rpms/selinux-policy/devel .cvsignore, 1.25, 1.26 policy-20060104.patch, 1.15, 1.16 selinux-policy.spec, 1.86, 1.87 sources, 1.27, 1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 17 22:47:15 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23560
Modified Files:
.cvsignore policy-20060104.patch selinux-policy.spec sources
Log Message:
* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.13-1
- Update to upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- .cvsignore 17 Jan 2006 19:40:15 -0000 1.25
+++ .cvsignore 17 Jan 2006 22:47:11 -0000 1.26
@@ -26,3 +26,4 @@
serefpolicy-2.1.10.tgz
serefpolicy-2.1.11.tgz
serefpolicy-2.1.12.tgz
+serefpolicy-2.1.13.tgz
policy-20060104.patch:
Changelog | 1 -
Makefile | 2 +-
policy/modules/apps/wine.fc | 2 ++
policy/modules/apps/wine.if | 23 +++++++++++++++++++++++
policy/modules/apps/wine.te | 27 +++++++++++++++++++++++++++
policy/modules/kernel/files.if | 4 ++--
policy/modules/kernel/kernel.if | 1 +
policy/modules/services/dovecot.te | 1 +
policy/modules/services/fetchmail.te | 6 ++++++
policy/modules/services/hal.te | 4 ++++
policy/modules/services/procmail.te | 2 +-
policy/modules/services/rpc.te | 1 +
policy/modules/system/selinuxutil.te | 1 +
policy/users | 8 +++++---
14 files changed, 75 insertions(+), 8 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- policy-20060104.patch 17 Jan 2006 20:02:54 -0000 1.15
+++ policy-20060104.patch 17 Jan 2006 22:47:11 -0000 1.16
@@ -1,6 +1,14 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.12/Makefile
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-2.1.13/Changelog
+--- nsaserefpolicy/Changelog 2006-01-17 17:08:50.000000000 -0500
++++ serefpolicy-2.1.13/Changelog 2006-01-17 17:43:28.000000000 -0500
+@@ -1,4 +1,3 @@
+-* Tue Jan 17 2006 Chris PeBenito <selinux at tresys.com> - 20060117
+ - Adds support for generating corenetwork interfaces based on attributes
+ in addition to types.
+ - Permits the listing of multiple nodes in a network_node() that will be
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.13/Makefile
--- nsaserefpolicy/Makefile 2006-01-13 09:48:25.000000000 -0500
-+++ serefpolicy-2.1.12/Makefile 2006-01-17 14:23:22.000000000 -0500
++++ serefpolicy-2.1.13/Makefile 2006-01-17 17:43:28.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -10,15 +18,15 @@
override CHECKPOLICY += -M
override CHECKMODULE += -M
endif
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.12/policy/modules/apps/wine.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.1.13/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/apps/wine.fc 2006-01-17 14:23:22.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/apps/wine.fc 2006-01-17 17:43:28.000000000 -0500
@@ -0,0 +1,2 @@
+/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.12/policy/modules/apps/wine.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-2.1.13/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/apps/wine.if 2006-01-17 14:23:22.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/apps/wine.if 2006-01-17 17:43:28.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>Load keyboard mappings.</summary>
+
@@ -43,9 +51,9 @@
+ allow wine_t $1:fifo_file rw_file_perms;
+ allow wine_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.12/policy/modules/apps/wine.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.1.13/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/apps/wine.te 2006-01-17 14:23:22.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/apps/wine.te 2006-01-17 17:43:28.000000000 -0500
@@ -0,0 +1,27 @@
+policy_module(wine,1.0.0)
+
@@ -74,9 +82,25 @@
+ allow wine_t file_type:file execmod;
+
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.1.12/policy/modules/kernel/kernel.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.1.13/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-01-13 17:06:04.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/kernel/files.if 2006-01-17 17:46:02.000000000 -0500
+@@ -2135,10 +2135,10 @@
+ interface(`files_search_tmp',`
+ gen_require(`
+ type tmp_t;
+- class dir search;
++ class dir search_dir_perms;
+ ')
+
+- allow $1 tmp_t:dir search;
++ allow $1 tmp_t:dir search_dir_perms;
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.1.13/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-01-13 17:06:04.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/kernel/kernel.if 2006-01-17 14:27:12.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/kernel/kernel.if 2006-01-17 17:45:26.000000000 -0500
@@ -1666,6 +1666,7 @@
typeattribute $1 kern_unconfined;
@@ -85,9 +109,9 @@
')
################################################################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.12/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te 2006-01-13 17:06:05.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/services/dovecot.te 2006-01-17 14:23:22.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.13/policy/modules/services/dovecot.te
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-01-17 17:08:53.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/services/dovecot.te 2006-01-17 17:43:28.000000000 -0500
@@ -95,6 +95,7 @@
files_read_etc_files(dovecot_t)
files_search_spool(dovecot_t)
