rpms/selinux-policy/F-9 policy-20071130.patch, 1.266, 1.267 selinux-policy.spec, 1.748, 1.749

Miroslav Grepl mgrepl at fedoraproject.org
Fri May 15 10:08:41 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14150

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
- Allow fptd_t to check its access to kernel key ring



policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -p -r1.266 -r1.267
--- policy-20071130.patch	17 Apr 2009 14:24:07 -0000	1.266
+++ policy-20071130.patch	15 May 2009 10:08:33 -0000	1.267
@@ -651875,7 +651875,7 @@ diff --exclude-from=exclude -N -u -r nsa
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-03-05 13:36:02.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-05-15 11:13:06.000000000 +0200
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -651918,7 +651918,15 @@ diff --exclude-from=exclude -N -u -r nsa
  ########################################
  #
  # ftpd local policy
-@@ -106,9 +116,10 @@
+@@ -89,6 +99,7 @@
+ allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
+ allow ftpd_t self:tcp_socket create_stream_socket_perms;
+ allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:key manage_key_perms;
+ 
+ allow ftpd_t ftpd_etc_t:file read_file_perms;
+ 
+@@ -106,9 +117,10 @@
  manage_sock_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
  fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
  
@@ -651930,7 +651938,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  # proftpd requires the client side to bind a socket so that
  # it can stat the socket to perform access control decisions,
-@@ -123,6 +134,7 @@
+@@ -123,6 +135,7 @@
  
  kernel_read_kernel_sysctls(ftpd_t)
  kernel_read_system_state(ftpd_t)
@@ -651938,7 +651946,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  dev_read_sysfs(ftpd_t)
  dev_read_urand(ftpd_t)
-@@ -169,7 +181,9 @@
+@@ -169,7 +182,9 @@
  libs_use_ld_so(ftpd_t)
  libs_use_shared_libs(ftpd_t)
  
@@ -651948,7 +651956,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  miscfiles_read_localization(ftpd_t)
  miscfiles_read_public_files(ftpd_t)
-@@ -209,6 +223,11 @@
+@@ -209,6 +224,11 @@
  	auth_manage_all_files_except_shadow(ftpd_t)
  ')
  
@@ -651960,7 +651968,7 @@ diff --exclude-from=exclude -N -u -r nsa
  tunable_policy(`ftp_home_dir',`
  	allow ftpd_t self:capability { dac_override dac_read_search };
  
-@@ -218,8 +237,16 @@
+@@ -218,8 +238,16 @@
  	userdom_manage_all_users_home_content_dirs(ftpd_t)
  	userdom_manage_all_users_home_content_files(ftpd_t)
  	userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -651977,7 +651985,7 @@ diff --exclude-from=exclude -N -u -r nsa
  tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
  	fs_manage_nfs_files(ftpd_t)
  	fs_read_nfs_symlinks(ftpd_t)
-@@ -237,6 +264,18 @@
+@@ -237,6 +265,18 @@
  ')
  
  optional_policy(`
@@ -651996,7 +652004,7 @@ diff --exclude-from=exclude -N -u -r nsa
  	corecmd_exec_shell(ftpd_t)
  
  	files_read_usr_files(ftpd_t)
-@@ -253,7 +292,9 @@
+@@ -253,7 +293,9 @@
  ')
  
  optional_policy(`
@@ -652007,7 +652015,7 @@ diff --exclude-from=exclude -N -u -r nsa
  ')
  
  optional_policy(`
-@@ -265,6 +306,14 @@
+@@ -265,6 +307,14 @@
  ')
  
  optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.748
retrieving revision 1.749
diff -u -p -r1.748 -r1.749
--- selinux-policy.spec	17 Apr 2009 14:24:09 -0000	1.748
+++ selinux-policy.spec	15 May 2009 10:08:37 -0000	1.749
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 132%{?dist}
+Release: 133%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-133
+- Allow fptd_t to check its access to kernel key ring
+
 * Fri Apr 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-132
 - Fix postfix-master policy

More information about the fedora-extras-commits mailing list