rpms/selinux-policy/devel .cvsignore, 1.23, 1.24 modules-mls.conf, 1.8, 1.9 policy-20060104.patch, 1.12, 1.13 selinux-policy.spec, 1.83, 1.84 sources, 1.25, 1.26

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Jan 17 03:55:15 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6125

Modified Files:
	.cvsignore modules-mls.conf policy-20060104.patch 
	selinux-policy.spec sources 
Log Message:
* Sat Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 2.1.11-1
- Update to upstream
- Fix ftp Man page



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- .cvsignore	13 Jan 2006 22:32:06 -0000	1.23
+++ .cvsignore	17 Jan 2006 03:55:13 -0000	1.24
@@ -24,3 +24,4 @@
 serefpolicy-2.1.8.tgz
 serefpolicy-2.1.9.tgz
 serefpolicy-2.1.10.tgz
+serefpolicy-2.1.11.tgz


Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- modules-mls.conf	11 Jan 2006 22:25:06 -0000	1.8
+++ modules-mls.conf	17 Jan 2006 03:55:13 -0000	1.9
@@ -950,12 +950,12 @@
 # 
 prelink = base
 
-# Layer: services
-# Module: locate
+# Layer: apps
+# Module: slocate
 #
 # locate executable
 # 
-locate = base
+slocate = base
 
 # Layer: services
 # Module: logwatch

policy-20060104.patch:
 Makefile                             |    2 +-
 man/man8/ftpd_selinux.8              |    4 ++--
 policy/modules/admin/kudzu.te        |    1 +
 policy/modules/admin/readahead.te    |    2 ++
 policy/modules/apps/java.fc          |    2 ++
 policy/modules/apps/wine.fc          |    2 ++
 policy/modules/apps/wine.if          |   23 +++++++++++++++++++++++
 policy/modules/apps/wine.te          |   27 +++++++++++++++++++++++++++
 policy/modules/kernel/devices.if     |   16 ++++++++++++++++
 policy/modules/kernel/filesystem.if  |   20 ++++++++++++++++++++
 policy/modules/kernel/mls.te         |    2 ++
 policy/modules/services/apache.te    |    5 +++++
 policy/modules/services/apm.te       |    1 +
 policy/modules/services/automount.te |    1 +
 policy/modules/services/cron.te      |    2 +-
 policy/modules/services/cups.te      |    6 ++----
 policy/modules/services/dovecot.te   |    1 +
 policy/modules/services/hal.te       |   12 +++++++++++-
 policy/modules/services/mta.te       |    1 +
 policy/modules/services/sendmail.te  |    2 ++
 policy/modules/system/authlogin.if   |   13 +++++++++++++
 policy/modules/system/authlogin.te   |   12 ++++--------
 policy/modules/system/hostname.te    |   34 +++-------------------------------
 policy/modules/system/init.te        |    1 +
 policy/modules/system/libraries.fc   |    2 +-
 policy/modules/system/lvm.te         |    8 +-------
 policy/modules/system/mount.te       |    3 ++-
 policy/modules/system/selinuxutil.te |    3 +++
 policy/modules/system/unconfined.if  |    1 +
 policy/modules/system/userdomain.if  |    1 +
 policy/users                         |    8 +++++---
 31 files changed, 158 insertions(+), 60 deletions(-)

Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20060104.patch	14 Jan 2006 04:09:22 -0000	1.12
+++ policy-20060104.patch	17 Jan 2006 03:55:13 -0000	1.13
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.10/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.11/Makefile
 --- nsaserefpolicy/Makefile	2006-01-13 09:48:25.000000000 -0500
-+++ serefpolicy-2.1.10/Makefile	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/Makefile	2006-01-16 22:32:53.000000000 -0500
 @@ -92,7 +92,7 @@
  
