rpms/selinux-policy/devel policy-20060411.patch, 1.10, 1.11 selinux-policy.spec, 1.178, 1.179

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Apr 21 10:57:14 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15386

Modified Files:
	policy-20060411.patch selinux-policy.spec 
Log Message:
* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
- Allow mono to chat with unconfined


policy-20060411.patch:
 config/appconfig-strict-mls/default_type |    1 
 policy/modules/admin/netutils.te         |    2 -
 policy/modules/admin/usermanage.te       |    1 
 policy/modules/apps/mono.te              |    3 +-
 policy/modules/kernel/corecommands.fc    |    1 
 policy/modules/kernel/domain.te          |    1 
 policy/modules/kernel/files.if           |   35 +++++++++++++++++++++++++++
 policy/modules/kernel/filesystem.if      |    6 ++--
 policy/modules/kernel/kernel.te          |    1 
 policy/modules/kernel/terminal.if        |    2 -
 policy/modules/services/cups.te          |    1 
 policy/modules/services/pegasus.te       |    8 ++++++
 policy/modules/services/procmail.te      |    2 -
 policy/modules/services/samba.te         |    2 -
 policy/modules/system/authlogin.te       |    2 +
 policy/modules/system/init.te            |    1 
 policy/modules/system/libraries.fc       |   18 +++-----------
 policy/modules/system/logging.te         |    4 +--
 policy/modules/system/sysnetwork.te      |    2 +
 policy/modules/system/unconfined.if      |   39 +++++++++++++++++++++++++++++++
 policy/modules/system/userdomain.te      |   24 +++++++++++++++++--
 policy/modules/system/xen.if             |   18 ++++++++++++++
 policy/modules/system/xen.te             |    1 
 policy/rolemap                           |    1 
 policy/users                             |    6 ++--
 25 files changed, 153 insertions(+), 29 deletions(-)

Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20060411.patch	20 Apr 2006 19:32:26 -0000	1.10
+++ policy-20060411.patch	21 Apr 2006 10:57:09 -0000	1.11
@@ -29,6 +29,20 @@
  userdom_manage_staff_home_dirs(useradd_t)
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.34/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/apps/mono.te	2006-04-21 06:40:33.000000000 -0400
+@@ -20,8 +20,9 @@
+ ifdef(`targeted_policy',`
+ 	allow mono_t self:process { execheap execmem };
+ 	unconfined_domain_noaudit(mono_t)
+-	role system_r types mono_t;
++	unconfined_dbus_chat(mono_t)
+ 
++	role system_r types mono_t;
+ 	init_dbus_chat_script(mono_t)
+ 
+ 	optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-04-18 22:49:59.000000000 -0400
 +++ serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc	2006-04-20 14:04:12.000000000 -0400
@@ -349,7 +363,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.34/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/unconfined.if	2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/unconfined.if	2006-04-21 06:40:24.000000000 -0400
 @@ -224,6 +224,24 @@
  
  ########################################
@@ -375,6 +389,34 @@
  ##	Send generic signals to the unconfined domain.
  ## </summary>
  ## <param name="domain">
+@@ -363,6 +381,27 @@
+ 
+ ########################################
+ ## <summary>
++##	Send and receive messages from
++##	unconfined_t over dbus.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_dbus_chat',`
++	gen_require(`
++		type unconfined_t;
++		class dbus send_msg;
++	')
++
++	allow $1 unconfined_t:dbus send_msg;
++	allow unconfined_t $1:dbus send_msg;
++')
++
++########################################
++## <summary>
+ ##	Add an alias type to the unconfined domain.
+ ## </summary>
+ ## <desc>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.34/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-04-20 08:17:40.000000000 -0400
 +++ serefpolicy-2.2.34/policy/modules/system/userdomain.te	2006-04-20 14:04:12.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -r1.178 -r1.179
--- selinux-policy.spec	20 Apr 2006 19:32:44 -0000	1.178
+++ selinux-policy.spec	21 Apr 2006 10:57:09 -0000	1.179
@@ -16,7 +16,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.2.34
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -330,6 +330,9 @@
 %endif
 
 %changelog
+* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
+- Allow mono to chat with unconfined
+
 * Thu Apr 20 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-2
 - Allow procmail to sendmail
 - Allow nfs to share dosfs

More information about the fedora-cvs-commits mailing list