rpms/selinux-policy/devel modules-mls.conf, 1.9, 1.10 policy-20060104.patch, 1.19, 1.20 selinux-policy.spec, 1.89, 1.90 sources, 1.31, 1.32
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 24 21:47:19 UTC 2006
- Previous message (by thread): rpms/rhpxl/devel .cvsignore, 1.14, 1.15 rhpxl.spec, 1.16, 1.17 sources, 1.16, 1.17
- Next message (by thread): rpms/pirut/devel .cvsignore, 1.5, 1.6 pirut.spec, 1.6, 1.7 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11357
Modified Files:
modules-mls.conf policy-20060104.patch selinux-policy.spec
sources
Log Message:
* Mon Jan 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.4-1
- Many changes for MLS
- Turn on strict policy
Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- modules-mls.conf 17 Jan 2006 03:55:13 -0000 1.9
+++ modules-mls.conf 24 Jan 2006 21:47:16 -0000 1.10
@@ -220,6 +220,13 @@
firstboot = base
# Layer: admin
+# Module: certwatch
+#
+# Digital Certificate Tracking
+#
+certwatch = base
+
+# Layer: admin
# Module: tmpreaper
#
# Manage temporary directory sizes and file ages
policy-20060104.patch:
modules/admin/alsa.te | 1 +
modules/admin/kudzu.te | 1 +
modules/admin/prelink.fc | 1 +
modules/admin/prelink.te | 2 ++
modules/admin/readahead.te | 2 ++
modules/admin/tmpreaper.te | 4 ++++
modules/apps/slocate.te | 5 ++++-
modules/kernel/bootloader.te | 1 +
modules/kernel/files.if | 2 ++
modules/kernel/filesystem.if | 17 +++++++++++++++++
modules/services/automount.fc | 4 ++++
modules/services/cups.te | 1 +
modules/services/dbus.fc | 3 ++-
modules/services/procmail.te | 1 +
modules/services/xserver.if | 9 +++++++++
modules/system/authlogin.te | 4 ----
modules/system/fstools.te | 1 +
modules/system/locallogin.te | 12 ++++++++----
modules/system/logging.te | 12 +++++-------
modules/system/lvm.te | 1 +
modules/system/modutils.te | 2 ++
modules/system/mount.te | 1 +
modules/system/userdomain.if | 3 ++-
modules/system/userdomain.te | 6 ++++++
users | 9 +++------
25 files changed, 81 insertions(+), 24 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- policy-20060104.patch 24 Jan 2006 15:30:40 -0000 1.19
+++ policy-20060104.patch 24 Jan 2006 21:47:16 -0000 1.20
@@ -1,27 +1,207 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.4/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-20 10:02:32.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/kernel/filesystem.if 2006-01-23 13:30:17.000000000 -0500
-@@ -2290,6 +2290,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.2.5/policy/modules/admin/alsa.te
+--- nsaserefpolicy/policy/modules/admin/alsa.te 2006-01-12 18:28:45.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/alsa.te 2006-01-24 13:48:54.000000000 -0500
+@@ -34,6 +34,7 @@
+ files_read_etc_files(alsa_t)
+
+ term_use_generic_pty(alsa_t)
++term_dontaudit_use_unallocated_tty(alsa_t)
+
+ libs_use_ld_so(alsa_t)
+ libs_use_shared_libs(alsa_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.2.5/policy/modules/admin/kudzu.te
+--- nsaserefpolicy/policy/modules/admin/kudzu.te 2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/kudzu.te 2006-01-24 13:54:24.000000000 -0500
+@@ -73,6 +73,7 @@
+ storage_read_tape_device(kudzu_t)
+ storage_raw_write_fixed_disk(kudzu_t)
+ storage_raw_read_fixed_disk(kudzu_t)
++storage_raw_read_removable_device(kudzu_t)
+
+ term_search_ptys(kudzu_t)
+ term_dontaudit_use_console(kudzu_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-2.2.5/policy/modules/admin/prelink.fc
+--- nsaserefpolicy/policy/modules/admin/prelink.fc 2006-01-11 18:41:32.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/prelink.fc 2006-01-24 12:45:29.000000000 -0500
+@@ -4,3 +4,4 @@
+ /usr/sbin/prelink(\.bin)? -- gen_context(system_u:object_r:prelink_exec_t,s0)
+
+ /var/log/prelink\.log -- gen_context(system_u:object_r:prelink_log_t,s0)
++/var/lib/misc/prelink\.* -- gen_context(system_u:object_r:prelink_cache_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.2.5/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-01-13 17:06:02.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/prelink.te 2006-01-24 12:47:49.000000000 -0500
