rpms/selinux-policy/devel policy-20060104.patch, 1.6, 1.7 selinux-policy.spec, 1.79, 1.80
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 10 17:36:17 UTC 2006
- Previous message (by thread): rpms/perl-File-MMagic/devel .cvsignore, 1.7, 1.8 perl-File-MMagic.spec, 1.11, 1.12 sources, 1.7, 1.8
- Next message (by thread): rpms/gpdf/FC-3 gpdf-2.8.2-CVE-2005-3193.CVE-2005-3624.patch, NONE, 1.1 gpdf.spec, 1.21, 1.22 gpdf-2.8.2-CVE-2005-3193.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9620
Modified Files:
policy-20060104.patch selinux-policy.spec
Log Message:
* Tue Jan 10 2006 Dan Walsh <dwalsh at redhat.com> 2.1.8-3
- More Fixes for hal and readahead
policy-20060104.patch:
Makefile | 2
policy/modules/admin/amanda.te | 4
policy/modules/admin/consoletype.te | 1
policy/modules/admin/netutils.te | 1
policy/modules/admin/readahead.te | 5 +
policy/modules/admin/su.if | 2
policy/modules/admin/vpn.te | 7 +
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +++++
policy/modules/apps/java.te | 25 +++++
policy/modules/apps/wine.fc | 2
policy/modules/apps/wine.if | 23 +++++
policy/modules/apps/wine.te | 27 ++++++
policy/modules/kernel/corecommands.te | 6 +
policy/modules/kernel/domain.if | 1
policy/modules/kernel/domain.te | 4
policy/modules/kernel/files.if | 17 ++++
policy/modules/kernel/kernel.if | 21 ++++
policy/modules/kernel/kernel.te | 5 +
policy/modules/kernel/mls.te | 2
policy/modules/services/apache.te | 9 ++
policy/modules/services/apm.te | 1
policy/modules/services/automount.te | 9 +-
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.te | 32 +------
policy/modules/services/cups.te | 6 -
policy/modules/services/dovecot.te | 1
policy/modules/services/hal.fc | 1
policy/modules/services/hal.te | 16 ++-
policy/modules/services/irqbalance.te | 1
policy/modules/services/kerberos.te | 5 -
policy/modules/services/locate.fc | 4
policy/modules/services/locate.if | 1
policy/modules/services/locate.te | 50 +++++++++++
policy/modules/services/logwatch.fc | 3
policy/modules/services/logwatch.if | 1
policy/modules/services/logwatch.te | 107 +++++++++++++++++++++++++
policy/modules/services/mta.te | 13 +++
policy/modules/services/networkmanager.te | 5 -
policy/modules/services/nscd.te | 1
policy/modules/services/ntp.te | 2
policy/modules/services/portmap.te | 1
policy/modules/services/prelink.fc | 7 +
policy/modules/services/prelink.if | 39 +++++++++
policy/modules/services/prelink.te | 64 +++++++++++++++
policy/modules/services/rpc.te | 1
policy/modules/services/samba.if | 2
policy/modules/services/xdm.te | 4
policy/modules/system/authlogin.te | 1
policy/modules/system/clock.te | 1
policy/modules/system/fstools.te | 4
policy/modules/system/hostname.te | 38 +-------
policy/modules/system/init.te | 16 ---
policy/modules/system/libraries.fc | 127 +++++++++++++++---------------
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 1
policy/modules/system/logging.te | 4
policy/modules/system/lvm.te | 2
policy/modules/system/mount.te | 4
policy/modules/system/selinuxutil.te | 5 -
policy/modules/system/sysnetwork.te | 2
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 12 +-
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 66 ++++++++++-----
policy/modules/system/userdomain.te | 1
policy/users | 8 +
67 files changed, 684 insertions(+), 184 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- policy-20060104.patch 9 Jan 2006 22:50:57 -0000 1.6
+++ policy-20060104.patch 10 Jan 2006 17:36:14 -0000 1.7
@@ -48,7 +48,7 @@
corenet_raw_sendrecv_all_if(netutils_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.1.8/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-01-04 16:55:14.000000000 -0500
-+++ serefpolicy-2.1.8/policy/modules/admin/readahead.te 2006-01-09 17:39:19.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/admin/readahead.te 2006-01-10 11:39:08.000000000 -0500
@@ -27,6 +27,7 @@
kernel_read_kernel_sysctl(readahead_t)
@@ -57,7 +57,17 @@
dev_read_sysfs(readahead_t)
dev_getattr_generic_chr_file(readahead_t)
-@@ -50,6 +51,7 @@
+@@ -43,6 +44,9 @@
+
+ fs_getattr_all_fs(readahead_t)
+ fs_search_auto_mountpoints(readahead_t)
++fs_getattr_all_pipes(readahead_t)
++fs_getattr_all_files(readahead_t)
++fs_search_ramfs(readahead_t)
+
+ term_dontaudit_use_console(readahead_t)
+
+@@ -50,6 +54,7 @@
init_use_fd(readahead_t)
init_use_script_pty(readahead_t)
@@ -538,8 +548,8 @@
+/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.8/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.1.8/policy/modules/services/hal.te 2006-01-09 17:37:17.000000000 -0500
-@@ -47,8 +47,12 @@
++++ serefpolicy-2.1.8/policy/modules/services/hal.te 2006-01-10 12:17:49.000000000 -0500
+@@ -47,8 +47,14 @@
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
kernel_read_kernel_sysctl(hald_t)
@@ -549,26 +559,22 @@
+mls_file_read_up(hald_t)
+
++bootloader_getattr_boot_dir(hald_t)
++
corecmd_exec_bin(hald_t)
corecmd_exec_sbin(hald_t)
-@@ -74,6 +78,7 @@
- dev_manage_generic_chr_file(hald_t)
- # hal is now execing pm-suspend
- dev_rw_sysfs(hald_t)
-+dev_read_raw_memory(hald_t)
-
- domain_use_wide_inherit_fd(hald_t)
