rpms/selinux-policy/devel modules-targeted.conf, 1.9, 1.10 policy-20060104.patch, 1.2, 1.3 selinux-policy.spec, 1.76, 1.77
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jan 6 01:04:25 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv21472
Modified Files:
modules-targeted.conf policy-20060104.patch
selinux-policy.spec
Log Message:
* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-3
- Handle new location of hal scripts
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- modules-targeted.conf 5 Jan 2006 21:54:11 -0000 1.9
+++ modules-targeted.conf 6 Jan 2006 01:03:59 -0000 1.10
@@ -114,6 +114,13 @@
rpm = base
# Layer: admin
+# Module: readahead
+#
+# Readahead, read files into page cache for improved performance
+#
+readahead = base
+
+# Layer: admin
# Module: kudzu
#
# Hardware detection and configuration tools
@@ -174,7 +181,14 @@
#
# Rotate and archive system logs
#
-logrotate = off
+logrotate = base
+
+# Layer: admin
+# Module: ddcprobe
+#
+# ddcprobe retrieves monitor and graphics card information
+#
+ddcprobe = module
# Layer: admin
# Module: quota
@@ -198,6 +212,13 @@
sudo = off
# Layer: admin
+# Module: vbetool
+#
+# run real-mode video BIOS code to alter hardware state
+#
+vbetool = module
+
+# Layer: admin
# Module: firstboot
#
# Final system configuration run during the first boot
@@ -304,6 +325,13 @@
canna = base
# Layer: services
+# Module: i18n_input
+#
+# IIIMF htt server
+#
+i18n_input = module
+
+# Layer: services
# Module: uucp
#
# Unix to Unix Copy
@@ -362,6 +390,13 @@
howl = base
# Layer: services
+# Module: timidity
+#
+# MIDI to WAV converter and player configured as a service
+#
+timidity = module
+
+# Layer: services
# Module: postgresql
#
# PostgreSQL relational database
@@ -369,6 +404,13 @@
postgresql = base
# Layer: services
+# Module: openct
+#
+# Service for handling smart card readers.
+#
+openct = module
+
+# Layer: services
# Module: snmp
#
# Simple network management protocol services
@@ -559,6 +601,13 @@
ppp = base
# Layer: services
+# Module: smartmon
+#
+# Smart disk monitoring daemon policy
+#
+smartmon = module
+
+# Layer: services
# Module: ftp
#
# File transfer protocol service
@@ -636,6 +685,13 @@
apache = base
# Layer: services
+# Module: slrnpull
+#
+# Service for downloading news feeds the slrn newsreader.
+#
+slrnpull = module
+
+# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
policy-20060104.patch:
Makefile | 2
Rules.modular | 10
config/appconfig-strict-mcs/default_type | 6
config/appconfig-strict-mls/default_type | 7
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-targeted-mcs/default_type | 2
config/appconfig-targeted-mls/default_type | 2
config/appconfig-targeted-mls/initrc_context | 2
man/man8/ftpd_selinux.8 | 56 ++++
man/man8/httpd_selinux.8 | 123 ++++++++
man/man8/kerberos_selinux.8 | 31 ++
man/man8/named_selinux.8 | 29 ++
man/man8/nfs_selinux.8 | 30 ++
man/man8/nis_selinux.8 | 1
man/man8/rsync_selinux.8 | 41 ++
man/man8/samba_selinux.8 | 60 ++++
man/man8/ypbind_selinux.8 | 19 +
policy/global_tunables | 3
policy/mcs | 321 ++++-------------------
policy/mls | 371 +++++----------------------
policy/modules/admin/amanda.te | 4
policy/modules/admin/kudzu.te | 9
policy/modules/admin/logrotate.te | 4
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 19 -
policy/modules/admin/su.if | 2
policy/modules/admin/tmpreaper.te | 3
policy/modules/admin/usermanage.te | 15 -
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +
policy/modules/apps/java.te | 25 +
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corecommands.te | 6
policy/modules/kernel/corenetwork.te.in | 12
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/domain.if | 1
policy/modules/kernel/domain.te | 4
policy/modules/kernel/files.fc | 27 +
policy/modules/kernel/files.if | 17 +
policy/modules/kernel/kernel.if | 3
policy/modules/kernel/kernel.te | 30 +-
policy/modules/kernel/mls.te | 9
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 46 +--
policy/modules/services/apache.te | 9
policy/modules/services/apm.te | 1
policy/modules/services/automount.te | 9
policy/modules/services/bind.if | 19 +
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.te | 3
policy/modules/services/cups.te | 7
policy/modules/services/cvs.fc | 2
policy/modules/services/cvs.te | 6
policy/modules/services/dbus.te | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.fc | 1
policy/modules/services/hal.te | 4
policy/modules/services/ldap.te | 4
policy/modules/services/locate.fc | 4
policy/modules/services/locate.if | 1
policy/modules/services/locate.te | 50 +++
policy/modules/services/logwatch.fc | 3
policy/modules/services/logwatch.if | 1
policy/modules/services/logwatch.te | 103 +++++++
policy/modules/services/mta.te | 13
policy/modules/services/nscd.te | 1
policy/modules/services/ntp.te | 2
policy/modules/services/ppp.te | 4
policy/modules/services/prelink.fc | 7