+@@ -28,6 +28,7 @@
+
+ allow prelink_t prelink_cache_t:file manage_file_perms;
+ files_filetrans_etc(prelink_t, prelink_cache_t, file)
++files_filetrans_var_lib(prelink_t, prelink_cache_t, file)
+
+ allow prelink_t prelink_log_t:dir { setattr rw_dir_perms };
+ allow prelink_t prelink_log_t:file { create ra_file_perms };
+@@ -58,6 +59,7 @@
+ files_list_all(prelink_t)
+ files_getattr_all_files(prelink_t)
+ files_write_non_security_dir(prelink_t)
++files_read_etc_files(prelink_t)
+ files_read_etc_runtime_files(prelink_t)
+
+ fs_getattr_xattr_fs(prelink_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.5/policy/modules/admin/readahead.te
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/readahead.te 2006-01-24 13:55:57.000000000 -0500
+@@ -28,6 +28,7 @@
+ kernel_read_kernel_sysctl(readahead_t)
+ kernel_read_system_state(readahead_t)
+ kernel_getattr_core(readahead_t)
++kernel_getattr_core(readahead_t)
+
+ dev_read_sysfs(readahead_t)
+ dev_getattr_generic_chr_file(readahead_t)
+@@ -48,6 +49,7 @@
+ fs_getattr_all_pipes(readahead_t)
+ fs_getattr_all_files(readahead_t)
+ fs_search_ramfs(readahead_t)
++fs_read_tmpfs_symlinks(readahead_t)
+
+ term_dontaudit_use_console(readahead_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-2.2.5/policy/modules/admin/tmpreaper.te
+--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/admin/tmpreaper.te 2006-01-24 12:53:38.000000000 -0500
+@@ -44,6 +44,10 @@
+
+ cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
+
++optional_policy(`lpd',`
++ lpd_manage_spool(tmpreaper_t)
++')
++
+ ifdef(`TODO',`
+ allow tmpreaper_t { home_type file_t }:notdevfile_class_set { getattr unlink };
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.2.5/policy/modules/apps/slocate.te
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2006-01-16 13:55:42.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/apps/slocate.te 2006-01-24 13:16:12.000000000 -0500
+@@ -34,13 +34,16 @@
+
+ corecmd_exec_bin(locate_t)
+
++libs_use_shared_libs(locate_t)
++libs_use_ld_so(locate_t)
++
+ files_list_all(locate_t)
+ files_getattr_all_files(locate_t)
+ files_read_etc_runtime_files(locate_t)
+ files_read_etc_files(locate_t)
+
+ fs_getattr_xattr_fs(locate_t)
+-
++miscfiles_read_localization(locate_t)
+ optional_policy(`cron',`
+ cron_system_entry(locate_t, locate_exec_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/bootloader.te serefpolicy-2.2.5/policy/modules/kernel/bootloader.te
+--- nsaserefpolicy/policy/modules/kernel/bootloader.te 2006-01-19 10:00:40.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/kernel/bootloader.te 2006-01-24 12:28:24.000000000 -0500
+@@ -115,6 +115,7 @@
+ dev_read_raw_memory(bootloader_t)
+
+ fs_getattr_xattr_fs(bootloader_t)
++fs_read_tmpfs_symlinks(bootloader_t)
+
+ term_getattr_all_user_ttys(bootloader_t)
+ term_dontaudit_manage_pty_dir(bootloader_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.5/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-01-19 10:00:40.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/kernel/files.if 2006-01-24 12:48:54.000000000 -0500
+@@ -354,10 +354,12 @@
+ attribute file_type;
+ class dir search;
+ class file getattr;
++ class lnk_file getattr;
')
- fs_search_tmpfs($1)
-+ allow $1 tmpfs_t:lnk_file read;
- allow $1 tmpfs_t:file rw_file_perms;
+ allow $1 file_type:dir search;
+ allow $1 file_type:file getattr;
++ allow $1 file_type:lnk_file getattr;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-2.2.4/policy/modules/services/dbus.fc
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.5/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-20 10:02:32.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/kernel/filesystem.if 2006-01-24 13:39:15.000000000 -0500
+@@ -2295,6 +2295,23 @@
+
+ ########################################
+ ## <summary>
++## Read tmpfs link files.
++## </summary>
++## <param name="domain">
++## The type of the process performing this action.
