rpms/selinux-policy/devel policy-20060104.patch, 1.25, 1.26 selinux-policy.spec, 1.93, 1.94

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Sat Jan 28 04:50:23 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17344

Modified Files:
	policy-20060104.patch selinux-policy.spec 
Log Message:
* Thu Jan 26 2006 Dan Walsh <dwalsh at redhat.com> 2.2.7-1
- Update to upstream


policy-20060104.patch:
 admin/usermanage.te    |    3 +++
 kernel/filesystem.if   |   20 ++++++++++----------
 kernel/filesystem.te   |    1 +
 kernel/mls.te          |    3 ++-
 services/automount.te  |    1 +
 services/hal.te        |    1 +
 services/irqbalance.te |    2 ++
 services/xdm.fc        |    4 ++++
 8 files changed, 24 insertions(+), 11 deletions(-)

Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policy-20060104.patch	27 Jan 2006 07:06:17 -0000	1.25
+++ policy-20060104.patch	28 Jan 2006 04:50:20 -0000	1.26
@@ -1,40 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.7/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-01-13 09:48:26.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/admin/rpm.fc	2006-01-27 01:40:13.000000000 -0500
-@@ -16,6 +16,8 @@
- /usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
- /usr/sbin/up2date		--	gen_context(system_u:object_r:rpm_exec_t,s0)
- /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-+/usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
-+/usr/sbin/pirut			--	gen_context(system_u:object_r:rpm_exec_t,s0)
- ')
- 
- /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.2.7/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if	2006-01-04 17:28:52.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/admin/rpm.if	2006-01-27 01:40:13.000000000 -0500
-@@ -71,6 +71,7 @@
- 	rpm_domtrans($1)
- 	role $2 types rpm_t;
- 	role $2 types rpm_script_t;
-+	seutil_run_loadpol(rpm_script_t,$2,$3)
- 	allow rpm_t $3:chr_file rw_term_perms;
- ')
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.7/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te	2006-01-17 17:08:52.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/admin/rpm.te	2006-01-27 01:40:13.000000000 -0500
-@@ -288,6 +288,7 @@
- 
- term_getattr_unallocated_ttys(rpm_script_t)
- term_list_ptys(rpm_script_t)
-+term_use_all_terms(rpm_script_t)
- 
- auth_dontaudit_getattr_shadow(rpm_script_t)
- # ideally we would not need this
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.7/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.8/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-01-19 10:00:40.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/admin/usermanage.te	2006-01-27 02:02:29.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/admin/usermanage.te	2006-01-27 23:48:28.000000000 -0500
 @@ -328,6 +328,9 @@
  
  miscfiles_read_localization(passwd_t)
@@ -45,264 +11,165 @@
  seutil_dontaudit_search_config(passwd_t)
  
  userdom_use_unpriv_users_fd(passwd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.7/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te	2006-01-19 18:02:04.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/apps/mono.te	2006-01-27 01:40:13.000000000 -0500
-@@ -18,7 +18,7 @@
- #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.8/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-01-27 21:35:04.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/kernel/filesystem.if	2006-01-27 23:48:28.000000000 -0500
+@@ -154,7 +154,7 @@
+ 		class filesystem unmount;
+ 	')
  
- ifdef(`targeted_policy',`
--	allow mono_t self:process execheap;
-+	allow mono_t self:process { execheap execmem };
- 	unconfined_domain_template(mono_t)
- 	role system_r types mono_t;
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.7/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc	2006-01-25 15:58:58.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/kernel/files.fc	2006-01-27 01:40:13.000000000 -0500
-@@ -126,6 +126,11 @@
- /mnt/[^/]*/.*			<<none>>
+-	allow $1 fs_t:filesystem mount;
++	allow $1 fs_t:filesystem unmount;
+ ')
  
- #
-+# /net
-+#
-+/net			-d	gen_context(system_u:object_r:mnt_t,s0)
-+
-+#
- # /opt
- #
- /opt(/.*)?			gen_context(system_u:object_r:usr_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.7/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2006-01-25 15:58:59.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/kernel/files.if	2006-01-27 01:40:13.000000000 -0500
-@@ -321,7 +321,7 @@
- 		attribute file_type, security_file_type;
+ ########################################
+@@ -320,7 +320,7 @@
+ 		class filesystem unmount;
  	')
  
