rpms/selinux-policy/F-12 policy-F12.patch,1.140,1.141
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 24 23:53:23 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31165
Modified Files:
policy-F12.patch
Log Message:
* Tue Nov 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-50
- Allow modemmanager sys_admin
policy-F12.patch:
Makefile | 2
policy/flask/access_vectors | 1
policy/global_tunables | 24
policy/mcs | 10
policy/modules/admin/alsa.te | 2
policy/modules/admin/anaconda.te | 3
policy/modules/admin/brctl.te | 2
policy/modules/admin/certwatch.te | 2
policy/modules/admin/consoletype.te | 1
policy/modules/admin/dmesg.fc | 2
policy/modules/admin/dmesg.te | 10
policy/modules/admin/firstboot.te | 6
policy/modules/admin/kismet.fc | 2
policy/modules/admin/kismet.te | 9
policy/modules/admin/logrotate.te | 21
policy/modules/admin/logwatch.te | 1
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/ntop.fc | 5
policy/modules/admin/ntop.if | 158 +
policy/modules/admin/ntop.te | 40
policy/modules/admin/portage.te | 2
policy/modules/admin/prelink.fc | 1
policy/modules/admin/prelink.if | 4
policy/modules/admin/prelink.te | 74
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 20
policy/modules/admin/rpm.if | 345 ++
policy/modules/admin/rpm.te | 98
policy/modules/admin/shorewall.fc | 3
policy/modules/admin/shorewall.if | 40
policy/modules/admin/shorewall.te | 2
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 66
policy/modules/admin/sudo.if | 13
policy/modules/admin/tmpreaper.te | 9
policy/modules/admin/tzdata.te | 2
policy/modules/admin/usermanage.if | 11
policy/modules/admin/usermanage.te | 35
policy/modules/admin/vbetool.te | 14
policy/modules/admin/vpn.te | 2
policy/modules/apps/calamaris.te | 7
policy/modules/apps/chrome.fc | 2
policy/modules/apps/chrome.if | 86
policy/modules/apps/chrome.te | 78
policy/modules/apps/cpufreqselector.te | 2
policy/modules/apps/execmem.fc | 41
policy/modules/apps/execmem.if | 80
policy/modules/apps/execmem.te | 11
policy/modules/apps/firewallgui.fc | 3
policy/modules/apps/firewallgui.if | 3
policy/modules/apps/firewallgui.te | 64
policy/modules/apps/gitosis.if | 45
policy/modules/apps/gnome.fc | 12
policy/modules/apps/gnome.if | 170 +
policy/modules/apps/gnome.te | 99
policy/modules/apps/gpg.te | 20
policy/modules/apps/java.fc | 24
policy/modules/apps/java.if | 114
policy/modules/apps/java.te | 19
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 67
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 52
policy/modules/apps/livecd.te | 27
policy/modules/apps/loadkeys.te | 6
policy/modules/apps/mono.fc | 2
policy/modules/apps/mono.if | 101
policy/modules/apps/mono.te | 9
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 68
policy/modules/apps/mozilla.te | 23
policy/modules/apps/nsplugin.fc | 11
policy/modules/apps/nsplugin.if | 323 ++
policy/modules/apps/nsplugin.te | 295 +
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 93
policy/modules/apps/openoffice.te | 11
policy/modules/apps/podsleuth.te | 3
policy/modules/apps/ptchown.if | 25
policy/modules/apps/pulseaudio.if | 2
policy/modules/apps/pulseaudio.te | 13
policy/modules/apps/qemu.fc | 4
policy/modules/apps/qemu.if | 189 +
policy/modules/apps/qemu.te | 84
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 60
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 188 +
policy/modules/apps/sandbox.te | 331 ++
policy/modules/apps/screen.if | 7
policy/modules/apps/sectoolm.fc | 6
policy/modules/apps/sectoolm.if | 3
policy/modules/apps/sectoolm.te | 120
policy/modules/apps/selinux-policy-3.6.32-41.fc12.noarch.rpm |binary
policy/modules/apps/seunshare.fc | 2
policy/modules/apps/seunshare.if | 81
policy/modules/apps/seunshare.te | 43
policy/modules/apps/vmware.te | 1
policy/modules/apps/wine.fc | 24
policy/modules/apps/wine.if | 115
