rpms/selinux-policy/devel policy-20060411.patch, 1.11, 1.12 selinux-policy.spec, 1.179, 1.180
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Apr 25 10:58:02 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11649
Modified Files:
policy-20060411.patch selinux-policy.spec
Log Message:
* Mon Apr 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.35-1
- Update to upstream
- Fix postun to only disable selinux on full removal of the packages
policy-20060411.patch:
config/appconfig-strict-mls/default_type | 1
policy/modules/admin/netutils.te | 2 -
policy/modules/admin/usermanage.te | 1
policy/modules/apps/mono.te | 3 +-
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/domain.te | 1
policy/modules/kernel/files.if | 35 +++++++++++++++++++++++++++
policy/modules/kernel/filesystem.if | 6 ++--
policy/modules/kernel/kernel.te | 1
policy/modules/kernel/terminal.if | 2 -
policy/modules/services/cups.te | 1
policy/modules/services/pegasus.te | 8 ++++++
policy/modules/services/procmail.te | 2 -
policy/modules/services/samba.te | 2 -
policy/modules/system/authlogin.te | 2 +
policy/modules/system/init.te | 1
policy/modules/system/libraries.fc | 18 +++-----------
policy/modules/system/logging.te | 4 +--
policy/modules/system/sysnetwork.te | 3 ++
policy/modules/system/unconfined.if | 39 +++++++++++++++++++++++++++++++
policy/modules/system/userdomain.te | 24 +++++++++++++++++--
policy/modules/system/xen.if | 18 ++++++++++++++
policy/modules/system/xen.te | 1
policy/rolemap | 1
policy/users | 6 ++--
25 files changed, 154 insertions(+), 29 deletions(-)
Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20060411.patch 21 Apr 2006 10:57:09 -0000 1.11
+++ policy-20060411.patch 25 Apr 2006 10:57:57 -0000 1.12
@@ -1,14 +1,14 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.34/config/appconfig-strict-mls/default_type
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.35/config/appconfig-strict-mls/default_type
--- nsaserefpolicy/config/appconfig-strict-mls/default_type 2006-01-06 17:55:17.000000000 -0500
-+++ serefpolicy-2.2.34/config/appconfig-strict-mls/default_type 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/config/appconfig-strict-mls/default_type 2006-04-24 20:16:38.000000000 -0400
@@ -2,3 +2,4 @@
secadm_r:secadm_t
staff_r:staff_t
user_r:user_t
+auditadm_r:auditadm_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.34/policy/modules/admin/netutils.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.35/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-04-06 14:05:24.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/admin/netutils.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/admin/netutils.te 2006-04-24 20:16:38.000000000 -0400
@@ -97,7 +97,7 @@
allow ping_t self:tcp_socket create_socket_perms;
@@ -18,9 +18,9 @@
corenet_tcp_sendrecv_all_if(ping_t)
corenet_udp_sendrecv_all_if(ping_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.34/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.35/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/admin/usermanage.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/admin/usermanage.te 2006-04-24 20:16:38.000000000 -0400
@@ -514,6 +514,7 @@
# Add/remove user home directories
userdom_home_filetrans_generic_user_home_dir(useradd_t)
@@ -29,9 +29,9 @@
userdom_manage_staff_home_dirs(useradd_t)
userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.34/policy/modules/apps/mono.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.35/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/apps/mono.te 2006-04-21 06:40:33.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/apps/mono.te 2006-04-24 20:16:38.000000000 -0400
@@ -20,8 +20,9 @@
ifdef(`targeted_policy',`
allow mono_t self:process { execheap execmem };
@@ -43,9 +43,9 @@
init_dbus_chat_script(mono_t)
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.35/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/corecommands.fc 2006-04-24 20:16:38.000000000 -0400
@@ -177,6 +177,7 @@
ifdef(`distro_redhat', `
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -54,9 +54,9 @@
/usr/share/cvs/contrib/rcs2log -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.34/policy/modules/kernel/domain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.35/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-04-20 08:17:36.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/kernel/domain.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/domain.te 2006-04-24 20:16:38.000000000 -0400
@@ -96,6 +96,7 @@
# workaround until role dominance is fixed in
# the module compiler
@@ -65,9 +65,9 @@
role sysadm_r types domain;
role user_r types domain;
role staff_r types domain;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.34/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/kernel/files.if 2006-04-20 14:04:12.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.35/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-04-24 20:14:39.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/files.if 2006-04-24 20:16:38.000000000 -0400
@@ -1679,6 +1679,21 @@
')
@@ -114,9 +114,9 @@
+ allow $1 boot_t:file { getattr read };
+ allow $1 boot_t:lnk_file { getattr read };
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.34/policy/modules/kernel/filesystem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.35/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/kernel/filesystem.if 2006-04-20 14:54:31.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/filesystem.if 2006-04-24 20:16:38.000000000 -0400
@@ -609,7 +609,7 @@
attribute noxattrfs;
')
@@ -144,9 +144,9 @@
## </summary>
## <param name="domain">
## <summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.2.34/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-04-18 22:49:59.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/kernel/kernel.te 2006-04-20 14:04:12.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.2.35/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-04-24 20:14:39.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/kernel.te 2006-04-24 20:16:38.000000000 -0400
@@ -28,6 +28,7 @@
ifdef(`enable_mls',`
@@ -155,9 +155,9 @@
')
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.34/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.35/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-02-13 17:05:45.000000000 -0500
-+++ serefpolicy-2.2.34/policy/modules/kernel/terminal.if 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/kernel/terminal.if 2006-04-24 20:16:38.000000000 -0400