- domain_exec_all_entry_files(hald_t)
-@@ -82,6 +87,7 @@
+@@ -81,7 +87,8 @@
+ files_exec_etc_files(hald_t)
files_read_etc_files(hald_t)
files_rw_etc_runtime_files(hald_t)
- files_search_mnt(hald_t)
+-files_search_mnt(hald_t)
+files_manage_mnt_dirs(hald_t)
++files_manage_mnt_files(hald_t)
files_search_var_lib(hald_t)
files_read_usr_files(hald_t)
# hal is now execing pm-suspend
-@@ -145,6 +151,10 @@
+@@ -145,6 +152,10 @@
clock_domtrans(hald_t)
')
@@ -579,6 +585,13 @@
optional_policy(`cups',`
cups_domtrans_config(hald_t)
cups_signal_config(hald_t)
+@@ -205,6 +216,3 @@
+ vbetool_domtrans(hald_t)
+ ')
+
+-ifdef(`TODO',`
+-allow hald_t device_t:dir create_dir_perms;
+-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-2.1.8/policy/modules/services/irqbalance.te
--- nsaserefpolicy/policy/modules/services/irqbalance.te 2005-11-28 17:23:58.000000000 -0500
+++ serefpolicy-2.1.8/policy/modules/services/irqbalance.te 2006-01-09 14:37:14.000000000 -0500
@@ -590,6 +603,18 @@
dev_read_sysfs(irqbalance_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.1.8/policy/modules/services/kerberos.te
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2005-12-09 23:35:05.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/services/kerberos.te 2006-01-10 08:56:50.000000000 -0500
+@@ -249,8 +249,3 @@
+ udev_read_db(krb5kdc_t)
+ ')
+
+-ifdef(`TODO',`
+-# Allow user programs to talk to KDC
+-allow krb5kdc_t userdomain:udp_socket recvfrom;
+-allow userdomain krb5kdc_t:udp_socket recvfrom;
+-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.fc serefpolicy-2.1.8/policy/modules/services/locate.fc
--- nsaserefpolicy/policy/modules/services/locate.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.1.8/policy/modules/services/locate.fc 2006-01-09 14:37:14.000000000 -0500
@@ -816,7 +841,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.1.8/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.8/policy/modules/services/networkmanager.te 2006-01-09 14:37:14.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/services/networkmanager.te 2006-01-10 09:08:19.000000000 -0500
@@ -28,8 +28,6 @@
allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
allow NetworkManager_t self:udp_socket create_socket_perms;
@@ -835,15 +860,8 @@
dev_read_sysfs(NetworkManager_t)
dev_read_rand(NetworkManager_t)
-@@ -168,6 +164,12 @@
- udev_read_db(NetworkManager_t)
- ')
+@@ -170,4 +166,5 @@
-+# allow vpnc connections
-+# allow NetworkManager_t self:rawip_socket create_socket_perms;
-+# vpn connections
-+# corenet_use_tun_tap_device(NetworkManager_t)
-+
optional_policy(`vpn',`
vpn_domtrans(NetworkManager_t)
+ allow NetworkManager_t vpnc_t:process signal;
@@ -1195,7 +1213,7 @@
') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.1.8/policy/modules/system/libraries.fc 2006-01-09 14:37:14.000000000 -0500
++++ serefpolicy-2.1.8/policy/modules/system/libraries.fc 2006-01-10 11:55:40.000000000 -0500
@@ -11,6 +11,9 @@
/emul/ia32-linux/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
/emul/ia32-linux/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -1215,16 +1233,19 @@
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
-@@ -76,7 +79,7 @@
+@@ -75,8 +78,10 @@
+
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libmono\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
ifdef(`distro_redhat',`
-/usr/lib/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
+/usr/lib(64)?/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
/usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- gen_context(system_u:object_r:shlib_t,s0)
# The following are libraries with text relocations in need of execmod permissions
-@@ -84,32 +87,32 @@
+@@ -84,32 +89,32 @@
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
@@ -1280,7 +1301,7 @@
/usr/lib(64)?/.*/program/librecentfile\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -122,48 +125,48 @@
+@@ -122,48 +127,48 @@
/usr/lib(64)?/thunderbird.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Fedora Extras packages: ladspa, imlib2, ocaml
@@ -1364,7 +1385,7 @@
# Java, Sun Microsystems (JPackage SRPM)
/usr/.*/jre/lib/i386/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -175,7 +178,7 @@
+@@ -175,7 +180,7 @@
') dnl end distro_redhat
ifdef(`distro_suse',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- selinux-policy.spec 9 Jan 2006 22:50:57 -0000 1.79
+++ selinux-policy.spec 10 Jan 2006 17:36:14 -0000 1.80
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.8
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -262,6 +262,9 @@
%endif
%changelog
+* Tue Jan 10 2006 Dan Walsh <dwalsh at redhat.com> 2.1.8-3
+- More Fixes for hal and readahead
+
* Mon Jan 9 2006 Dan Walsh <dwalsh at redhat.com> 2.1.8-2
- Fixes for hal and readahead
- Previous message (by thread): rpms/perl-File-MMagic/devel .cvsignore, 1.7, 1.8 perl-File-MMagic.spec, 1.11, 1.12 sources, 1.7, 1.8
- Next message (by thread): rpms/gpdf/FC-3 gpdf-2.8.2-CVE-2005-3193.CVE-2005-3624.patch, NONE, 1.1 gpdf.spec, 1.21, 1.22 gpdf-2.8.2-CVE-2005-3193.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list