rpms/selinux-policy/FC-5 modules-strict.conf, 1.7, 1.8 selinux-policy.spec, 1.160, 1.161
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Apr 4 09:41:08 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv6554
Modified Files:
modules-strict.conf selinux-policy.spec
Log Message:
* Tue Apr 4 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-3
- Bump for fc5
Index: modules-strict.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/modules-strict.conf,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- modules-strict.conf 20 Feb 2006 22:11:40 -0000 1.7
+++ modules-strict.conf 4 Apr 2006 09:41:05 -0000 1.8
@@ -20,6 +20,14 @@
terminal = base
# Layer: kernel
+# Module: mcs
+# Required in base
+#
+# Multicategory security policy
+#
+mcs = base
+
+# Layer: kernel
# Module: files
# Required in base
#
@@ -81,17 +89,9 @@
# Module: mls
# Required in base
#
-# MultiCategory security policy
-#
-mls = base
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
# Multilevel security policy
#
-mcs = base
+mls = base
# Layer: kernel
# Module: selinux
@@ -144,6 +144,13 @@
kudzu = module
# Layer: admin
+# Module: bootloader
+#
+# Policy for the kernel modules, kernel image, and bootloader.
+#
+bootloader = base
+
+# Layer: admin
# Module: updfstab
#
# Red Hat utility to change /etc/fstab.
@@ -155,7 +162,7 @@
#
# Network analysis utilities
#
-netutils = module
+netutils = base
# Layer: admin
# Module: alsa
@@ -187,6 +194,13 @@
su = module
# Layer: admin
+# Module: apt
+#
+# APT advanced package toll.
+#
+apt = module
+
+# Layer: admin
# Module: dmesg
#
# Policy for dmesg.
@@ -201,6 +215,13 @@
anaconda = module
# Layer: admin
+# Module: dpkg
+#
+# Policy for the Debian package manager.
+#
+dpkg = off
+
+# Layer: admin
# Module: amanda
#
# Automated backup program.
@@ -279,6 +300,13 @@
tmpreaper = module
# Layer: admin
+# Module: mrtg
+#
+# Network traffic graphing
+#
+mrtg = module
+
+# Layer: admin
# Module: dmidecode
#
# Decode DMI data for x86/ia64 bioses.
@@ -292,6 +320,27 @@
#
logwatch = module
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+#
+storage = base
+
+# Layer: apps
+# Module: evolution
+#
+# Evolution email client
+#
+evolution = module
+
+# Layer: apps
+# Module: mozilla
+#
+# Policy for Mozilla and related web browsers
+#
+mozilla = module
+
# Layer: apps
# Module: irc
#
@@ -321,6 +370,13 @@
gpg = module
# Layer: apps
+# Module: thunderbird
+#
+# Thunderbird email client
+#
+thunderbird = module
+
+# Layer: apps
# Module: wine
#
# Wine Is Not an Emulator. Run Windows programs in Linux.
@@ -342,6 +398,20 @@
screen = module
# Layer: apps
+# Module: calamaris
+#
+# Squid log analysis
+#
+calamaris = module
+
+# Layer: apps
+# Module: tvtime
+#
+# tvtime - a high quality television application
+#
+tvtime = module
+
+# Layer: apps
# Module: java
#
# Java virtual machine
@@ -349,6 +419,13 @@
java = module
# Layer: apps
+# Module: uml
+#
+# Policy for UML
+#
+uml = module
+
+# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
@@ -356,6 +433,13 @@
cdrecord = module
# Layer: apps
+# Module: mplayer
+#
+# Mplayer media player and encoder
+#
+mplayer = module
+
+# Layer: apps
# Module: webalizer
#
# Web server log analysis
@@ -363,6 +447,13 @@
webalizer = module
# Layer: apps
+# Module: ethereal
+#
+# Ethereal packet capture tool.
+#
+ethereal = module
+
+# Layer: apps
# Module: userhelper
#
# SELinux utility to run a shell with a new role
@@ -370,6 +461,13 @@
userhelper = module
# Layer: apps
+# Module: games
+#
+# Games
+#
+games = module
+
+# Layer: apps
# Module: mono
#
# Run .NET server and client applications on Linux.
@@ -383,19 +481,181 @@
#
slocate = module
-# Layer: kernel
-# Module: bootloader
+# Layer: system
+# Module: xen
#
-# Policy for the kernel modules, kernel image, and bootloader.
