rpms/selinux-policy/devel modules-targeted.conf, 1.10, 1.11 policy-20060104.patch, 1.4, 1.5 selinux-policy.spec, 1.77, 1.78 policy-20051208.patch, 1.36, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jan 9 20:14:21 UTC 2006
- Previous message (by thread): rpms/avahi/devel avahi-0.6.3-bz177148.patch,1.1,1.2
- Next message (by thread): rpms/nfs-utils/devel nfs-utils-1.0.8-rc2-Makefileam.patch, NONE, 1.1 .cvsignore, 1.12, 1.13 nfs-utils-1.0.7-compile.patch, 1.7, 1.8 nfs-utils.spec, 1.73, 1.74 rpcgssd.init, 1.3, 1.4 sources, 1.13, 1.14 gssapi_mech.conf, 1.1, NONE nfs-utils-1.0.6-pie.patch, 1.1, NONE nfs-utils-1.0.7-idmapd-mapinit.patch, 1.1, NONE nfs-utils-1.0.7-post0.patch, 1.1, NONE nfs-utils-1.0.7-post1.patch, 1.2, NONE nfs-utils-1.0.7-post2.patch, 1.2, NONE nfs-utils-1.0.7-post3.patch, 1.1, NONE nfs-utils-1.0.7-post4.patch, 1.1, NONE nfs-utils-1.0.7-post5.patch, 1.1, NONE nfs-utils-1.0.7-post6.patch, 1.1, NONE nfs-utils-1.0.7-strip.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31318
Modified Files:
modules-targeted.conf policy-20060104.patch
selinux-policy.spec
Removed Files:
policy-20051208.patch
Log Message:
* Mon Jan 9 2006 Dan Walsh <dwalsh at redhat.com> 2.1.8-1
- Update to upstream
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- modules-targeted.conf 6 Jan 2006 01:03:59 -0000 1.10
+++ modules-targeted.conf 9 Jan 2006 20:14:17 -0000 1.11
@@ -993,3 +993,11 @@
# logwatch executable
#
logwatch = base
+
+# Layer: apps
+# Module: wine
+#
+# wine executable
+#
+wine = base
+
policy-20060104.patch:
Makefile | 2
policy/modules/admin/amanda.te | 4
policy/modules/admin/consoletype.te | 1
policy/modules/admin/netutils.te | 1
policy/modules/admin/su.if | 2
policy/modules/admin/vpn.te | 7 +
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +++++
policy/modules/apps/java.te | 25 ++++++
policy/modules/apps/wine.fc | 2
policy/modules/apps/wine.if | 23 +++++
policy/modules/apps/wine.te | 27 ++++++
policy/modules/kernel/corecommands.te | 6 +
policy/modules/kernel/domain.if | 1
policy/modules/kernel/domain.te | 4
policy/modules/kernel/files.if | 17 ++++
policy/modules/kernel/kernel.if | 21 +++++
policy/modules/kernel/kernel.te | 5 +
policy/modules/kernel/mls.te | 2
policy/modules/services/apache.te | 9 ++
policy/modules/services/apm.te | 1
policy/modules/services/automount.te | 9 +-
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.te | 32 +------
policy/modules/services/cups.te | 6 -
policy/modules/services/dovecot.te | 1
policy/modules/services/hal.fc | 1
policy/modules/services/hal.te | 4
policy/modules/services/irqbalance.te | 1
policy/modules/services/locate.fc | 4
policy/modules/services/locate.if | 1
policy/modules/services/locate.te | 50 ++++++++++++
policy/modules/services/logwatch.fc | 3
policy/modules/services/logwatch.if | 1
policy/modules/services/logwatch.te | 107 +++++++++++++++++++++++++
policy/modules/services/mta.te | 13 +++
policy/modules/services/networkmanager.te | 10 +-
policy/modules/services/nscd.te | 1
policy/modules/services/ntp.te | 2
policy/modules/services/portmap.te | 1
policy/modules/services/prelink.fc | 7 +
policy/modules/services/prelink.if | 39 +++++++++
policy/modules/services/prelink.te | 64 +++++++++++++++
policy/modules/services/rpc.te | 1
policy/modules/services/samba.if | 2
policy/modules/services/xdm.te | 4
policy/modules/system/authlogin.te | 1
policy/modules/system/clock.te | 1
policy/modules/system/fstools.te | 4
policy/modules/system/hostname.te | 38 +--------
policy/modules/system/init.te | 16 ---
policy/modules/system/libraries.fc | 125 +++++++++++++++---------------
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 1