@@ -174,7 +174,7 @@
')
@@ -167,9 +167,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.34/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.35/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/services/cups.te 2006-04-20 15:02:03.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/services/cups.te 2006-04-24 20:16:38.000000000 -0400
@@ -79,6 +79,7 @@
allow cupsd_t self:process { setsched signal_perms };
allow cupsd_t self:fifo_file rw_file_perms;
@@ -178,9 +178,9 @@
allow cupsd_t self:unix_dgram_socket create_socket_perms;
allow cupsd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
allow cupsd_t self:netlink_route_socket { r_netlink_socket_perms };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.2.34/policy/modules/services/pegasus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.2.35/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/services/pegasus.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/services/pegasus.te 2006-04-24 20:16:38.000000000 -0400
@@ -79,11 +79,16 @@
corenet_tcp_connect_pegasus_https_port(pegasus_t)
corenet_tcp_connect_generic_port(pegasus_t)
@@ -215,9 +215,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.34/policy/modules/services/procmail.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.35/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.34/policy/modules/services/procmail.te 2006-04-20 15:06:02.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/services/procmail.te 2006-04-24 20:16:38.000000000 -0400
@@ -95,13 +95,13 @@
optional_policy(`
@@ -233,9 +233,9 @@
files_getattr_tmp_dirs(procmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.34/policy/modules/services/samba.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.35/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-04-19 12:23:07.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/services/samba.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/services/samba.te 2006-04-24 20:16:38.000000000 -0400
@@ -106,8 +106,8 @@
files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
@@ -246,9 +246,9 @@
kernel_read_proc_symlinks(samba_net_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.34/policy/modules/system/authlogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.35/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-04-19 12:23:07.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/authlogin.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/authlogin.te 2006-04-24 20:16:38.000000000 -0400
@@ -188,6 +188,8 @@
storage_setattr_scsi_generic_dev(pam_console_t)
@@ -258,9 +258,9 @@
term_setattr_console(pam_console_t)
term_getattr_unallocated_ttys(pam_console_t)
term_setattr_unallocated_ttys(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.34/policy/modules/system/init.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.35/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-04-20 08:17:40.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/init.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/init.te 2006-04-24 20:16:38.000000000 -0400
@@ -348,6 +348,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
@@ -269,10 +269,10 @@
libs_rw_ld_so_cache(initrc_t)
libs_use_ld_so(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.34/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2006-04-19 12:23:07.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/libraries.fc 2006-04-20 14:04:21.000000000 -0400
-@@ -66,13 +66,8 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.35/policy/modules/system/libraries.fc
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-04-24 20:14:40.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/libraries.fc 2006-04-24 20:16:38.000000000 -0400
+@@ -71,13 +71,8 @@
/usr/(.*/)?nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -286,7 +286,7 @@
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -99,7 +94,6 @@
+@@ -104,7 +99,6 @@
/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
ifdef(`distro_redhat',`
@@ -294,7 +294,7 @@
/usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- gen_context(system_u:object_r:shlib_t,s0)
# The following are libraries with text relocations in need of execmod permissions
-@@ -113,7 +107,7 @@
+@@ -118,7 +112,7 @@
/usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libglide3\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -303,7 +303,7 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/oggfformat\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/theorarend\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -198,16 +192,12 @@
+@@ -203,16 +197,12 @@
/usr/(.*/)?jre.*/libdeploy.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?jre.*/libjvm.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -323,9 +323,9 @@
#
# /var
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.34/policy/modules/system/logging.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.35/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-04-06 15:32:43.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/logging.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/logging.te 2006-04-24 20:16:38.000000000 -0400
@@ -140,7 +140,7 @@
init_use_fds(auditd_t)
init_exec(auditd_t)
@@ -344,9 +344,9 @@
# Allow syslog to a terminal
term_write_unallocated_ttys(syslogd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.34/policy/modules/system/sysnetwork.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.35/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-03-24 11:15:53.000000000 -0500
-+++ serefpolicy-2.2.34/policy/modules/system/sysnetwork.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/sysnetwork.te 2006-04-24 20:36:46.000000000 -0400
@@ -248,6 +248,7 @@
optional_policy(`
@@ -355,15 +355,23 @@
')
########################################
-@@ -346,4 +347,5 @@
+@@ -285,6 +286,7 @@
+ kernel_read_system_state(ifconfig_t)
+ kernel_read_network_state(ifconfig_t)
+ kernel_search_network_sysctl(ifconfig_t)
++kernel_rw_net_sysctls(ifconfig_t)
+
+ corenet_rw_tun_tap_dev(ifconfig_t)
+
+@@ -346,4 +348,5 @@
optional_policy(`
xen_append_log(ifconfig_t)
+ xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.34/policy/modules/system/unconfined.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.35/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/unconfined.if 2006-04-21 06:40:24.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/unconfined.if 2006-04-24 20:16:38.000000000 -0400