  # enable MLS if requested.
@@ -10,9 +10,24 @@
  	override CHECKPOLICY += -M
  	override CHECKMODULE += -M
  endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.1.10/policy/modules/admin/kudzu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.1.11/man/man8/ftpd_selinux.8
+--- nsaserefpolicy/man/man8/ftpd_selinux.8	2006-01-06 17:55:17.000000000 -0500
++++ serefpolicy-2.1.11/man/man8/ftpd_selinux.8	2006-01-16 22:32:53.000000000 -0500
+@@ -16,9 +16,9 @@
+ .TP
+ chcon -t public_content_rw_t /var/ftp/incoming
+ .TP
+-You must also turn on the boolean allow_ftp_anon_write.
++You must also turn on the boolean allow_ftpd_anon_write.
+ .TP
+-setsebool -P allow_ftp_anon_write=1
++setsebool -P allow_ftpd_anon_write=1
+ .TP
+ If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
+ .TP
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.1.11/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2006-01-13 17:06:02.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/admin/kudzu.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/admin/kudzu.te	2006-01-16 22:32:53.000000000 -0500
 @@ -63,6 +63,7 @@
  fs_write_ramfs_socket(kudzu_t)
  
@@ -21,9 +36,9 @@
  
  modutils_read_mods_deps(kudzu_t)
  modutils_read_module_conf(kudzu_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.1.10/policy/modules/admin/readahead.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.1.11/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2006-01-13 17:06:02.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/admin/readahead.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/admin/readahead.te	2006-01-16 22:32:53.000000000 -0500
 @@ -35,6 +35,7 @@
  dev_getattr_all_chr_files(readahead_t)
  dev_getattr_all_blk_files(readahead_t)
@@ -40,24 +55,24 @@
  
  term_dontaudit_use_console(readahead_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.10/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.11/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-01-12 18:28:45.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/apps/java.fc	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/apps/java.fc	2006-01-16 22:32:53.000000000 -0500
 @@ -2,3 +2,5 @@
  # /usr
  #
  /usr(/.*)?/bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
 +/usr/bin/gij	--	gen_context(system_u:object_r:java_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.10/policy/modules/apps/wine.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.11/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/apps/wine.fc	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/apps/wine.fc	2006-01-16 22:32:53.000000000 -0500
 @@ -0,0 +1,2 @@
 +/usr/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.10/policy/modules/apps/wine.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.11/policy/modules/apps/wine.if
 --- nsaserefpolicy/policy/modules/apps/wine.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/apps/wine.if	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/apps/wine.if	2006-01-16 22:32:53.000000000 -0500
 @@ -0,0 +1,23 @@
 +## <summary>Load keyboard mappings.</summary>
 +
@@ -82,9 +97,9 @@
 +	allow wine_t $1:fifo_file rw_file_perms;
 +	allow wine_t $1:process sigchld;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.10/policy/modules/apps/wine.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.11/policy/modules/apps/wine.te
 --- nsaserefpolicy/policy/modules/apps/wine.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/apps/wine.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/apps/wine.te	2006-01-16 22:32:53.000000000 -0500
 @@ -0,0 +1,27 @@
 +policy_module(wine,1.0.0)
 +
@@ -113,9 +128,9 @@
 +	allow wine_t file_type:file execmod;
 +
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.1.10/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.1.11/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2006-01-13 17:06:03.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/kernel/devices.if	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/kernel/devices.if	2006-01-16 22:32:53.000000000 -0500
 @@ -2248,3 +2248,19 @@
  	typeattribute $1 memory_raw_write, memory_raw_read;
  ')
@@ -136,9 +151,39 @@
 +	dontaudit $1 memory_device_t:chr_file getattr;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.10/policy/modules/kernel/mls.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.1.11/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-01-13 17:06:04.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/kernel/filesystem.if	2006-01-16 22:32:53.000000000 -0500
+@@ -2282,6 +2282,26 @@
+ 
+ ########################################
+ ## <summary>
++##	dontaudit Read and write character nodes on tmpfs filesystems.
++## </summary>
++## <param name="domain">
++##	The type of the process performing this action.
++## </param>
++#
++interface(`fs_dontaudit_use_tmpfs_chr_dev',`
++	gen_require(`
++		type tmpfs_t;
++		class dir r_dir_perms; 
++		class chr_file rw_file_perms;
++	')
++
++	dontaudit $1 tmpfs_t:dir r_dir_perms;
++	dontaudit $1 tmpfs_t:chr_file rw_file_perms;
++')
++
++
++########################################
++## <summary>
+ ##	Relabel character nodes on tmpfs filesystems.
+ ## </summary>
+ ## <param name="domain">
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.11/policy/modules/kernel/mls.te
 --- nsaserefpolicy/policy/modules/kernel/mls.te	2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/kernel/mls.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/kernel/mls.te	2006-01-16 22:32:53.000000000 -0500
 @@ -82,9 +82,11 @@
  # these might be targeted_policy only
  range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
@@ -151,10 +196,10 @@
  range_transition kernel_t init_exec_t s0 - s15:c0.c255;
 +range_transition initrc_t auditd_exec_t s15:c0.c255;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.1.10/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/apache.te	2006-01-13 17:12:12.000000000 -0500
-@@ -689,3 +689,8 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.1.11/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/apache.te	2006-01-16 22:32:53.000000000 -0500
+@@ -693,3 +693,8 @@
  optional_policy(`nscd',`
  	nscd_use_socket(httpd_unconfined_script_t)
  ')
@@ -163,9 +208,9 @@
 +	cron_system_entry(httpd_t, httpd_exec_t)
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-2.1.10/policy/modules/services/apm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-2.1.11/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/apm.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/apm.te	2006-01-16 22:32:53.000000000 -0500
 @@ -196,6 +196,7 @@
  ')
  