policy/modules/system/logging.te | 4
policy/modules/system/lvm.te | 2
policy/modules/system/mount.te | 4
policy/modules/system/selinuxutil.te | 5 -
policy/modules/system/sysnetwork.te | 2
policy/modules/system/unconfined.te | 12 +-
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 66 +++++++++++----
policy/modules/system/userdomain.te | 1
policy/users | 8 +
64 files changed, 673 insertions(+), 175 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.4 -r 1.5 policy-20060104.patch
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060104.patch 6 Jan 2006 13:56:31 -0000 1.4
+++ policy-20060104.patch 9 Jan 2006 20:14:17 -0000 1.5
@@ -1,51 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/default_type serefpolicy-2.1.7/config/appconfig-strict-mcs/default_type
---- nsaserefpolicy/config/appconfig-strict-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mcs/default_type 2006-01-05 11:12:20.000000000 -0500
-@@ -1,3 +1,3 @@
--sysadm_r:sysadm_t:s0
--staff_r:staff_t:s0
--user_r:user_t:s0
-+sysadm_r:sysadm_t
-+staff_r:staff_t
-+user_r:user_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.1.7/config/appconfig-strict-mls/default_type
---- nsaserefpolicy/config/appconfig-strict-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mls/default_type 2006-01-05 11:12:20.000000000 -0500
-@@ -1,3 +1,4 @@
--sysadm_r:sysadm_t:s0
--staff_r:staff_t:s0
--user_r:user_t:s0
-+sysadm_r:sysadm_t
-+secadm_r:secadm_t
-+staff_r:staff_t
-+user_r:user_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.1.7/config/appconfig-strict-mls/initrc_context
---- nsaserefpolicy/config/appconfig-strict-mls/initrc_context 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mls/initrc_context 2006-01-05 11:12:20.000000000 -0500
-@@ -1 +1 @@
--system_u:system_r:initrc_t:s0
-+system_u:system_r:initrc_t:s0-s15:c0.c255
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-2.1.7/config/appconfig-targeted-mcs/default_type
---- nsaserefpolicy/config/appconfig-targeted-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mcs/default_type 2006-01-05 11:12:20.000000000 -0500
-@@ -1 +1 @@
--system_r:unconfined_t:s0
-+system_r:unconfined_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/default_type serefpolicy-2.1.7/config/appconfig-targeted-mls/default_type
---- nsaserefpolicy/config/appconfig-targeted-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mls/default_type 2006-01-05 11:12:20.000000000 -0500
-@@ -1 +1 @@
--system_r:unconfined_t:s0
-+system_r:unconfined_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.1.7/config/appconfig-targeted-mls/initrc_context
---- nsaserefpolicy/config/appconfig-targeted-mls/initrc_context 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mls/initrc_context 2006-01-05 11:12:20.000000000 -0500
-@@ -1 +1 @@
--user_u:system_r:unconfined_t:s0
-+user_u:system_r:unconfined_t:s0-s15:c0.c255
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.7/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.8/Makefile
--- nsaserefpolicy/Makefile 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/Makefile 2006-01-05 11:12:20.000000000 -0500
++++ serefpolicy-2.1.8/Makefile 2006-01-09 13:10:33.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -55,1246 +10,9 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.1.7/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/ftpd_selinux.8 2006-01-05 11:12:20.000000000 -0500
-@@ -0,0 +1,56 @@
-+.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd Selinux Policy documentation"
-+.SH "NAME"
-+ftpd_selinux \- Security Enhanced Linux Policy for the ftp daemon
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the ftpd server via flexible mandatory access
-+control.
