rpms/selinux-policy/F-9 policy-20071130.patch, 1.266, 1.267 selinux-policy.spec, 1.748, 1.749
Miroslav Grepl
mgrepl at fedoraproject.org
Fri May 15 10:08:41 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14150
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
- Allow fptd_t to check its access to kernel key ring
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -p -r1.266 -r1.267
--- policy-20071130.patch 17 Apr 2009 14:24:07 -0000 1.266
+++ policy-20071130.patch 15 May 2009 10:08:33 -0000 1.267
@@ -651875,7 +651875,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te 2009-03-05 13:36:02.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te 2009-05-15 11:13:06.000000000 +0200
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -651918,7 +651918,15 @@ diff --exclude-from=exclude -N -u -r nsa
########################################
#
# ftpd local policy
-@@ -106,9 +116,10 @@
+@@ -89,6 +99,7 @@
+ allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
+ allow ftpd_t self:tcp_socket create_stream_socket_perms;
+ allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:key manage_key_perms;
+
+ allow ftpd_t ftpd_etc_t:file read_file_perms;
+
+@@ -106,9 +117,10 @@
manage_sock_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -651930,7 +651938,7 @@ diff --exclude-from=exclude -N -u -r nsa
# proftpd requires the client side to bind a socket so that
# it can stat the socket to perform access control decisions,
-@@ -123,6 +134,7 @@
+@@ -123,6 +135,7 @@
kernel_read_kernel_sysctls(ftpd_t)
kernel_read_system_state(ftpd_t)
@@ -651938,7 +651946,7 @@ diff --exclude-from=exclude -N -u -r nsa
dev_read_sysfs(ftpd_t)
dev_read_urand(ftpd_t)
-@@ -169,7 +181,9 @@
+@@ -169,7 +182,9 @@
libs_use_ld_so(ftpd_t)
libs_use_shared_libs(ftpd_t)
@@ -651948,7 +651956,7 @@ diff --exclude-from=exclude -N -u -r nsa
miscfiles_read_localization(ftpd_t)
miscfiles_read_public_files(ftpd_t)
-@@ -209,6 +223,11 @@
+@@ -209,6 +224,11 @@
auth_manage_all_files_except_shadow(ftpd_t)
')
@@ -651960,7 +651968,7 @@ diff --exclude-from=exclude -N -u -r nsa
tunable_policy(`ftp_home_dir',`
allow ftpd_t self:capability { dac_override dac_read_search };
-@@ -218,8 +237,16 @@
+@@ -218,8 +238,16 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -651977,7 +651985,7 @@ diff --exclude-from=exclude -N -u -r nsa
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
fs_manage_nfs_files(ftpd_t)
fs_read_nfs_symlinks(ftpd_t)
-@@ -237,6 +264,18 @@
+@@ -237,6 +265,18 @@
')
optional_policy(`
@@ -651996,7 +652004,7 @@ diff --exclude-from=exclude -N -u -r nsa
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
-@@ -253,7 +292,9 @@
+@@ -253,7 +293,9 @@
')
optional_policy(`
@@ -652007,7 +652015,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -265,6 +306,14 @@
+@@ -265,6 +307,14 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.748
retrieving revision 1.749
diff -u -p -r1.748 -r1.749
--- selinux-policy.spec 17 Apr 2009 14:24:09 -0000 1.748
+++ selinux-policy.spec 15 May 2009 10:08:37 -0000 1.749
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 132%{?dist}
+Release: 133%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
%endif
%changelog
+* Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-133
+- Allow fptd_t to check its access to kernel key ring
+
* Fri Apr 17 2009 Miroslav Grepl <mgrepl at redhat.com> 3.3.1-132
- Fix postfix-master policy
More information about the fedora-extras-commits
mailing list