+# Xen hypervisor
#
-bootloader = module
+xen = module
-# Layer: kernel
-# Module: storage
+# Layer: system
+# Module: fstools
#
-# Policy controlling access to storage devices
+# Tools for filesystem management, such as mkfs and fsck.
#
-storage = module
+fstools = base
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+#
+logging = base
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+#
+hostname = module
+
+# Layer: system
+# Module: daemontools
+#
+# Collection of tools for managing UNIX services
+#
+daemontools = module
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+#
+getty = module
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+#
+lvm = base
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+#
+sysnetwork = base
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+#
+init = base
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+#
+selinuxutil = base
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+#
+udev = base
+
+# Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services
+#
+pcmcia = module
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+#
+authlogin = base
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+#
+libraries = base
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+#
+raid = module
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+#
+userdomain = base
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+#
+modutils = base
+
+# Layer: system
+# Module: hotplug
+#
+# Policy for hotplug system, for supporting the
+# connection and disconnection of devices at runtime.
+#
+hotplug = base
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+#
+clock = base
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+#
+locallogin = base
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+#
+iptables = module
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+#
+mount = base
+
+# Layer: system
+# Module: unconfined
+#
+# The unconfined domain.
+#
+unconfined = module
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+#
+miscfiles = base
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+#
+ipsec = module
# Layer: services
# Module: nis
@@ -412,6 +672,13 @@
distcc = module
# Layer: services
+# Module: tor
+#
+# TOR, the onion router
+#
+tor = module
+
+# Layer: services
# Module: rshd
#
# Remote shell service.
@@ -433,6 +700,13 @@
bind = module
# Layer: services
+# Module: cipe
+#
+# Encrypted tunnel daemon
+#
+cipe = module
+
+# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
@@ -624,6 +898,14 @@
dovecot = module
# Layer: services
+# Module: amavis
+#
+# Daemon that interfaces mail transfer agents and content
+# checkers, such as virus scanners.
+#
+amavis = module
+
+# Layer: services
# Module: cups
#
# Common UNIX printing system
@@ -715,13 +997,6 @@
rdisc = module
# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = module
-
-# Layer: services
# Module: nscd
#
# Name service cache daemon
@@ -757,11 +1032,25 @@
gpm = module
# Layer: services
+# Module: audioentropy
+#
+# Generate entropy from audio input
+#
+audioentropy = module
+
+# Layer: services
# Module: mta
#
# Policy common to all email tranfer agents.
#
-mta = module
+mta = base
+
+# Layer: services
+# Module: rhgb
+#
+# Red Hat Graphical Boot
+#
+rhgb = module
# Layer: services
# Module: postfix
@@ -834,6 +1123,13 @@
slrnpull = module
# Layer: services
+# Module: clamav
+#
+# ClamAV Virus Scanner
+#
+clamav = module
+
+# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
@@ -966,179 +1262,3 @@
#
rlogin = module
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = module
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = module
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-#
-hostname = module
-
-# Layer: system
-# Module: daemontools
-#
-# Collection of tools for managing UNIX services
-#
-daemontools = module
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = module
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = module
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = module
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = module
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-#
-pcmcia = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = base
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = base
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-#
-raid = module
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = module
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = module
-
-# Layer: system
-# Module: hotplug
-#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
-#
-hotplug = module
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = module
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = module
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = module
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-#
-mount = module
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-#
-unconfined = module
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = module
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-#