-+.SH FILE_CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+Policy governs the access daemons have to these files.
-+If you want to share files anonymously, you must label the files and directories public_content_t. So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool.
-+.TP
-+chcon -R -t public_content_t /var/ftp
-+.TP
-+If you want to setup a directory where you can upload files to you must label the files and directories ftpd_anon_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
-+.TP
-+chcon -t public_content_rw_t /var/ftp/incoming
-+.TP
-+You must also turn on the boolean allow_ftp_anon_write.
-+.TP
-+setsebool -P allow_ftp_anon_write=1
-+.TP
-+If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
-+.TP
-+/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
-+.br
-+/var/ftp(/.*)? system_u:object_r:public_content_t
-+/var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t
-+
-+.SH BOOLEANS
-+SELinux ftp daemon policy is customizable based on least access required. So by
-+default SElinux does not allow users to login and read their home directories.
-+.br
-+If you are setting up this machine as a ftpd server and wish to allow users to access their home
-+directorories, you need to set the ftp_home_dir boolean.
-+.TP
-+setsebool -P ftp_home_dir 1
-+.TP
-+ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
-+.TP
-+setsebool -P ftpd_is_daemon 1
-+.TP
-+You can disable SELinux protection for the ftpd daemon by executing:
-+.TP
-+setsebool -P ftpd_disable_trans 1
-+.br
-+service vsftpd restart
-+.TP
-+system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
-+.SH AUTHOR
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+
-+.SH "SEE ALSO"
-+selinux(8), ftpd(8), chcon(1), setsebool(8)
-+
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.1.7/man/man8/httpd_selinux.8
---- nsaserefpolicy/man/man8/httpd_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/httpd_selinux.8 2006-01-05 11:12:20.000000000 -0500
-@@ -0,0 +1,123 @@
-+.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
-+.SH "NAME"
-+httpd_selinux \- Security Enhanced Linux Policy for the httpd daemon
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the httpd server via flexible mandatory access
-+control.
-+.SH FILE_CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+Policy governs the access daemons have to these files.
-+SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
-+.TP
-+The following file contexts types are defined for httpd:
-+.br
-+
-+httpd_sys_content_t
-+.br
-+- Set files with httpd_sys_content_t for content which is available from all httpd scripts and the daemon.
-+.br
-+
-+httpd_sys_script_exec_t
-+.br
-+- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
-+.br
-+
-+httpd_sys_script_ro_t
-+.br
-+- Set files with httpd_sys_script_ro_t if you want httpd_sys_script_exec_t scripts to read the data, and disallow other sys scripts from access.
-+.br
-+
-+httpd_sys_script_rw_t
-+.br
-+- Set files with httpd_sys_script_rw_t if you want httpd_sys_script_exec_t scripts to read/write the data, and disallow other non sys scripts from access.
-+.br
-+
-+httpd_sys_script_ra_t
-+.br
-+- Set files with httpd_sys_script_ra_t if you want httpd_sys_script_exec_t scripts to read/append to the file, and disallow other non sys scripts from access.
-+
-+httpd_unconfined_script_exec_t
-+.br
-+- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
-+.br
-+
-+.SH NOTE
-+With certain policies you can define addional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
-+
-+.SH SHARING FILES
-+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
-+
-+setsebool -P allow_httpd_anon_write=1
-+
-+or
-+
-+setsebool -P allow_httpd_sys_script_anon_write=1
-+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. So by
-+default SElinux prevents certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
-+.TP
-+httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
-+.br
-+
-+setsebool -P httpd_enable_cgi 1
-+
-+.TP
-+httpd by default is not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
-+.br
-+
-+setsebool -P httpd_enable_homedirs 1
[...3387 lines suppressed...]
---- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-04 17:28:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.if 2006-01-05 17:30:57.000000000 -0500
-@@ -572,6 +572,7 @@
- corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-
- files_read_etc_files($1_t)
-+ files_read_etc_runtime_files($1_t)
- files_list_home($1_t)
- files_read_usr_files($1_t)
- files_exec_usr_files($1_t)
-@@ -1885,6 +1886,11 @@
- ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.8/policy/modules/system/userdomain.if
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-09 11:32:54.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/system/userdomain.if 2006-01-09 13:10:33.000000000 -0500
+@@ -1881,19 +1881,16 @@
+ ## </param>
+ #
+ interface(`userdom_dontaudit_getattr_sysadm_home_dir',`
+- ifdef(`targeted_policy',`
+- gen_require(`
+- type user_home_dir_t;
+- ')
++ gen_require(`
++ type sysadm_home_dir_t;
++ ')
- dontaudit $1 sysadm_home_dir_t:dir getattr;
+- dontaudit $1 user_home_dir_t:dir getattr;
+- ', `
+- gen_require(`
+- type sysadm_home_dir_t;
+- ')
++ dontaudit $1 sysadm_home_dir_t:dir getattr;
+
+ifdef(`targeted_policy', `
+ userdom_dontaudit_getattr_user_home_dirs($1)
+')
-+
+
+- dontaudit $1 sysadm_home_dir_t:dir getattr;
+- ')
')
########################################
-@@ -1918,6 +1924,10 @@
+@@ -1922,19 +1919,15 @@
+ ## </param>
+ #
+ interface(`userdom_dontaudit_search_sysadm_home_dir',`
+- ifdef(`targeted_policy',`
+ gen_require(`
+- type user_home_dir_t;
++ type sysadm_home_dir_t;
')
- dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
-+
+- dontaudit $1 user_home_dir_t:dir search_dir_perms;
+- ',`
+- gen_require(`
+- type sysadm_home_dir_t;
+- ')
++ dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
+
+- dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
+- ')
+ifdef(`targeted_policy', `
+ userdom_dontaudit_search_user_home_dirs($1)
+')
')
########################################
-@@ -2057,6 +2067,22 @@
+@@ -2074,6 +2067,22 @@
########################################
## <summary>
@@ -3620,7 +1602,7 @@
## Read all files in all users home directories.
## </summary>
## <param name="domain">
-@@ -2648,6 +2674,23 @@
+@@ -2665,6 +2674,23 @@
########################################
## <summary>
@@ -3644,66 +1626,10 @@
## Send general signals to all user domains.
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.1.7/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-01-04 17:28:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.te 2006-01-05 11:12:20.000000000 -0500
-@@ -2,7 +2,7 @@
- policy_module(userdomain,1.1.1)
-
- gen_require(`
-- role sysadm_r, staff_r, user_r;
-+ role sysadm_r, staff_r, user_r, secadm_r;
- ')
-
- ########################################
-@@ -82,10 +82,14 @@
- # dont need to use the full role_change()
- allow sysadm_r system_r;
- allow sysadm_r user_r;
-+ allow secadm_r system_r;
-+ allow secadm_r user_r;
- allow user_r system_r;
- allow user_r sysadm_r;
- allow system_r sysadm_r;
- allow system_r sysadm_r;
-+ allow user_r secadm_r;
-+ allow staff_r secadm_r;
-
- allow privhome user_home_t:dir manage_dir_perms;
- allow privhome user_home_t:file create_file_perms;
-@@ -99,8 +103,10 @@
- optional_policy(`samba',`
- samba_per_userdomain_template(user)
- ')
-+
- ',`
- admin_user_template(sysadm)
-+ admin_user_template(secadm)
- unpriv_user_template(staff)
- unpriv_user_template(user)
-
-@@ -111,6 +117,7 @@
-
- # only staff_r can change to sysadm_r
- role_change(staff, sysadm)
-+ role_change(staff, secadm)
-
- # this should be tunable_policy, but