policy/modules/apps/wine.te | 34
policy/modules/kernel/corecommands.fc | 32
policy/modules/kernel/corecommands.if | 21
policy/modules/kernel/corenetwork.te.in | 45
policy/modules/kernel/devices.fc | 13
policy/modules/kernel/devices.if | 255 +
policy/modules/kernel/devices.te | 25
policy/modules/kernel/domain.if | 151 -
policy/modules/kernel/domain.te | 89
policy/modules/kernel/files.fc | 3
policy/modules/kernel/files.if | 379 ++
policy/modules/kernel/files.te | 6
policy/modules/kernel/filesystem.fc | 2
policy/modules/kernel/filesystem.if | 252 +
policy/modules/kernel/filesystem.te | 14
policy/modules/kernel/kernel.if | 98
policy/modules/kernel/kernel.te | 32
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/storage.fc | 2
policy/modules/kernel/storage.if | 3
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 44
policy/modules/kernel/terminal.te | 1
policy/modules/roles/guest.te | 8
policy/modules/roles/staff.te | 126
policy/modules/roles/sysadm.te | 126
policy/modules/roles/unconfineduser.fc | 8
policy/modules/roles/unconfineduser.if | 638 ++++
policy/modules/roles/unconfineduser.te | 431 ++
policy/modules/roles/unprivuser.te | 127
policy/modules/roles/xguest.te | 74
policy/modules/services/abrt.fc | 6
policy/modules/services/abrt.if | 102
policy/modules/services/abrt.te | 87
policy/modules/services/afs.fc | 1
policy/modules/services/afs.te | 3
policy/modules/services/aisexec.fc | 12
policy/modules/services/aisexec.if | 106
policy/modules/services/aisexec.te | 112
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 50
policy/modules/services/apache.if | 410 +-
policy/modules/services/apache.te | 451 ++-
policy/modules/services/apm.te | 6
policy/modules/services/arpwatch.te | 2
policy/modules/services/asterisk.if | 21
policy/modules/services/asterisk.te | 4
policy/modules/services/automount.te | 2
policy/modules/services/avahi.te | 3
policy/modules/services/bind.if | 40
policy/modules/services/bitlbee.te | 2
policy/modules/services/bluetooth.if | 21
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.te | 33
policy/modules/services/certmaster.te | 2
policy/modules/services/chronyd.fc | 11
policy/modules/services/chronyd.if | 105
policy/modules/services/chronyd.te | 67
policy/modules/services/clamav.te | 16
policy/modules/services/clogd.fc | 4
policy/modules/services/clogd.if | 98
policy/modules/services/clogd.te | 62
policy/modules/services/cobbler.fc | 2
policy/modules/services/cobbler.if | 44
policy/modules/services/cobbler.te | 5
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 23
policy/modules/services/corosync.fc | 13
policy/modules/services/corosync.if | 108
policy/modules/services/corosync.te | 109
policy/modules/services/courier.if | 18
policy/modules/services/courier.te | 1
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 74
policy/modules/services/cron.te | 82
policy/modules/services/cups.fc | 13
policy/modules/services/cups.te | 44
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 47
policy/modules/services/dbus.te | 25
policy/modules/services/dcc.te | 8
policy/modules/services/ddclient.if | 25
policy/modules/services/devicekit.fc | 2
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 60
policy/modules/services/dnsmasq.te | 12
policy/modules/services/dovecot.te | 24
policy/modules/services/exim.te | 5
policy/modules/services/fail2ban.te | 2
policy/modules/services/fetchmail.te | 3
policy/modules/services/fprintd.te | 4
policy/modules/services/ftp.te | 60
policy/modules/services/git.fc | 8
policy/modules/services/git.if | 286 +
policy/modules/services/git.te | 166 +
policy/modules/services/gpm.te | 3
policy/modules/services/gpsd.fc | 5
policy/modules/services/gpsd.if | 27
policy/modules/services/gpsd.te | 14
policy/modules/services/hal.fc | 1
policy/modules/services/hal.if | 18