@@ -174,9 +219,9 @@
  	cron_domtrans_anacron_system_job(apmd_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.1.10/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.1.11/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/automount.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/automount.te	2006-01-16 22:32:53.000000000 -0500
 @@ -108,6 +108,7 @@
  fs_manage_auto_mountpoints(automount_t)
  
@@ -185,35 +230,9 @@
  
  init_use_fd(automount_t)
  init_use_script_pty(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-2.1.10/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if	2006-01-13 09:48:26.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/bind.if	2006-01-13 23:04:39.000000000 -0500
-@@ -225,3 +225,22 @@
- 	allow $1 named_zone_t:file r_file_perms;
- ')
- 
-+########################################
-+## <summary>
-+##	Read BIND search for mount points
-+## </summary>
-+## <param name="domain">
-+##	Domain allowed access.
-+## </param>
-+#
-+interface(`bind_search_mounts',`
-+	gen_require(`
-+		type named_zone_t;
-+		type named_conf_t;
-+	')
-+
-+	files_search_var($1)
-+	allow $1 named_zone_t:dir search_dir_perms;
-+	allow $1 named_conf_t:dir  search_dir_perms;
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.1.10/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/cron.te	2006-01-13 17:12:12.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.1.11/policy/modules/services/cron.te
+--- nsaserefpolicy/policy/modules/services/cron.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/cron.te	2006-01-16 22:32:53.000000000 -0500
 @@ -120,7 +120,7 @@
  
  init_use_fd(crond_t)
@@ -223,9 +242,9 @@
  
  libs_use_ld_so(crond_t)
  libs_use_shared_libs(crond_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.1.10/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.1.11/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/cups.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/cups.te	2006-01-16 22:32:53.000000000 -0500
 @@ -201,8 +201,7 @@
  ')
  