@@ -224,6 +224,24 @@
########################################
@@ -417,9 +425,9 @@
## Add an alias type to the unconfined domain.
## </summary>
## <desc>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.34/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-04-20 08:17:40.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/userdomain.te 2006-04-20 14:04:12.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.35/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-04-24 20:14:40.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/userdomain.te 2006-04-24 20:16:38.000000000 -0400
@@ -6,6 +6,7 @@
ifdef(`enable_mls',`
@@ -491,7 +499,7 @@
', `
logging_read_audit_log(sysadm_t)
logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
-@@ -236,6 +254,7 @@
+@@ -240,6 +258,7 @@
ifdef(`enable_mls',`
consoletype_exec(secadm_t)
@@ -499,7 +507,7 @@
')
')
-@@ -248,6 +267,7 @@
+@@ -252,6 +271,7 @@
ifdef(`enable_mls',`
dmesg_exec(secadm_t)
@@ -507,9 +515,9 @@
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.34/policy/modules/system/xen.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.35/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2006-03-23 16:08:51.000000000 -0500
-+++ serefpolicy-2.2.34/policy/modules/system/xen.if 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/xen.if 2006-04-24 20:16:38.000000000 -0400
@@ -47,6 +47,24 @@
########################################
@@ -535,9 +543,9 @@
## Connect to xenstored over an unix stream socket.
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.34/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.35/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-04-18 22:50:01.000000000 -0400
-+++ serefpolicy-2.2.34/policy/modules/system/xen.te 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/modules/system/xen.te 2006-04-24 20:16:38.000000000 -0400
@@ -125,6 +125,7 @@
files_read_etc_files(xend_t)
@@ -546,9 +554,9 @@
storage_raw_read_fixed_disk(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.34/policy/rolemap
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.35/policy/rolemap
--- nsaserefpolicy/policy/rolemap 2006-01-26 15:38:41.000000000 -0500
-+++ serefpolicy-2.2.34/policy/rolemap 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/rolemap 2006-04-24 20:16:38.000000000 -0400
@@ -15,5 +15,6 @@
ifdef(`enable_mls',`
@@ -556,9 +564,9 @@
+ auditadm_t auditadm auditadm_t
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.34/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.35/policy/users
--- nsaserefpolicy/policy/users 2006-02-15 17:02:30.000000000 -0500
-+++ serefpolicy-2.2.34/policy/users 2006-04-20 14:04:12.000000000 -0400
++++ serefpolicy-2.2.35/policy/users 2006-04-24 20:16:38.000000000 -0400
@@ -29,7 +29,7 @@
gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.179
retrieving revision 1.180
diff -u -r1.179 -r1.180
--- selinux-policy.spec 21 Apr 2006 10:57:09 -0000 1.179
+++ selinux-policy.spec 25 Apr 2006 10:57:57 -0000 1.180
@@ -15,8 +15,8 @@
%define CHECKPOLICYVER 1.30.1-2
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.34
-Release: 3
+Version: 2.2.35
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -234,11 +234,13 @@
fi
%postun
-setenforce 0 2> /dev/null
-if [ ! -s /etc/selinux/config ]; then
- echo "SELINUX=disabled" > /etc/selinux/config
-else
- sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
+if [ $1 = 0 ]; then
+ setenforce 0 2> /dev/null
+ if [ ! -s /etc/selinux/config ]; then
+ echo "SELINUX=disabled" > /etc/selinux/config
+ else
+ sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
+ fi
fi
@@ -330,6 +332,10 @@
%endif
%changelog
+* Mon Apr 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.35-1
+- Update to upstream
+- Fix postun to only disable selinux on full removal of the packages
+
* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
- Allow mono to chat with unconfined
More information about the fedora-cvs-commits
mailing list