++## </param>
++#
++interface(`fs_read_tmpfs_symlinks',`
++ gen_require(`
++ type tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ allow $1 tmpfs_t:lnk_file read;
++')
++
++########################################
++## <summary>
+ ## Read and write character nodes on tmpfs filesystems.
+ ## </summary>
+ ## <param name="domain">
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-2.2.5/policy/modules/services/automount.fc
+--- nsaserefpolicy/policy/modules/services/automount.fc 2005-12-09 16:09:22.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/services/automount.fc 2006-01-24 11:56:59.000000000 -0500
+@@ -14,3 +14,7 @@
+ #
+
+ /var/run/autofs(/.*)? gen_context(system_u:object_r:automount_var_run_t,s0)
++#
++# /misc
++#
++/misc -d gen_context(system_u:object_r:mnt_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.5/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2006-01-17 17:08:53.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/services/cups.te 2006-01-24 11:56:59.000000000 -0500
+@@ -148,6 +148,7 @@
+ fs_search_auto_mountpoints(cupsd_t)
+
+ term_dontaudit_use_console(cupsd_t)
++term_write_unallocated_ttys(cupsd_t)
+
+ auth_domtrans_chk_passwd(cupsd_t)
+ auth_dontaudit_read_pam_pid(cupsd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-2.2.5/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/services/dbus.fc 2006-01-23 13:30:17.000000000 -0500
-@@ -1,5 +1,5 @@
++++ serefpolicy-2.2.5/policy/modules/services/dbus.fc 2006-01-24 11:56:59.000000000 -0500
+@@ -1,5 +1,6 @@
/etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
--/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
-+/(usr/)?bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
-
++# Sorting does not work correctly if I combine these next two roles
+ /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
+-
++/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.4/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.5/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te 2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/services/procmail.te 2006-01-24 13:19:41.000000000 -0500
+@@ -66,6 +66,7 @@
+ userdom_priveleged_home_dir_manager(procmail_t)
+ # Do not audit attempts to access /root.
+ userdom_dontaudit_search_sysadm_home_dir(procmail_t)
++userdom_dontaudit_search_staff_home_dir(procmail_t)
+
+ mta_manage_spool(procmail_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.5/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-01-23 08:26:51.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/services/xserver.if 2006-01-23 13:50:16.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/services/xserver.if 2006-01-24 11:56:59.000000000 -0500
@@ -6,6 +6,9 @@
#
# Declarations
@@ -45,9 +225,52 @@
xserver_common_domain_template($1)
role $3 types $1_xserver_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.4/policy/modules/system/locallogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.5/policy/modules/system/authlogin.te
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/authlogin.te 2006-01-24 13:17:33.000000000 -0500
+@@ -221,10 +221,6 @@
+ files_dontaudit_read_root_file(pam_console_t)
+ ')
+
+-optional_policy(`alsa',`
+- alsa_domtrans(pam_console_t)
+-')
+-
+ optional_policy(`gpm',`
+ gpm_getattr_gpmctl(pam_console_t)
+ gpm_setattr_gpmctl(pam_console_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.5/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te 2006-01-17 17:08:56.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/fstools.te 2006-01-24 13:39:56.000000000 -0500
+@@ -81,6 +81,7 @@
+ # for /dev/shm
+ fs_search_tmpfs(fsadm_t)
+ fs_getattr_tmpfs_dir(fsadm_t)
++fs_read_tmpfs_symlinks(fsadm_t)
+
+ mls_file_write_down(fsadm_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.5/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-01-19 10:00:41.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/system/locallogin.te 2006-01-23 13:30:17.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/locallogin.te 2006-01-24 13:17:56.000000000 -0500
+@@ -210,13 +210,13 @@
+ usermanage_read_crack_db(local_login_t)
+ ')
+
++optional_policy(`alsa',`
++ alsa_domtrans(local_login_t)
++')
++
+ ifdef(`TODO',`
+ # Login can polyinstantiate
+ polyinstantiater(local_login_t)
+-
+-ifdef(`alsa.te', `
+-domain_auto_trans($1_login_t, alsa_exec_t, alsa_t)
+-')
+ ') dnl endif TODO
+
+ #################################
@@ -266,6 +266,10 @@
ifdef(`distro_suse', `define(`sulogin_no_pam')')
ifdef(`distro_debian', `define(`sulogin_no_pam')')
@@ -59,9 +282,9 @@