policy/modules/services/prelink.if | 39 ++
policy/modules/services/prelink.te | 64 ++++
policy/modules/services/remotelogin.te | 1
policy/modules/services/samba.if | 3
policy/modules/services/sasl.te | 8
policy/modules/services/sendmail.te | 36 --
policy/modules/services/ssh.te | 10
policy/modules/services/xdm.te | 4
policy/modules/system/authlogin.if | 12
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/hostname.if | 15 +
policy/modules/system/hostname.te | 37 --
policy/modules/system/init.if | 14 +
policy/modules/system/init.te | 22 +
policy/modules/system/iptables.te | 2
policy/modules/system/libraries.fc | 126 ++++-----
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 2
policy/modules/system/logging.fc | 7
policy/modules/system/logging.if | 21 +
policy/modules/system/logging.te | 5
policy/modules/system/lvm.te | 2
policy/modules/system/mount.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 11
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 4
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.te | 13
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 43 +++
policy/modules/system/userdomain.te | 17 +
policy/users | 8
103 files changed, 1410 insertions(+), 789 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20060104.patch 5 Jan 2006 21:54:11 -0000 1.2
+++ policy-20060104.patch 6 Jan 2006 01:04:01 -0000 1.3
@@ -2230,6 +2230,14 @@
init_use_fd(dovecot_t)
init_use_script_pty(dovecot_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.1.7/policy/modules/services/hal.fc
+--- nsaserefpolicy/policy/modules/services/hal.fc 2005-11-14 18:24:07.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/hal.fc 2006-01-05 19:44:40.000000000 -0500
+@@ -7,3 +7,4 @@
+ /usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
+
+ /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.7/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2005-12-14 10:38:50.000000000 -0500
+++ serefpolicy-2.1.7/policy/modules/services/hal.te 2006-01-05 11:12:20.000000000 -0500
@@ -3545,7 +3553,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.7/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-04 17:28:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.if 2006-01-05 11:12:20.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/userdomain.if 2006-01-05 17:30:57.000000000 -0500
@@ -572,6 +572,7 @@
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
@@ -3554,35 +3562,53 @@
files_list_home($1_t)
files_read_usr_files($1_t)
files_exec_usr_files($1_t)
-@@ -1884,9 +1885,14 @@
- type sysadm_home_dir_t;
+@@ -1885,6 +1886,11 @@
')
-+ifdef(`targeted_policy', `
-+ dontaudit $1 user_home_dir_t:dir getattr;
-+', `
dontaudit $1 sysadm_home_dir_t:dir getattr;
- ')
-
++
++ifdef(`targeted_policy', `
++ userdom_dontaudit_getattr_user_home_dirs($1)
+')
+
+ ')
+
########################################
- ## <summary>
- ## Search the sysadm users home directory.
-@@ -1917,8 +1923,12 @@
- type sysadm_home_dir_t;
+@@ -1918,6 +1924,10 @@
')
-+ifdef(`targeted_policy', `
-+ dontaudit $1 user_home_dir_t:dir search_dir_perms;
-+', `
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
- ')
++
++ifdef(`targeted_policy', `
++ userdom_dontaudit_search_user_home_dirs($1)
+')
+ ')
+
+ ########################################
+@@ -2057,6 +2067,22 @@
########################################
## <summary>
-@@ -2648,6 +2658,23 @@
++## Do not audit attempts to getattr all users home directories.
++## </summary>
++## <param name="domain">
++## Domain to not audit.
++## </param>
++#
++interface(`userdom_dontaudit_getattr_user_home_dirs',`
++ gen_require(`
++ type user_home_dir_t;
++ ')
++
++ dontaudit $1 user_home_dir_t:dir getattr;
++')
++
++########################################
++## <summary>
+ ## Read all files in all users home directories.
+ ## </summary>
+ ## <param name="domain">
+@@ -2648,6 +2674,23 @@
########################################
## <summary>
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- selinux-policy.spec 5 Jan 2006 21:55:48 -0000 1.76
+++ selinux-policy.spec 6 Jan 2006 01:04:12 -0000 1.77
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.7
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -61,6 +61,10 @@
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} enableaudit \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp \
+for file in $(ls ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1 | grep -v -e base.pp -e enableaudit.pp ) \
+do \
+ rm ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/$file; \
+done; \
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
@@ -258,6 +262,9 @@
%endif
%changelog
+* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-3
+- Handle new location of hal scripts
+
* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-2
- Allow su to read /etc/mtab
More information about the fedora-cvs-commits
mailing list