rpms/selinux-policy/devel .cvsignore, 1.32, 1.33 modules-mls.conf, 1.10, 1.11 modules-strict.conf, 1.1, 1.2 modules-targeted.conf, 1.13, 1.14 policy-20060104.patch, 1.27, 1.28 selinux-policy.spec, 1.96, 1.97 sources, 1.36, 1.37
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 31 00:35:34 UTC 2006
- Previous message (by thread): rpms/policycoreutils/devel .cvsignore, 1.98, 1.99 policycoreutils-rhat.patch, 1.158, 1.159 policycoreutils.spec, 1.228, 1.229 sources, 1.102, 1.103
- Next message (by thread): rpms/perl/devel perl-5.8.8-bz178343.patch,NONE,1.1.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15216
Modified Files:
.cvsignore modules-mls.conf modules-strict.conf
modules-targeted.conf policy-20060104.patch
selinux-policy.spec sources
Log Message:
* Fri Jan 27 2006 Dan Walsh <dwalsh at redhat.com> 2.2.8-2
- Update to upstream
- Fix rhgb, and other Xorg startups
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- .cvsignore 28 Jan 2006 04:52:34 -0000 1.32
+++ .cvsignore 31 Jan 2006 00:35:32 -0000 1.33
@@ -33,3 +33,4 @@
serefpolicy-2.2.6.tgz
serefpolicy-2.2.7.tgz
serefpolicy-2.2.8.tgz
+serefpolicy-2.2.9.tgz
Index: modules-mls.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- modules-mls.conf 24 Jan 2006 21:47:16 -0000 1.10
+++ modules-mls.conf 31 Jan 2006 00:35:32 -0000 1.11
@@ -558,11 +558,11 @@
rdisc = base
# Layer: services
-# Module: xdm
+# Module: xserver
#
# X windows login display manager
#
-xdm = off
+xserver = off
# Layer: services
# Module: nscd
Index: modules-strict.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-strict.conf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- modules-strict.conf 24 Jan 2006 15:41:46 -0000 1.1
+++ modules-strict.conf 31 Jan 2006 00:35:32 -0000 1.2
@@ -707,11 +707,11 @@
rdisc = module
# Layer: services
-# Module: xdm
+# Module: xserver
#
# X windows login display manager
#
-xdm = module
+xserver = module
# Layer: services
# Module: nscd
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- modules-targeted.conf 24 Jan 2006 15:30:40 -0000 1.13
+++ modules-targeted.conf 31 Jan 2006 00:35:32 -0000 1.14
@@ -580,11 +580,11 @@
rdisc = base
# Layer: services
-# Module: xdm
+# Module: xserver
#
# X windows login display manager
#
-xdm = base
+xserver = base
# Layer: services
# Module: nscd
policy-20060104.patch:
admin/usermanage.te | 3 +++
kernel/filesystem.if | 20 ++++++++++----------
kernel/filesystem.te | 1 +
kernel/mls.te | 3 ++-
services/apache.fc | 2 ++
services/apache.te | 1 +
services/automount.te | 1 +
services/hal.te | 1 +
services/irqbalance.te | 3 +++
services/networkmanager.fc | 2 +-
services/networkmanager.te | 2 +-
services/procmail.te | 1 +
services/sendmail.if | 15 +++++++++++++++
services/xserver.fc | 9 ++++++---
services/xserver.if | 21 +++++++++++++++++++++
services/xserver.te | 9 +++++----
system/init.fc | 3 ++-
system/unconfined.te | 4 ++++
18 files changed, 80 insertions(+), 21 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20060104.patch 28 Jan 2006 05:39:52 -0000 1.27
+++ policy-20060104.patch 31 Jan 2006 00:35:32 -0000 1.28
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.8/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.9/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-01-19 10:00:40.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/admin/usermanage.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/admin/usermanage.te 2006-01-30 19:01:01.000000000 -0500
@@ -328,6 +328,9 @@
miscfiles_read_localization(passwd_t)
@@ -11,11 +11,11 @@
seutil_dontaudit_search_config(passwd_t)
userdom_use_unpriv_users_fd(passwd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.8/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-27 21:35:04.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/kernel/filesystem.if 2006-01-28 00:05:06.000000000 -0500
-@@ -154,7 +154,7 @@
- class filesystem unmount;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.9/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-01-30 18:40:35.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/kernel/filesystem.if 2006-01-30 19:01:01.000000000 -0500
+@@ -149,7 +149,7 @@
+ type fs_t;
')
- allow $1 fs_t:filesystem mount;
@@ -23,8 +23,8 @@
')
########################################
-@@ -320,7 +320,7 @@
- class filesystem unmount;
+@@ -307,7 +307,7 @@