ifdef(`sulogin_no_pam', `
allow sulogin_t self:capability sys_tty_config;
init_get_process_group(sulogin_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.4/policy/modules/system/logging.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.5/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-01-19 10:00:41.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/system/logging.te 2006-01-23 13:30:17.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/logging.te 2006-01-24 11:56:59.000000000 -0500
@@ -98,10 +98,12 @@
audit_manager_domain(secadm_t)
@@ -97,9 +320,43 @@
fs_getattr_all_fs(syslogd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.4/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.2.5/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te 2006-01-17 17:08:57.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/lvm.te 2006-01-24 13:39:43.000000000 -0500
+@@ -198,6 +198,7 @@
+
+ fs_getattr_xattr_fs(lvm_t)
+ fs_search_auto_mountpoints(lvm_t)
++fs_read_tmpfs_symlinks(lvm_t)
+
+ storage_relabel_fixed_disk(lvm_t)
+ # LVM creates block devices in /dev/mapper or /dev/<vg>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.2.5/policy/modules/system/modutils.te
+--- nsaserefpolicy/policy/modules/system/modutils.te 2006-01-13 17:06:08.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/modutils.te 2006-01-24 13:41:16.000000000 -0500
+@@ -113,6 +113,8 @@
+
+ miscfiles_read_localization(insmod_t)
+
++seutil_read_file_contexts(insmod_t)
++
+ if( ! secure_mode_insmod ) {
+ kernel_userland_entry(insmod_t,insmod_exec_t)
+ }
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.5/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te 2006-01-17 17:08:57.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/mount.te 2006-01-24 12:28:29.000000000 -0500
+@@ -46,6 +46,7 @@
+ fs_relabelfrom_all_fs(mount_t)
+ fs_search_auto_mountpoints(mount_t)
+ fs_use_tmpfs_chr_dev(mount_t)
++fs_read_tmpfs_symlinks(mount_t)
+
+ term_use_all_terms(mount_t)
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.5/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-23 08:26:51.000000000 -0500
-+++ serefpolicy-2.2.4/policy/modules/system/userdomain.if 2006-01-23 13:30:17.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/userdomain.if 2006-01-24 13:20:21.000000000 -0500
@@ -219,7 +219,7 @@
corecmd_exec_sbin($1_t)
corecmd_exec_ls($1_t)
@@ -117,9 +374,32 @@
typeattribute $1_devpts_t user_ptynode;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.4/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.5/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-01-19 10:00:42.000000000 -0500
++++ serefpolicy-2.2.5/policy/modules/system/userdomain.te 2006-01-24 13:52:39.000000000 -0500
+@@ -145,6 +145,8 @@
+ allow sysadm_t user_home_dir_t:dir create_dir_perms;
+ files_filetrans_home(sysadm_t,user_home_dir_t)
+
++ corecmd_exec_shell(sysadm_t)
++
+ mls_process_read_up(sysadm_t)
+
+ logging_read_audit_log(sysadm_t)
+@@ -214,6 +216,10 @@
+ hostname_run(sysadm_t,sysadm_r,admin_terminal)
+ ')
+
++ optional_policy(`consoletype',`
++ consoletype_exec(sysadm_t)
++ ')
++
+ optional_policy(`ipsec',`
+ # allow system administrator to use the ipsec script to look
+ # at things (e.g., ipsec auto --status)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.5/policy/users
--- nsaserefpolicy/policy/users 2006-01-20 10:02:31.000000000 -0500
-+++ serefpolicy-2.2.4/policy/users 2006-01-23 13:34:09.000000000 -0500
++++ serefpolicy-2.2.5/policy/users 2006-01-24 11:56:59.000000000 -0500
@@ -27,7 +27,7 @@
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- selinux-policy.spec 24 Jan 2006 15:30:40 -0000 1.89
+++ selinux-policy.spec 24 Jan 2006 21:47:16 -0000 1.90
@@ -5,7 +5,7 @@
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.4
+Version: 2.2.5
Release: 1
License: GPL
Group: System Environment/Base
@@ -263,6 +263,10 @@
%fileList strict
%changelog
+* Mon Jan 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.4-1
+- Many changes for MLS
+- Turn on strict policy
+
* Mon Jan 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.4-1
- Update to upstream
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- sources 24 Jan 2006 15:39:53 -0000 1.31
+++ sources 24 Jan 2006 21:47:16 -0000 1.32
@@ -1 +0,0 @@
-f6f9da12a1dd7974c320e8cd31646470 serefpolicy-2.2.4.tgz
- Previous message (by thread): rpms/rhpxl/devel .cvsignore, 1.14, 1.15 rhpxl.spec, 1.16, 1.17 sources, 1.16, 1.17
- Next message (by thread): rpms/pirut/devel .cvsignore, 1.5, 1.6 pirut.spec, 1.6, 1.7 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list