- # currently type_change and RBAC allow
-@@ -143,6 +150,12 @@
- domain_ptrace_all_domains(sysadm_t)
- ')
-
-+ mls_process_read_up(sysadm_t)
-+
-+ optional_policy(`logging',`
-+ logging_read_auditd_log(sysadm_t)
-+ ')
-+
- optional_policy(`amanda',`
- amanda_run_recover(sysadm_t,sysadm_r,admin_terminal)
- ')
-@@ -192,6 +205,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.1.8/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-01-09 11:32:54.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/system/userdomain.te 2006-01-09 13:10:33.000000000 -0500
+@@ -205,6 +205,7 @@
optional_policy(`hostname',`
hostname_run(sysadm_t,sysadm_r,admin_terminal)
@@ -3711,15 +1637,9 @@
')
optional_policy(`ipsec',`
-@@ -315,4 +329,5 @@
- optional_policy(`webalizer',`
- webalizer_run(sysadm_t,sysadm_r,admin_terminal)
- ')
-+
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.7/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.8/policy/users
--- nsaserefpolicy/policy/users 2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.7/policy/users 2006-01-05 11:12:20.000000000 -0500
++++ serefpolicy-2.1.8/policy/users 2006-01-09 13:10:33.000000000 -0500
@@ -26,7 +26,9 @@
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
@@ -3742,23 +1662,3 @@
+ gen_user(root, sysadm_r staff_r secadm_r , s0, s0 - s15:c0.c255, c0.c255)
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.1.7/Rules.modular
---- nsaserefpolicy/Rules.modular 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/Rules.modular 2006-01-05 11:12:20.000000000 -0500
-@@ -170,6 +170,16 @@
-
- ########################################
- #
-+# Remove the dontaudit rules from the base.conf
-+#
-+enableaudit: base.conf
-+ @test -d tmp || mkdir -p tmp
-+ @echo "Removing dontaudit rules from base.conf"
-+ $(QUIET) grep -v dontaudit base.conf > tmp/base.audit
-+ $(QUIET) mv tmp/base.audit base.conf
-+
-+########################################
-+#
- # Appconfig files
- #
- $(APPDIR)/customizable_types: base.conf
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- selinux-policy.spec 6 Jan 2006 01:04:12 -0000 1.77
+++ selinux-policy.spec 9 Jan 2006 20:14:17 -0000 1.78
@@ -6,8 +6,8 @@
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.1.7
-Release: 3
+Version: 2.1.8
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -262,7 +262,13 @@
%endif
%changelog
-* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-3
+* Mon Jan 9 2006 Dan Walsh <dwalsh at redhat.com> 2.1.8-1
+- Update to upstream
+
+* Fri Jan 7 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-4
+- Add wine and fix hal problems
+
+* Thu Jan 6 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-3
- Handle new location of hal scripts
* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-2
--- policy-20051208.patch DELETED ---
- Previous message (by thread): rpms/avahi/devel avahi-0.6.3-bz177148.patch,1.1,1.2
- Next message (by thread): rpms/nfs-utils/devel nfs-utils-1.0.8-rc2-Makefileam.patch, NONE, 1.1 .cvsignore, 1.12, 1.13 nfs-utils-1.0.7-compile.patch, 1.7, 1.8 nfs-utils.spec, 1.73, 1.74 rpcgssd.init, 1.3, 1.4 sources, 1.13, 1.14 gssapi_mech.conf, 1.1, NONE nfs-utils-1.0.6-pie.patch, 1.1, NONE nfs-utils-1.0.7-idmapd-mapinit.patch, 1.1, NONE nfs-utils-1.0.7-post0.patch, 1.1, NONE nfs-utils-1.0.7-post1.patch, 1.2, NONE nfs-utils-1.0.7-post2.patch, 1.2, NONE nfs-utils-1.0.7-post3.patch, 1.1, NONE nfs-utils-1.0.7-post4.patch, 1.1, NONE nfs-utils-1.0.7-post5.patch, 1.1, NONE nfs-utils-1.0.7-post6.patch, 1.1, NONE nfs-utils-1.0.7-strip.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list