@@ -246,9 +265,9 @@
  ')
  
  optional_policy(`dbus',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.10/policy/modules/services/dovecot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.11/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2006-01-13 17:06:05.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/dovecot.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/dovecot.te	2006-01-16 22:32:53.000000000 -0500
 @@ -95,6 +95,7 @@
  files_read_etc_files(dovecot_t)
  files_search_spool(dovecot_t)
@@ -257,9 +276,9 @@
  files_dontaudit_list_default(dovecot_t)
  
  init_use_fd(dovecot_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.10/policy/modules/services/hal.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.11/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-01-13 17:06:05.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/hal.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/hal.te	2006-01-16 22:39:09.000000000 -0500
 @@ -48,8 +48,13 @@
  kernel_read_network_state(hald_t)
  kernel_read_kernel_sysctl(hald_t)
@@ -298,78 +317,22 @@
  ')
 +
 +optional_policy(`bind',`
-+	bind_search_mounts(hald_t)
++	bind_search_cache(hald_t)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.fc serefpolicy-2.1.10/policy/modules/services/locate.fc
---- nsaserefpolicy/policy/modules/services/locate.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/locate.fc	2006-01-13 17:12:12.000000000 -0500
-@@ -0,0 +1,4 @@
-+# locate - file locater
-+/usr/bin/updatedb		--	gen_context(system_u:object_r:locate_exec_t, s0)
-+/var/lib/[sm]locate(/.*)?		gen_context(system_u:object_r:locate_var_lib_t,s0)
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.if serefpolicy-2.1.10/policy/modules/services/locate.if
---- nsaserefpolicy/policy/modules/services/locate.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/locate.if	2006-01-13 17:12:12.000000000 -0500
-@@ -0,0 +1 @@
-+## <summary>Update database for mlocate</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.te serefpolicy-2.1.10/policy/modules/services/locate.te
---- nsaserefpolicy/policy/modules/services/locate.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/locate.te	2006-01-13 17:12:12.000000000 -0500
-@@ -0,0 +1,50 @@
-+policy_module(locate,1.0.0)
-+
-+#DESC LOCATE - Security Enhanced version of the GNU Locate
-+#
-+# Author:  Dan Walsh <dwalsh at redhat.com>
-+#
-+
-+#################################
-+#
-+# Rules for the locate_t domain.
-+#
-+# locate_exec_t is the type of the locate executable.
-+#
-+type locate_t;
-+type locate_exec_t;
-+init_daemon_domain(locate_t,locate_exec_t)
-+
-+type locate_log_t;
-+logging_log_file(locate_log_t)
-+
-+type locate_var_lib_t;
-+files_type(locate_var_lib_t)
-+
-+allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
-+allow locate_t self:process { execheap execmem execstack };
-+allow locate_t self:fifo_file rw_file_perms;
-+allow locate_t self:file { getattr read };
-+allow locate_t self:unix_stream_socket create_socket_perms;
-+
-+allow locate_t locate_var_lib_t:dir create_dir_perms;
-+allow locate_t locate_var_lib_t:file create_file_perms;
-+
-+fs_getattr_xattr_fs(locate_t)
-+
-+files_list_all(locate_t)
-+files_getattr_all_files(locate_t)
-+
-+kernel_dontaudit_search_sysctl(locate_t)
-+kernel_read_system_state(locate_t)
-+
-+corecmd_exec_bin(locate_t)
-+
-+files_read_etc_runtime_files(locate_t)
-+files_read_etc_files(locate_t)
-+
-+optional_policy(`crond',`
-+	cron_system_entry(locate_t, locate_exec_t)
-+	allow system_crond_t locate_log_t:dir rw_dir_perms;
-+	allow system_crond_t locate_log_t:file { create append getattr };
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.1.10/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te	2006-01-13 17:06:07.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/services/sendmail.te	2006-01-13 17:12:12.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.1.11/policy/modules/services/mta.te
+--- nsaserefpolicy/policy/modules/services/mta.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/mta.te	2006-01-16 22:32:53.000000000 -0500
+@@ -46,6 +46,7 @@
+ 
+ allow system_mail_t etc_mail_t:dir { getattr search };
+ allow system_mail_t etc_mail_t:file r_file_perms;
++allow system_mail_t eventpollfs_t:file r_file_perms;
+ 
+ kernel_read_system_state(system_mail_t)
+ kernel_read_network_state(system_mail_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.1.11/policy/modules/services/sendmail.te
+--- nsaserefpolicy/policy/modules/services/sendmail.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/services/sendmail.te	2006-01-16 22:32:53.000000000 -0500
 @@ -17,6 +17,7 @@
  
