 1.166
+++ policy-20080710.patch 15 May 2009 08:05:28 -0000 1.167
@@ -17476,7 +17476,7 @@ diff --exclude-from=exclude -N -u -r nsa
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.13/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-03-05 13:32:40.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-05-15 09:30:07.000000000 +0200
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -17510,7 +17510,15 @@ diff --exclude-from=exclude -N -u -r nsa
type ftpd_t;
type ftpd_exec_t;
init_daemon_domain(ftpd_t, ftpd_exec_t)
-@@ -158,8 +166,10 @@
+@@ -92,6 +100,7 @@
+ allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
+ allow ftpd_t self:tcp_socket create_stream_socket_perms;
+ allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:key manage_key_perms;
+
+ allow ftpd_t ftpd_etc_t:file read_file_perms;
+
+@@ -158,8 +167,10 @@
files_read_etc_runtime_files(ftpd_t)
files_search_var_lib(ftpd_t)
@@ -17521,7 +17529,7 @@ diff --exclude-from=exclude -N -u -r nsa
auth_use_nsswitch(ftpd_t)
auth_domtrans_chk_passwd(ftpd_t)
-@@ -226,8 +236,16 @@
+@@ -226,8 +237,16 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -17538,7 +17546,7 @@ diff --exclude-from=exclude -N -u -r nsa
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
fs_manage_nfs_files(ftpd_t)
fs_read_nfs_symlinks(ftpd_t)
-@@ -238,6 +256,11 @@
+@@ -238,6 +257,11 @@
fs_read_cifs_symlinks(ftpd_t)
')
@@ -17550,7 +17558,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
tunable_policy(`ftp_home_dir',`
apache_search_sys_content(ftpd_t)
-@@ -245,6 +268,18 @@
+@@ -245,6 +269,18 @@
')
optional_policy(`
@@ -17569,7 +17577,7 @@ diff --exclude-from=exclude -N -u -r nsa
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
-@@ -261,7 +296,9 @@
+@@ -261,7 +297,9 @@
')
optional_policy(`
@@ -17580,7 +17588,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -273,6 +310,14 @@
+@@ -273,6 +311,14 @@
')
optional_policy(`
@@ -18341,20 +18349,53 @@ diff --exclude-from=exclude -N -u -r nsa
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.5.13/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/kerberos.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -20,7 +20,7 @@
++++ serefpolicy-3.5.13/policy/modules/services/kerberos.fc 2009-05-15 09:29:04.000000000 +0200
+@@ -6,21 +6,23 @@
+ /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+
+ /etc/rc\.d/init\.d/kadmind -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+-/etc/rc\.d/init\.d/kpropd -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/kprop -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+
+ /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+ /usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
+ /usr/kerberos/sbin/kadmin\.local -- gen_context(system_u:object_r:kadmind_exec_t,s0)
++/usr/kerberos/sbin/kpropd -- gen_context(system_u:object_r:kpropd_exec_t,s0)
+
+ /usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+
/var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
/var/kerberos/krb5kdc/from_master.* gen_context(system_u:object_r:krb5kdc_lock_t,s0)
++/var/kerberos/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-/var/kerberos/krb5kdc/principal\.ok gen_context(system_u:object_r:krb5kdc_lock_t,s0)
-+/var/kerberos/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
++/var/kerberos/krb5kdc/principal.*\.ok gen_context(system_u:object_r:krb5kdc_lock_t,s0)
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.13/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/kerberos.te 2009-02-10 15:07:15.000000000 +0100
-@@ -298,6 +298,7 @@
++++ serefpolicy-3.5.13/policy/modules/services/kerberos.te 2009-05-15 09:15:30.000000000 +0200
+@@ -33,6 +33,7 @@
+ type kpropd_t;
+ type kpropd_exec_t;
+ init_daemon_domain(kpropd_t, kpropd_exec_t)
++domain_obj_id_change_exemption(kpropd_t)
+
+ type krb5_conf_t;
+ files_type(krb5_conf_t)
+@@ -289,6 +290,7 @@
+
+ allow kpropd_t krb5_keytab_t:file read_file_perms;
+
++manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
+ manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
+
+ corecmd_exec_bin(kpropd_t)
+@@ -298,6 +300,7 @@
corenet_tcp_sendrecv_all_nodes(kpropd_t)
corenet_tcp_sendrecv_all_ports(kpropd_t)
corenet_tcp_bind_all_nodes(kpropd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.793
retrieving revision 1.794
diff -u -p -r1.793 -r1.794
--- selinux-policy.spec 7 May 2009 10:39:48 -0000 1.793
+++ selinux-policy.spec 15 May 2009 08:05:30 -0000 1.794
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 59%{?dist}
+Release: 60%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -63,6 +63,7 @@ SELinux Base package
%dir %{_usr}/share/selinux/modules
%dir %{_usr}/share/selinux/devel
%dir %{_usr}/share/selinux/devel/include
+%dir %{_usr}/share/selinux/packages
%dir %{_sysconfdir}/selinux
%ghost %config(noreplace) %{_sysconfdir}/selinux/config
%ghost %{_sysconfdir}/sysconfig/selinux
@@ -248,6 +249,7 @@ make clean
make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
mkdir %{buildroot}%{_usr}/share/selinux/devel/
+mkdir %{buildroot}%{_usr}/share/selinux/packages/
mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
install -m 644 $RPM_SOURCE_DIR/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
@@ -460,6 +462,10 @@ exit 0
%endif
%changelog
+* Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-60
+- Fixes for kpropd
+- Add /usr/share/selinux/packages
+
* Thu May 7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-59
- Fix /sbin/ip6tables-save context
- Fix milter policy
More information about the fedora-extras-commits
mailing list