--	dontaudit $1 { file_type -security_file_type }:dir r_dir_perms;
-+	allow $1 { file_type -security_file_type }:dir r_dir_perms;
+-	allow $1 autofs_t:filesystem mount;
++	allow $1 autofs_t:filesystem unmount;
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.7/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-01-25 15:58:59.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/kernel/filesystem.if	2006-01-27 01:40:13.000000000 -0500
-@@ -2855,3 +2855,22 @@
- 	# and its files.
- 	allow $1 filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
- ')
-+
-+
-+########################################
-+## <summary>
-+##	Search inotifyfs_t filesystem 
-+## </summary>
-+## <param name="domain">
-+##	The type of the domain performing this action.
-+## </param>
-+#
-+interface(`fs_search_inotifyfs',`
-+	gen_require(`
-+		type inotifyfs_t;
-+		class dir search_dir_perms;
-+	')
-+
-+	allow $1 inotifyfs_t:dir search_dir_perms;
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.7/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te	2006-01-17 17:08:52.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/kernel/mls.te	2006-01-27 01:40:13.000000000 -0500
-@@ -86,7 +86,8 @@
- ')
+@@ -912,7 +912,7 @@
+ 		class filesystem unmount;
+ 	')
  
- ifdef(`enable_mls',`
--# run init with maximum MLS range
- range_transition kernel_t init_exec_t s0 - s15:c0.c255;
-+range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
- range_transition initrc_t auditd_exec_t s15:c0.c255;
-+range_transition sysadm_t rpm_exec_t s0 - s15:c0.c255;
+-	allow $1 dosfs_t:filesystem mount;
++	allow $1 dosfs_t:filesystem unmount;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.2.7/policy/modules/kernel/storage.fc
---- nsaserefpolicy/policy/modules/kernel/storage.fc	2006-01-09 11:32:53.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/kernel/storage.fc	2006-01-27 01:40:13.000000000 -0500
-@@ -12,6 +12,7 @@
- /dev/cm20.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
- /dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
- /dev/dm-[0-9]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
-+/dev/xvd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
- /dev/fd[^/]+		-b	gen_context(system_u:object_r:removable_device_t,s0)
- /dev/flash[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c255)
- /dev/gscd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.7/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te	2006-01-17 17:08:53.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/services/cups.te	2006-01-27 01:40:13.000000000 -0500
-@@ -148,6 +148,7 @@
- fs_search_auto_mountpoints(cupsd_t)
- 
- term_dontaudit_use_console(cupsd_t)
-+term_write_unallocated_ttys(cupsd_t)
- 
- auth_domtrans_chk_passwd(cupsd_t)
- auth_dontaudit_read_pam_pid(cupsd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.7/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2006-01-19 10:00:41.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/services/hal.te	2006-01-27 01:40:13.000000000 -0500
-@@ -116,6 +116,8 @@
- init_use_fd(hald_t)
- init_use_script_pty(hald_t)
- init_domtrans_script(hald_t)
-+init_write_initctl(hald_t)
-+init_read_utmp(hald_t)
- 
- libs_use_ld_so(hald_t)
- libs_use_shared_libs(hald_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.7/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te	2006-01-25 15:59:01.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/locallogin.te	2006-01-27 01:40:13.000000000 -0500
-@@ -27,6 +27,8 @@
- domain_subj_id_change_exempt(sulogin_t)
- domain_role_change_exempt(sulogin_t)
- domain_wide_inherit_fd(sulogin_t)
-+fs_use_tmpfs_chr_dev(sulogin_t)
-+
- init_domain(sulogin_t,sulogin_exec_t)
- init_system_domain(sulogin_t,sulogin_exec_t)
- role system_r types sulogin_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.2.7/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te	2006-01-13 17:06:08.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/modutils.te	2006-01-27 01:40:13.000000000 -0500
-@@ -113,6 +113,8 @@
  
- miscfiles_read_localization(insmod_t)
+ ########################################
+@@ -1037,7 +1037,7 @@
+ 		class filesystem unmount;
+ 	')
  