policy/modules/services/hal.te | 49
policy/modules/services/howl.te | 2
policy/modules/services/inetd.fc | 2
policy/modules/services/inetd.te | 4
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.if | 6
policy/modules/services/kerberos.te | 16
policy/modules/services/kerneloops.te | 2
policy/modules/services/ktalk.te | 1
policy/modules/services/lircd.fc | 2
policy/modules/services/lircd.if | 9
policy/modules/services/lircd.te | 23
policy/modules/services/mailman.te | 4
policy/modules/services/memcached.te | 2
policy/modules/services/milter.if | 2
policy/modules/services/modemmanager.te | 4
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 13
policy/modules/services/mta.te | 36
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 9
policy/modules/services/nagios.fc | 20
policy/modules/services/nagios.if | 89
policy/modules/services/nagios.te | 106
policy/modules/services/networkmanager.fc | 15
policy/modules/services/networkmanager.if | 65
policy/modules/services/networkmanager.te | 117
policy/modules/services/nis.fc | 5
policy/modules/services/nis.if | 87
policy/modules/services/nis.te | 13
policy/modules/services/nscd.if | 18
policy/modules/services/nscd.te | 17
policy/modules/services/nslcd.if | 8
policy/modules/services/ntp.if | 46
policy/modules/services/ntp.te | 8
policy/modules/services/nut.fc | 15
policy/modules/services/nut.if | 82
policy/modules/services/nut.te | 138
policy/modules/services/nx.fc | 4
policy/modules/services/nx.if | 67
policy/modules/services/nx.te | 13
policy/modules/services/oddjob.if | 1
policy/modules/services/openvpn.te | 2
policy/modules/services/pcscd.if | 3
policy/modules/services/pcscd.te | 4
policy/modules/services/pegasus.te | 28
policy/modules/services/plymouth.fc | 5
policy/modules/services/plymouth.if | 286 +
policy/modules/services/plymouth.te | 101
policy/modules/services/policykit.fc | 5
policy/modules/services/policykit.if | 48
policy/modules/services/policykit.te | 64
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 150 -
policy/modules/services/postfix.te | 142
policy/modules/services/postgresql.fc | 16
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 9
policy/modules/services/ppp.if | 6
policy/modules/services/ppp.te | 16
policy/modules/services/prelude.te | 3
policy/modules/services/privoxy.fc | 3
policy/modules/services/privoxy.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47
policy/modules/services/pyzor.te | 37
policy/modules/services/radvd.te | 1
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rgmanager.fc | 8
policy/modules/services/rgmanager.if | 59
policy/modules/services/rgmanager.te | 83
policy/modules/services/rhcs.fc | 22
policy/modules/services/rhcs.if | 348 ++
policy/modules/services/rhcs.te | 394 ++
policy/modules/services/ricci.te | 30
policy/modules/services/rpc.if | 7
policy/modules/services/rpc.te | 17
policy/modules/services/rpcbind.if | 20
policy/modules/services/rpcbind.te | 1
policy/modules/services/rsync.te | 23
policy/modules/services/rtkit.if | 20
policy/modules/services/rtkit.te | 4
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 104
policy/modules/services/samba.te | 89
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 137
policy/modules/services/sendmail.te | 87
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 123
policy/modules/services/setroubleshoot.te | 82
policy/modules/services/smartmon.te | 15
policy/modules/services/snmp.if | 38
policy/modules/services/snmp.te | 4
policy/modules/services/snort.te | 1
policy/modules/services/spamassassin.fc | 15
policy/modules/services/spamassassin.if | 89
policy/modules/services/spamassassin.te | 139
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 206 +
policy/modules/services/ssh.te | 155 -
policy/modules/services/sssd.fc | 5
policy/modules/services/sssd.if | 62
policy/modules/services/sssd.te | 14
