rpms/selinux-policy/devel policy-20060411.patch, 1.10, 1.11 selinux-policy.spec, 1.178, 1.179
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Apr 21 10:57:14 UTC 2006
- Previous message (by thread): rpms/hplip/devel hplip-0.9.10-2.patch, NONE, 1.1 hplip.spec, 1.72, 1.73 hplip-0.9.10-1.patch, 1.1, NONE hplip-strcasecmp.patch, 1.3, NONE
- Next message (by thread): rpms/hplip/FC-5 hplip-0.9.10-2.patch, NONE, 1.1 hplip.spec, 1.66, 1.67 hplip-0.9.10-1.patch, 1.1, NONE hplip-strcasecmp.patch, 1.3, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15386
Modified Files:
policy-20060411.patch selinux-policy.spec
Log Message:
* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
- Allow mono to chat with unconfined
policy-20060411.patch:
config/appconfig-strict-mls/default_type | 1
policy/modules/admin/netutils.te | 2 -
policy/modules/admin/usermanage.te | 1
policy/modules/apps/mono.te | 3 +-
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/domain.te | 1
policy/modules/kernel/files.if | 35 +++++++++++++++++++++++++++
policy/modules/kernel/filesystem.if | 6 ++--
policy/modules/kernel/kernel.te | 1
policy/modules/kernel/terminal.if | 2 -
policy/modules/services/cups.te | 1
policy/modules/services/pegasus.te | 8 ++++++
policy/modules/services/procmail.te | 2 -
policy/modules/services/samba.te | 2 -
policy/modules/system/authlogin.te | 2 +
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 18 +++-----------
policy/modules/system/logging.te | 4 +--
policy/modules/system/sysnetwork.te | 2 +
policy/modules/system/unconfined.if | 39 +++++++++++++++++++++++++++++++
policy/modules/system/userdomain.te | 24 +++++++++++++++++--
policy/modules/system/xen.if | 18 ++++++++++++++
policy/modules/system/xen.te | 1
policy/rolemap | 1
policy/users | 6 ++--
25 files changed, 153 insertions(+), 29 deletions(-)
Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20060411.patch 20 Apr 2006 19:32:26 -0000 1.10
+++ policy-20060411.patch 21 Apr 2006 10:57:09 -0000 1.11
@@ -29,6 +29,20 @@
userdom_manage_staff_home_dirs(useradd_t)
userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.34/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te 2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/apps/mono.te 2006-04-21 06:40:33.000000000 -0400
+@@ -20,8 +20,9 @@
+ ifdef(`targeted_policy',`
+ allow mono_t self:process { execheap execmem };
+ unconfined_domain_noaudit(mono_t)
+- role system_r types mono_t;
++ unconfined_dbus_chat(mono_t)
+
++ role system_r types mono_t;
+ init_dbus_chat_script(mono_t)
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-04-18 22:49:59.000000000 -0400
+++ serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc 2006-04-20 14:04:12.000000000 -0400
@@ -349,7 +363,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.34/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/unconfined.if 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/unconfined.if 2006-04-21 06:40:24.000000000 -0400
@@ -224,6 +224,24 @@
########################################
@@ -375,6 +389,34 @@
## Send generic signals to the unconfined domain.
## </summary>
## <param name="domain">
+@@ -363,6 +381,27 @@
+
+ ########################################
+ ## <summary>
++## Send and receive messages from
++## unconfined_t over dbus.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`unconfined_dbus_chat',`
++ gen_require(`
++ type unconfined_t;
++ class dbus send_msg;
++ ')
++
++ allow $1 unconfined_t:dbus send_msg;
++ allow unconfined_t $1:dbus send_msg;
++')
++
++########################################
++## <summary>
+ ## Add an alias type to the unconfined domain.
+ ## </summary>
+ ## <desc>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.34/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-04-20 08:17:40.000000000 -0400
+++ serefpolicy-2.2.34/policy/modules/system/userdomain.te 2006-04-20 14:04:12.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -r1.178 -r1.179
--- selinux-policy.spec 20 Apr 2006 19:32:44 -0000 1.178
+++ selinux-policy.spec 21 Apr 2006 10:57:09 -0000 1.179
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.34
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -330,6 +330,9 @@
%endif
%changelog
+* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
+- Allow mono to chat with unconfined
+
* Thu Apr 20 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-2
- Allow procmail to sendmail
- Allow nfs to share dosfs
- Previous message (by thread): rpms/hplip/devel hplip-0.9.10-2.patch, NONE, 1.1 hplip.spec, 1.72, 1.73 hplip-0.9.10-1.patch, 1.1, NONE hplip-strcasecmp.patch, 1.3, NONE
- Next message (by thread): rpms/hplip/FC-5 hplip-0.9.10-2.patch, NONE, 1.1 hplip.spec, 1.66, 1.67 hplip-0.9.10-1.patch, 1.1, NONE hplip-strcasecmp.patch, 1.3, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list