-+seutil_read_file_contexts(insmod_t)
-+
- if( ! secure_mode_insmod ) {
- 	kernel_userland_entry(insmod_t,insmod_exec_t)
- }
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.7/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-01-19 10:00:41.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/selinuxutil.te	2006-01-27 01:40:13.000000000 -0500
-@@ -414,7 +414,7 @@
- 	allow run_init_t self:process setexec;
- 	allow run_init_t self:capability setuid;
- 	allow run_init_t self:fifo_file rw_file_perms;
--	allow run_init_t self:netlink_audit_socket { create bind write nlmsg_read read };
-+	allow run_init_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
- 
- 	# often the administrator runs such programs from a directory that is owned
- 	# by a different user or has restrictive SE permissions, do not want to audit
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.7/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te	2006-01-19 10:00:41.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/udev.te	2006-01-27 01:40:13.000000000 -0500
-@@ -90,6 +90,7 @@
- dev_delete_generic_file(udev_t)
- 
- fs_getattr_all_fs(udev_t)
-+fs_search_inotifyfs(udev_t)
- 
- selinux_get_fs_mount(udev_t)
- selinux_validate_context(udev_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.7/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if	2006-01-20 10:02:33.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/unconfined.if	2006-01-27 01:40:13.000000000 -0500
-@@ -54,8 +54,13 @@
- 	tunable_policy(`allow_execmem && allow_execstack',`
- 		# Allow making the stack executable via mprotect.
- 		allow $1 self:process execstack;
-+	', `
-+		# These are fairly common but seem to be harmless
-+		# caused by using shared libraries built with old tool chains
-+		dontaudit $1 self:process execstack;
+-	allow $1 iso9660_t:filesystem mount;
++	allow $1 iso9660_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -1108,7 +1108,7 @@
+ 		class filesystem unmount;
  	')
  
-+
- 	optional_policy(`authlogin',`
- 		auth_unconfined($1)
+-	allow $1 nfs_t:filesystem mount;
++	allow $1 nfs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -1696,7 +1696,7 @@
+ 		class filesystem unmount;
  	')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.7/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2006-01-26 16:54:28.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/userdomain.if	2006-01-27 01:40:13.000000000 -0500
-@@ -848,9 +848,6 @@
- 	fs_set_all_quotas($1_t)
- 	fs_exec_noxattr($1_t)
- 
--	selinux_set_enforce_mode($1_t)
--	selinux_set_boolean($1_t)
--	selinux_set_parameters($1_t)
- 	# Get security policy decisions:
- 	selinux_get_fs_mount($1_t)
- 	selinux_validate_context($1_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.7/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2006-01-26 16:54:28.000000000 -0500
-+++ serefpolicy-2.2.7/policy/modules/system/userdomain.te	2006-01-27 01:40:13.000000000 -0500
-@@ -154,10 +154,16 @@
- 
- 	corecmd_exec_shell(sysadm_t)
- 
--	mls_process_read_up(sysadm_t)
--
--	logging_read_audit_log(sysadm_t)
-+	ifdef(`enable_mls',`
-+		logging_read_audit_log(secadm_t)
-+		logging_domtrans_auditctl(secadm_t)
-+		mls_process_read_up(secadm_t)
-+	', `
-+		logging_domtrans_auditctl(sysadm_t)
-+		logging_read_audit_log(sysadm_t)
-+	')
- 
-+	mls_process_read_up(sysadm_t)
- 	ifdef(`direct_sysadm_daemon',`
- 		optional_policy(`init',`
- 			init_run_daemon(sysadm_t,sysadm_r,admin_terminal)
-@@ -168,6 +174,10 @@
- 		domain_ptrace_all_domains(sysadm_t)
+ 
+-	allow $1 nfsd_fs_t:filesystem mount;
++	allow $1 nfsd_fs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -1803,7 +1803,7 @@
+ 		class filesystem unmount;
  	')
  
-+	optional_policy(`dmesg',`
-+		dmesg_exec(sysadm_t)
-+	')
-+
- 	optional_policy(`amanda',`
- 		amanda_run_recover(sysadm_t,sysadm_r,admin_terminal)
+-	allow $1 ramfs_t:filesystem mount;
++	allow $1 ramfs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -1953,7 +1953,7 @@
+ 		class filesystem unmount;
  	')
-@@ -205,6 +215,9 @@
  
- 	optional_policy(`consoletype',`
- 		consoletype_exec(sysadm_t)
-+		ifdef(`enable_mls',`
-+			consoletype_exec(secadm_t)
-+		')
+-	allow $1 romfs_t:filesystem mount;
++	allow $1 romfs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -2024,7 +2024,7 @@
+ 		class filesystem unmount;
  	')
  
- 	optional_policy(`ddcprobe',`
-@@ -320,10 +333,24 @@
+-	allow $1 rpc_pipefs_t:filesystem mount;
++	allow $1 rpc_pipefs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+@@ -2094,7 +2094,7 @@
+ 		class filesystem unmount;
  	')
  