policy/modules/services/sysstat.te | 5
policy/modules/services/tftp.fc | 2
policy/modules/services/tuned.fc | 6
policy/modules/services/tuned.if | 140
policy/modules/services/tuned.te | 58
policy/modules/services/uucp.te | 10
policy/modules/services/virt.fc | 13
policy/modules/services/virt.if | 210 +
policy/modules/services/virt.te | 274 +
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 43
policy/modules/services/xserver.if | 625 +++-
policy/modules/services/xserver.te | 358 ++
policy/modules/system/application.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 9
policy/modules/system/authlogin.if | 207 +
policy/modules/system/authlogin.te | 10
policy/modules/system/fstools.fc | 3
policy/modules/system/fstools.te | 7
policy/modules/system/init.fc | 7
policy/modules/system/init.if | 163 +
policy/modules/system/init.te | 290 +
policy/modules/system/ipsec.fc | 7
policy/modules/system/ipsec.if | 25
policy/modules/system/ipsec.te | 66
policy/modules/system/iptables.fc | 17
policy/modules/system/iptables.if | 97
policy/modules/system/iptables.te | 20
policy/modules/system/iscsi.if | 40
policy/modules/system/iscsi.te | 6
policy/modules/system/kdump.te | 5
policy/modules/system/libraries.fc | 179 -
policy/modules/system/libraries.if | 5
policy/modules/system/libraries.te | 18
policy/modules/system/locallogin.te | 30
policy/modules/system/logging.fc | 12
policy/modules/system/logging.if | 18
policy/modules/system/logging.te | 38
policy/modules/system/lvm.if | 39
policy/modules/system/lvm.te | 29
policy/modules/system/miscfiles.fc | 3
policy/modules/system/miscfiles.if | 80
policy/modules/system/miscfiles.te | 3
policy/modules/system/modutils.fc | 1
policy/modules/system/modutils.if | 46
policy/modules/system/modutils.te | 56
policy/modules/system/mount.fc | 7
policy/modules/system/mount.if | 2
policy/modules/system/mount.te | 83
policy/modules/system/raid.fc | 2
policy/modules/system/raid.te | 8
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 309 ++
policy/modules/system/selinuxutil.te | 229 -
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 117
policy/modules/system/sysnetwork.te | 77
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 39
policy/modules/system/udev.te | 39
policy/modules/system/unconfined.fc | 15
policy/modules/system/unconfined.if | 443 ---
policy/modules/system/unconfined.te | 224 -
policy/modules/system/userdomain.fc | 6
policy/modules/system/userdomain.if | 1624 ++++++++---
policy/modules/system/userdomain.te | 47
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 28
policy/modules/system/xen.te | 137
policy/support/obj_perm_sets.spt | 14
policy/users | 13
390 files changed, 19402 insertions(+), 2786 deletions(-)
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/policy-F12.patch,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -p -r1.140 -r1.141
--- policy-F12.patch 24 Nov 2009 23:16:46 -0000 1.140
+++ policy-F12.patch 24 Nov 2009 23:53:22 -0000 1.141
@@ -14346,7 +14346,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.32/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-09-16 10:01:19.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/dbus.if 2009-10-05 08:30:03.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/dbus.if 2009-11-24 18:22:22.000000000 -0500
@@ -42,8 +42,10 @@
gen_require(`
class dbus { send_msg acquire_svc };
@@ -14412,8 +14412,7 @@ diff -b -B --ignore-all-space --exclude-
')
# SE-DBus specific permissions
-- allow $1 { system_dbusd_t self }:dbus send_msg;
-+ allow $1 { system_dbusd_t self dbusd_unconfined }:dbus send_msg;
+ allow $1 { system_dbusd_t self }:dbus send_msg;
+ allow { system_dbusd_t dbusd_unconfined } $1:dbus send_msg;
read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
More information about the fedora-extras-commits
mailing list