  type sendmail_t;
@@ -386,9 +349,9 @@
  
  dev_read_urand(sendmail_t)
  dev_read_sysfs(sendmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.10/policy/modules/system/authlogin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.11/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/authlogin.if	2006-01-13 23:07:17.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/authlogin.if	2006-01-16 22:32:53.000000000 -0500
 @@ -1075,3 +1075,16 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
@@ -406,9 +369,9 @@
 +	allow $1 wtmp_t:file setattr;
 +	logging_search_logs($1)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.1.10/policy/modules/system/authlogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.1.11/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/authlogin.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/authlogin.te	2006-01-16 22:32:53.000000000 -0500
 @@ -129,14 +129,6 @@
  	nscd_use_socket(pam_t)
  ')
@@ -435,10 +398,18 @@
  ifdef(`targeted_policy', `
  	term_dontaudit_use_unallocated_tty(pam_console_t)
  	term_dontaudit_use_generic_pty(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.1.10/policy/modules/system/hostname.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.1.11/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/hostname.te	2006-01-13 17:12:12.000000000 -0500
-@@ -55,35 +55,6 @@
++++ serefpolicy-2.1.11/policy/modules/system/hostname.te	2006-01-16 22:32:53.000000000 -0500
+@@ -29,6 +29,7 @@
+ 
+ fs_getattr_xattr_fs(hostname_t)
+ fs_search_auto_mountpoints(hostname_t)
++fs_dontaudit_use_tmpfs_chr_dev(hostname_t)
+ 
+ term_dontaudit_use_console(hostname_t)
+ term_use_all_user_ttys(hostname_t)
+@@ -55,35 +56,6 @@
  sysnet_read_config(hostname_t)
  sysnet_dns_name_resolve(hostname_t)
  
@@ -447,13 +418,13 @@
 -ifdef(`distro_redhat', `
 -	fs_use_tmpfs_chr_dev(hostname_t)
 -')
- 
+-
 -ifdef(`targeted_policy', `
 -	term_dontaudit_use_unallocated_tty(hostname_t)
 -	term_dontaudit_use_generic_pty(hostname_t)
 -	files_dontaudit_read_root_file(hostname_t)
 -')
- 
+-
 -optional_policy(`firstboot',`
 -	firstboot_use_fd(hostname_t)
 -')
@@ -474,9 +445,11 @@
 -	udev_dontaudit_use_fd(hostname_t)
 -	udev_read_db(hostname_t)
 -')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.1.10/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/init.te	2006-01-13 17:12:12.000000000 -0500
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.1.11/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/init.te	2006-01-16 22:32:53.000000000 -0500
 @@ -298,6 +298,7 @@
  term_reset_tty_labels(initrc_t)
  
@@ -485,9 +458,21 @@
  auth_rw_lastlog(initrc_t)
  auth_read_pam_pid(initrc_t)
  auth_delete_pam_pid(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.1.10/policy/modules/system/lvm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.11/policy/modules/system/libraries.fc
+--- nsaserefpolicy/policy/modules/system/libraries.fc	2006-01-13 09:48:27.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/libraries.fc	2006-01-16 22:32:53.000000000 -0500
+@@ -158,7 +158,7 @@
+ 
+ # Flash plugin, Macromedia
+ HOME_DIR/.*/plugins/libflashplayer\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib(64)?/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Jai, Sun Microsystems (Jpackage SPRM)
+ /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.1.11/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/lvm.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/lvm.te	2006-01-16 22:32:53.000000000 -0500
 @@ -209,6 +209,7 @@
  storage_manage_fixed_disk(lvm_t)
  