- 	optional_policy(`selinuxutil',`
--		seutil_run_checkpol(sysadm_t,sysadm_r,admin_terminal)
--		seutil_run_loadpol(sysadm_t,sysadm_r,admin_terminal)
-+		ifdef(`enable_mls',`
-+			seutil_manage_binary_pol(secadm_t)
-+			seutil_run_checkpol(secadm_t,secadm_r,admin_terminal)
-+			seutil_run_loadpol(secadm_t,secadm_r,admin_terminal)
-+			seutil_run_setfiles(secadm_t,secadm_r,admin_terminal)
-+			selinux_set_enforce_mode(secadm_t)
-+			selinux_set_boolean(secadm_t)
-+			selinux_set_parameters(secadm_t)
-+		', `
-+			seutil_manage_binary_pol(sysadm_t)
-+			seutil_run_checkpol(sysadm_t,sysadm_r,admin_terminal)
-+			seutil_run_loadpol(sysadm_t,sysadm_r,admin_terminal)
-+			seutil_run_setfiles(sysadm_t,sysadm_r,admin_terminal)
-+			selinux_set_enforce_mode(sysadm_t)
-+			selinux_set_boolean(sysadm_t)
-+			selinux_set_parameters(sysadm_t)
-+		')
- 		seutil_run_restorecon(sysadm_t,sysadm_r,admin_terminal)
--		seutil_run_setfiles(sysadm_t,sysadm_r,admin_terminal)
+-	allow $1 tmpfs_t:filesystem mount;
++	allow $1 tmpfs_t:filesystem unmount;
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.2.8/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te	2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/kernel/filesystem.te	2006-01-27 23:48:28.000000000 -0500
+@@ -134,6 +134,7 @@
+ #
+ type dosfs_t, noxattrfs;
+ fs_type(dosfs_t)
++fs_associate(dosfs_t)
+ genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
+ genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
+ genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.8/policy/modules/kernel/mls.te
+--- nsaserefpolicy/policy/modules/kernel/mls.te	2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/kernel/mls.te	2006-01-27 23:48:28.000000000 -0500
+@@ -86,7 +86,8 @@
+ ')
  
- 		ifdef(`targeted_policy',`',`
- 			seutil_run_runinit(sysadm_t,sysadm_r,admin_terminal)
+ ifdef(`enable_mls',`
+-# run init with maximum MLS range
+ range_transition kernel_t init_exec_t s0 - s15:c0.c255;
++range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
+ range_transition initrc_t auditd_exec_t s15:c0.c255;
++range_transition sysadm_t rpm_exec_t s0 - s15:c0.c255;
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.8/policy/modules/services/automount.te
+--- nsaserefpolicy/policy/modules/services/automount.te	2006-01-17 17:08:53.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/services/automount.te	2006-01-27 23:48:28.000000000 -0500
+@@ -64,6 +64,7 @@
+ kernel_list_proc(automount_t)
+ 
+ bootloader_getattr_boot_dir(automount_t)
++bootloader_search_boot(automount_t)
+ 
+ corecmd_exec_sbin(automount_t)
+ corecmd_exec_bin(automount_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.8/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te	2006-01-27 21:35:04.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/services/hal.te	2006-01-27 23:48:28.000000000 -0500
+@@ -51,6 +51,7 @@
+ kernel_write_proc_file(hald_t)
+ 
+ bootloader_getattr_boot_dir(hald_t)
++bootloader_search_boot(hald_t)
+ 
+ corecmd_exec_bin(hald_t)
+ corecmd_exec_sbin(hald_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-2.2.8/policy/modules/services/irqbalance.te
+--- nsaserefpolicy/policy/modules/services/irqbalance.te	2006-01-13 17:06:07.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/services/irqbalance.te	2006-01-27 23:48:28.000000000 -0500
+@@ -31,6 +31,8 @@
+ 
+ dev_read_sysfs(irqbalance_t)
+ 
++files_read_etc_runtime_files(irqbalance_t)
++
+ fs_getattr_all_fs(irqbalance_t)
+ fs_search_auto_mountpoints(irqbalance_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xdm.fc serefpolicy-2.2.8/policy/modules/services/xdm.fc
+--- nsaserefpolicy/policy/modules/services/xdm.fc	2006-01-20 10:02:32.000000000 -0500
++++ serefpolicy-2.2.8/policy/modules/services/xdm.fc	2006-01-27 23:49:40.000000000 -0500
+@@ -30,3 +30,7 @@
+ 
+ /var/run/xdm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)
+ /var/run/xdmctl(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)
++ifdef(`targeted_policy',`
++/usr/bin/rhgb		--	gen_context(system_u:object_r:xdm_exec_t,s0)
++')
++


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- selinux-policy.spec	27 Jan 2006 07:06:21 -0000	1.93
+++ selinux-policy.spec	28 Jan 2006 04:50:20 -0000	1.94
@@ -5,7 +5,7 @@
 %define CHECKPOLICYVER 1.28-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.2.7
+Version: 2.2.8
 Release: 1
 License: GPL
 Group: System Environment/Base

More information about the fedora-cvs-commits mailing list