-ipsec = module
-
-# Layer: admin
-# Module: mrtg
-#
-# System log analyzer and reporter
-#
-mrtg = module
-
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/selinux-policy.spec,v
retrieving revision 1.160
retrieving revision 1.161
diff -u -r1.160 -r1.161
--- selinux-policy.spec 4 Apr 2006 09:24:00 -0000 1.160
+++ selinux-policy.spec 4 Apr 2006 09:41:05 -0000 1.161
@@ -1,16 +1,22 @@
%define distro redhat
%define polyinstatiate n
%define monolithic n
-%define BUILD_STRICT 0
-%define BUILD_TARGETED 0
+%if %{?BUILD_STRICT:0}%{!?BUILD_STRICT:1}
+%define BUILD_STRICT 1
+%endif
+%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
+%define BUILD_TARGETED 1
+%endif
+%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
%define BUILD_MLS 1
+%endif
%define POLICYVER 20
%define POLICYCOREUTILSVER 1.30-1
-%define CHECKPOLICYVER 1.30.3-1
+%define CHECKPOLICYVER 1.30.3-2
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.29
-Release: 2.fc5
+Release: 3.fc5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -143,7 +149,7 @@
%prep
%setup -q -n serefpolicy-%{version}
%patch -p1
-
+
%install
# Build targeted policy
%{__rm} -fR $RPM_BUILD_ROOT
@@ -166,45 +172,31 @@
echo "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp
chmod +x ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp
+%if %{BUILD_TARGETED}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-
-
-
%setupCmds targeted targeted-mcs y n
%installCmds targeted targeted-mcs y n
+%endif
+%if %{BUILD_STRICT}
# Build strict policy
# Commented out because only targeted ref policy currently builds
make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n bare
make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n conf
+cp -f ${RPM_SOURCE_DIR}/modules-strict.conf ./policy/modules.conf
%installCmds strict strict-mcs y n
+%endif
+%if %{BUILD_MLS}
# Build mls policy
%setupCmds mls strict-mls n y
%installCmds mls strict-mls n y
+%endif
%clean
%{__rm} -fR $RPM_BUILD_ROOT
-%package targeted
-Summary: SELinux targeted base policy
-Group: System Environment/Base
-Provides: selinux-policy-base
-Obsoletes: selinux-policy-targeted-sources
-Prereq: policycoreutils >= %{POLICYCOREUTILSVER}
-Prereq: coreutils
-Prereq: selinux-policy = %{version}-%{release}
-
-%description targeted
-SELinux Reference policy targeted base module.
-
-%files targeted
-%fileList targeted
-
-%pre targeted
-%saveFileContext targeted
-
%post
if [ ! -s /etc/selinux/config ]; then
#
@@ -240,6 +232,22 @@
">> /etc/selinux/config
fi
+%if %{BUILD_TARGETED}
+%package targeted
+Summary: SELinux targeted base policy
+Group: System Environment/Base
+Provides: selinux-policy-base
+Obsoletes: selinux-policy-targeted-sources
+Prereq: policycoreutils >= %{POLICYCOREUTILSVER}
+Prereq: coreutils
+Prereq: selinux-policy = %{version}-%{release}
+
+%description targeted
+SELinux Reference policy targeted base module.
+
+%pre targeted
+%saveFileContext targeted
+
%post targeted
%rebuildpolicy targeted
%relabel targeted
@@ -247,6 +255,12 @@
%triggerpostun targeted -- selinux-policy-targeted <= 2.0.7
%rebuildpolicy targeted
+%files targeted
+%fileList targeted
+
+%endif
+
+%if %{BUILD_MLS}
%package mls
Summary: SELinux mls base policy
Group: System Environment/Base
@@ -273,6 +287,10 @@
%files mls
%fileList mls
+%endif
+
+%if %{BUILD_STRICT}
+
%package strict
Summary: SELinux strict base policy
Group: System Environment/Base
@@ -299,21 +317,43 @@
%files strict
%fileList strict
+%endif
+
%changelog
-* Mon Mar 30 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-2.fc5
-- Rebuild for FC5
+* Tue Apr 4 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-3
+- Bump for fc5
+
+* Mon Apr 3 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-3
+- Get auditctl working in MLS policy
-* Mon Mar 30 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-2
+* Mon Apr 3 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-2
- Add mono dbus support
- Lots of file_context fixes for textrel_shlib_t in FC5
- Turn off execmem auditallow since they are filling log files
-- Allow mono to dbus with networkmanager
-- Don't transition to ping from unconfined.
-- Fixes for getty-fax
+
+* Fri Mar 30 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-1
+- Update to upstream
+
+* Thu Mar 30 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-3
+- Allow automount and dbus to read cert files
+
+* Thu Mar 30 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-2
+- Fix ftp policy
+- Fix secadm running of auditctl
+
+* Mon Mar 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.28-1
+- Update to upstream
+
+* Wed Mar 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.27-1
+- Update to upstream
* Wed Mar 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.25-3.fc5
+- Bump for fc5
- Fixes for hplip and klogd
+* Wed Mar 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.25-3
+- Fix policyhelp
+
* Wed Mar 22 2006 Dan Walsh <dwalsh at redhat.com> 2.2.25-2.fc5
- Rebuild for FC5
More information about the fedora-cvs-commits
mailing list