@@ -96,9 +120,48 @@
files_dontaudit_list_default(dovecot_t)
init_use_fd(dovecot_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.12/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2006-01-17 13:22:13.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/services/hal.te 2006-01-17 14:23:22.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-2.1.13/policy/modules/services/fetchmail.te
+--- nsaserefpolicy/policy/modules/services/fetchmail.te 2006-01-13 17:06:05.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/services/fetchmail.te 2006-01-17 17:44:58.000000000 -0500
+@@ -29,6 +29,7 @@
+ allow fetchmail_t self:unix_stream_socket create_stream_socket_perms;
+ allow fetchmail_t self:tcp_socket create_socket_perms;
+ allow fetchmail_t self:udp_socket create_socket_perms;
++allow fetchmail_t self:netlink_route_socket r_netlink_socket_perms;
+
+ allow fetchmail_t fetchmail_etc_t:file r_file_perms;
+
+@@ -41,6 +42,7 @@
+
+ kernel_read_kernel_sysctl(fetchmail_t)
+ kernel_list_proc(fetchmail_t)
++kernel_getattr_proc_files(fetchmail_t)
+ kernel_read_proc_symlinks(fetchmail_t)
+
+ corenet_non_ipsec_sendrecv(fetchmail_t)
+@@ -59,8 +61,11 @@
+ corenet_tcp_connect_all_ports(fetchmail_t)
+
+ dev_read_sysfs(fetchmail_t)
++dev_read_rand(fetchmail_t)
++dev_read_urand(fetchmail_t)
+
+ files_read_etc_files(fetchmail_t)
++files_read_etc_runtime_files(fetchmail_t)
+
+ fs_getattr_all_fs(fetchmail_t)
+ fs_search_auto_mountpoints(fetchmail_t)
+@@ -78,6 +83,7 @@
+ logging_send_syslog_msg(fetchmail_t)
+
+ miscfiles_read_localization(fetchmail_t)
++miscfiles_read_certs(fetchmail_t)
+
+ sysnet_read_config(fetchmail_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.13/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te 2006-01-17 17:08:53.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/services/hal.te 2006-01-17 17:45:44.000000000 -0500
@@ -48,8 +48,11 @@
kernel_read_network_state(hald_t)
kernel_read_kernel_sysctl(hald_t)
@@ -111,9 +174,29 @@
bootloader_getattr_boot_dir(hald_t)
corecmd_exec_bin(hald_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.1.12/policy/modules/services/rpc.te
+@@ -139,6 +142,7 @@
+ term_dontaudit_use_unallocated_tty(hald_t)
+ term_dontaudit_use_generic_pty(hald_t)
+ files_dontaudit_read_root_file(hald_t)
++ files_dontaudit_getattr_home_dir(hald_t)
+ ')
+
+ optional_policy(`apm',`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.1.13/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te 2005-12-09 23:35:06.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/services/procmail.te 2006-01-17 17:43:28.000000000 -0500
+@@ -99,7 +99,7 @@
+
+ optional_policy(`spamassassin',`
+ corenet_udp_bind_generic_port(procmail_t)
+-
++ corenet_tcp_connect_spamd_port(procmail_t)
+ files_getattr_tmp_dir(procmail_t)
+
+ spamassassin_exec(procmail_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.1.13/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-01-13 17:06:07.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/services/rpc.te 2006-01-17 14:57:16.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/services/rpc.te 2006-01-17 17:43:28.000000000 -0500
@@ -48,6 +48,7 @@
kernel_search_network_state(rpcd_t)
# for rpc.rquotad
@@ -122,9 +205,9 @@
corenet_udp_bind_generic_port(rpcd_t)
corenet_udp_bind_reserved_port(rpcd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.12/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-01-17 13:22:14.000000000 -0500
-+++ serefpolicy-2.1.12/policy/modules/system/selinuxutil.te 2006-01-17 14:23:22.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.13/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-01-17 17:08:57.000000000 -0500
++++ serefpolicy-2.1.13/policy/modules/system/selinuxutil.te 2006-01-17 17:43:28.000000000 -0500
@@ -415,6 +415,7 @@
allow run_init_t self:capability setuid;
allow run_init_t self:fifo_file rw_file_perms;
@@ -133,9 +216,9 @@
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.12/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.13/policy/users
--- nsaserefpolicy/policy/users 2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.12/policy/users 2006-01-17 14:23:22.000000000 -0500
++++ serefpolicy-2.1.13/policy/users 2006-01-17 17:43:28.000000000 -0500
@@ -26,7 +26,9 @@
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- selinux-policy.spec 17 Jan 2006 20:02:54 -0000 1.86
+++ selinux-policy.spec 17 Jan 2006 22:47:12 -0000 1.87
@@ -6,8 +6,8 @@
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.1.12
-Release: 2
+Version: 2.1.13
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -262,7 +262,11 @@
%endif
%changelog
-* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.12-2
+* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.13-1
+- Update to upstream
+
+* Tue Jan 17 2006 Dan Walsh <dwalsh at redhat.com> 2.1.12-3
+- Fix for procmail/spamassasin
- Update to upstream
- Add rules to allow rpcd to work with unlabeled_networks.
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- sources 17 Jan 2006 19:40:15 -0000 1.27
+++ sources 17 Jan 2006 22:47:12 -0000 1.28
@@ -1 +1 @@
-77f907adaeff94135c3d410cd26dcb8f serefpolicy-2.1.12.tgz
+a745ed3d3ffc029e59bf246eb1e60d1f serefpolicy-2.1.13.tgz
More information about the fedora-cvs-commits
mailing list