@@ -507,9 +492,9 @@
 -
 -dontaudit lvm_t xconsole_device_t:fifo_file getattr;
 -') dnl end TODO
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.10/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.11/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/mount.te	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/mount.te	2006-01-16 22:32:53.000000000 -0500
 @@ -32,6 +32,7 @@
  
  dev_getattr_all_blk_files(mount_t)
@@ -527,10 +512,18 @@
  
  # required for mount.smbfs
  corecmd_exec_sbin(mount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.10/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-01-09 11:32:54.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/selinuxutil.te	2006-01-13 17:12:12.000000000 -0500
-@@ -414,6 +414,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.11/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/selinuxutil.te	2006-01-16 22:32:53.000000000 -0500
+@@ -316,6 +316,7 @@
+ #
+ 
+ allow restorecon_t self:capability { dac_override dac_read_search fowner };
++allow restorecon_t self:fifo_file rw_file_perms;
+ 
+ allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:dir r_dir_perms;
+ allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:file r_file_perms;
+@@ -414,6 +415,7 @@
  	allow run_init_t self:capability setuid;
  	allow run_init_t self:fifo_file rw_file_perms;
  	allow run_init_t self:netlink_audit_socket { create bind write nlmsg_read read };
@@ -538,9 +531,17 @@
  
  	# often the administrator runs such programs from a directory that is owned
  	# by a different user or has restrictive SE permissions, do not want to audit
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.1.10/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if	2005-12-13 15:51:50.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/unconfined.if	2006-01-13 17:12:12.000000000 -0500
+@@ -469,6 +471,7 @@
+ #
+ 
+ allow setfiles_t self:capability { dac_override dac_read_search fowner };
++allow setfiles_t self:fifo_file rw_file_perms;
+ 
+ allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:dir r_dir_perms;
+ allow setfiles_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:file r_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.1.11/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/unconfined.if	2006-01-16 22:32:53.000000000 -0500
 @@ -33,6 +33,7 @@
  	corenet_unconfined($1)
  	dev_unconfined($1)
@@ -549,9 +550,9 @@
  	files_unconfined($1)
  	fs_unconfined($1)
  	selinux_unconfined($1)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.10/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.1.10/policy/modules/system/userdomain.if	2006-01-13 17:12:12.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.11/policy/modules/system/userdomain.if
+--- nsaserefpolicy/policy/modules/system/userdomain.if	2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.1.11/policy/modules/system/userdomain.if	2006-01-16 22:32:53.000000000 -0500
 @@ -103,6 +103,7 @@
  	# execute files in the home directory
  	can_exec($1_t,$1_home_t)
@@ -560,9 +561,9 @@
  	# full control of the home directory
  	allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
  	allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.10/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.11/policy/users
 --- nsaserefpolicy/policy/users	2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.10/policy/users	2006-01-13 17:12:12.000000000 -0500
++++ serefpolicy-2.1.11/policy/users	2006-01-16 22:32:53.000000000 -0500
 @@ -26,7 +26,9 @@
  ifdef(`targeted_policy',`
  gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- selinux-policy.spec	13 Jan 2006 22:32:06 -0000	1.83
+++ selinux-policy.spec	17 Jan 2006 03:55:13 -0000	1.84
@@ -6,7 +6,7 @@
 %define CHECKPOLICYVER 1.28-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.1.10
+Version: 2.1.11
 Release: 1
 License: GPL
 Group: System Environment/Base
@@ -262,6 +262,10 @@
 %endif
 
 %changelog
+* Sat Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 2.1.11-1
+- Update to upstream
+- Fix ftp Man page
+
 * Fri Jan 13 2006 Dan Walsh <dwalsh at redhat.com> 2.1.10-1
 - Update to upstream
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- sources	13 Jan 2006 22:32:06 -0000	1.25
+++ sources	17 Jan 2006 03:55:13 -0000	1.26
@@ -1 +1 @@
-d221d682117dfbe36b8473ad008cd304  serefpolicy-2.1.10.tgz
+297377c6b7b728b7f2a91bbe9afab297  serefpolicy-2.1.11.tgz

More information about the fedora-cvs-commits mailing list