rpms/selinux-policy/devel policy-20060104.patch, 1.23, 1.24 selinux-policy.spec, 1.91, 1.92
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jan 26 17:03:01 UTC 2006
- Previous message (by thread): rpms/kernel/devel linux-2.6-net-fix-iptables.patch, NONE, 1.1 linux-2.6-net-slab-corruption.patch, NONE, 1.1 kernel-2.6.spec, 1.1873, 1.1874
- Next message (by thread): rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.156, 1.157 policycoreutils.spec, 1.226, 1.227
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12752
Modified Files:
policy-20060104.patch selinux-policy.spec
Log Message:
* Thu Jan 26 2006 Dan Walsh <dwalsh at redhat.com> 2.2.6-2
- Add inotifyfs handling
policy-20060104.patch:
admin/rpm.fc | 2 ++
admin/rpm.te | 1 +
apps/mono.te | 2 +-
kernel/files.fc | 5 +++++
kernel/filesystem.if | 19 +++++++++++++++++++
kernel/mls.te | 3 ++-
kernel/storage.fc | 1 +
services/cups.te | 1 +
services/hal.te | 2 ++
system/locallogin.te | 2 ++
system/modutils.te | 2 ++
system/selinuxutil.te | 2 +-
system/udev.te | 1 +
system/unconfined.if | 5 +++++
system/userdomain.te | 4 ++++
15 files changed, 49 insertions(+), 3 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- policy-20060104.patch 26 Jan 2006 15:50:24 -0000 1.23
+++ policy-20060104.patch 26 Jan 2006 17:02:32 -0000 1.24
@@ -1,17 +1,15 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.6/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-01-13 09:48:26.000000000 -0500
-+++ serefpolicy-2.2.6/policy/modules/admin/rpm.fc 2006-01-26 10:41:32.000000000 -0500
-@@ -16,7 +16,9 @@
++++ serefpolicy-2.2.6/policy/modules/admin/rpm.fc 2006-01-26 12:02:06.000000000 -0500
+@@ -16,6 +16,8 @@
/usr/bin/fedora-rmdevelrpms -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/up2date -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
--')
+/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/pirut -- gen_context(system_u:object_r:rpm_exec_t,s0)
-+- ')')
+ ')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.6/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-01-17 17:08:52.000000000 -0500
+++ serefpolicy-2.2.6/policy/modules/admin/rpm.te 2006-01-25 16:16:28.000000000 -0500
@@ -50,6 +48,32 @@
# /opt
#
/opt(/.*)? gen_context(system_u:object_r:usr_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.6/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-25 15:58:59.000000000 -0500
++++ serefpolicy-2.2.6/policy/modules/kernel/filesystem.if 2006-01-26 11:15:19.000000000 -0500
+@@ -2855,3 +2855,22 @@
+ # and its files.
+ allow $1 filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
+ ')
++
++
++########################################
++## <summary>
++## Search inotifyfs_t filesystem
++## </summary>
++## <param name="domain">
++## The type of the domain performing this action.
++## </param>
++#
++interface(`fs_search_inotifyfs',`
++ gen_require(`
++ type inotifyfs_t;
++ class dir search_dir_perms;
++ ')
++
++ allow $1 inotifyfs_t:dir search_dir_perms;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.6/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-01-17 17:08:52.000000000 -0500
+++ serefpolicy-2.2.6/policy/modules/kernel/mls.te 2006-01-26 10:45:47.000000000 -0500
@@ -97,6 +121,18 @@
libs_use_ld_so(hald_t)
libs_use_shared_libs(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.6/policy/modules/system/locallogin.te
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-01-25 15:59:01.000000000 -0500
++++ serefpolicy-2.2.6/policy/modules/system/locallogin.te 2006-01-26 11:16:59.000000000 -0500
+@@ -27,6 +27,8 @@
+ domain_subj_id_change_exempt(sulogin_t)
+ domain_role_change_exempt(sulogin_t)
+ domain_wide_inherit_fd(sulogin_t)
++fs_use_tmpfs_chr_dev(sulogin_t)
++
+ init_domain(sulogin_t,sulogin_exec_t)
+ init_system_domain(sulogin_t,sulogin_exec_t)
+ role system_r types sulogin_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.2.6/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2006-01-13 17:06:08.000000000 -0500
+++ serefpolicy-2.2.6/policy/modules/system/modutils.te 2006-01-25 16:16:28.000000000 -0500
@@ -121,6 +157,17 @@
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.6/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te 2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.6/policy/modules/system/udev.te 2006-01-26 11:14:22.000000000 -0500
+@@ -90,6 +90,7 @@
+ dev_delete_generic_file(udev_t)
+
+ fs_getattr_all_fs(udev_t)
++fs_search_inotifyfs(udev_t)
+
+ selinux_get_fs_mount(udev_t)
+ selinux_validate_context(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.6/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-01-20 10:02:33.000000000 -0500
+++ serefpolicy-2.2.6/policy/modules/system/unconfined.if 2006-01-25 16:16:28.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- selinux-policy.spec 26 Jan 2006 15:47:02 -0000 1.91
+++ selinux-policy.spec 26 Jan 2006 17:02:46 -0000 1.92
@@ -6,7 +6,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.6
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -263,6 +263,9 @@
%fileList strict
%changelog
+* Thu Jan 26 2006 Dan Walsh <dwalsh at redhat.com> 2.2.6-2
+- Add inotifyfs handling
+
* Thu Jan 26 2006 Dan Walsh <dwalsh at redhat.com> 2.2.6-1
- Update to upstream
- Put back in changes for pup/zen
- Previous message (by thread): rpms/kernel/devel linux-2.6-net-fix-iptables.patch, NONE, 1.1 linux-2.6-net-slab-corruption.patch, NONE, 1.1 kernel-2.6.spec, 1.1873, 1.1874
- Next message (by thread): rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.156, 1.157 policycoreutils.spec, 1.226, 1.227
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list