+ type autofs_t;
')
- allow $1 autofs_t:filesystem mount;
@@ -32,8 +32,8 @@
')
########################################
-@@ -912,7 +912,7 @@
- class filesystem unmount;
+@@ -874,7 +874,7 @@
+ type dosfs_t;
')
- allow $1 dosfs_t:filesystem mount;
@@ -41,8 +41,8 @@
')
########################################
-@@ -1037,7 +1037,7 @@
- class filesystem unmount;
+@@ -994,7 +994,7 @@
+ type iso9660_t;
')
- allow $1 iso9660_t:filesystem mount;
@@ -50,8 +50,8 @@
')
########################################
-@@ -1108,7 +1108,7 @@
- class filesystem unmount;
+@@ -1061,7 +1061,7 @@
+ type nfs_t;
')
- allow $1 nfs_t:filesystem mount;
@@ -59,8 +59,8 @@
')
########################################
-@@ -1696,7 +1696,7 @@
- class filesystem unmount;
+@@ -1626,7 +1626,7 @@
+ type nfsd_fs_t;
')
- allow $1 nfsd_fs_t:filesystem mount;
@@ -68,8 +68,8 @@
')
########################################
-@@ -1803,7 +1803,7 @@
- class filesystem unmount;
+@@ -1727,7 +1727,7 @@
+ type ramfs_t;
')
- allow $1 ramfs_t:filesystem mount;
@@ -77,8 +77,8 @@
')
########################################
-@@ -1953,7 +1953,7 @@
- class filesystem unmount;
+@@ -1873,7 +1873,7 @@
+ type romfs_t;
')
- allow $1 romfs_t:filesystem mount;
@@ -86,8 +86,8 @@
')
########################################
-@@ -2024,7 +2024,7 @@
- class filesystem unmount;
+@@ -1940,7 +1940,7 @@
+ type rpc_pipefs_t;
')
- allow $1 rpc_pipefs_t:filesystem mount;
@@ -95,8 +95,8 @@
')
########################################
-@@ -2094,7 +2094,7 @@
- class filesystem unmount;
+@@ -2006,7 +2006,7 @@
+ type tmpfs_t;
')
- allow $1 tmpfs_t:filesystem mount;
@@ -104,9 +104,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.2.8/policy/modules/kernel/filesystem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.2.9/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-01-17 17:08:52.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/kernel/filesystem.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/kernel/filesystem.te 2006-01-30 19:01:01.000000000 -0500
@@ -134,6 +134,7 @@
#
type dosfs_t, noxattrfs;
@@ -115,9 +115,9 @@
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.8/policy/modules/kernel/mls.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.9/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-01-17 17:08:52.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/kernel/mls.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/kernel/mls.te 2006-01-30 19:01:01.000000000 -0500
@@ -86,7 +86,8 @@
')
@@ -128,9 +128,32 @@
range_transition initrc_t auditd_exec_t s15:c0.c255;
+range_transition sysadm_t rpm_exec_t s0 - s15:c0.c255;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.8/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.9/policy/modules/services/apache.fc
+--- nsaserefpolicy/policy/modules/services/apache.fc 2005-11-15 09:13:36.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/apache.fc 2006-01-30 19:01:01.000000000 -0500
+@@ -42,6 +42,8 @@
+ /var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
+ /var/cache/php-mmcache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
+ /var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
++/var/cache/mason(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
++/var/cache/rt3(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
+
+ /var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
+ /var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.2.9/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te 2006-01-17 17:08:52.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/apache.te 2006-01-30 19:01:01.000000000 -0500
+@@ -347,6 +347,7 @@
+
+ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
+ domain_auto_trans(httpd_t, httpdcontent, httpd_sys_script_t)
++ domain_auto_trans(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
+ allow httpd_t httpd_sys_script_t:fd use;
+ allow httpd_sys_script_t httpd_t:fd use;
+ allow httpd_sys_script_t httpd_t:fifo_file rw_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.9/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-01-17 17:08:53.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/services/automount.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/automount.te 2006-01-30 19:01:01.000000000 -0500
@@ -64,6 +64,7 @@
kernel_list_proc(automount_t)
@@ -139,9 +162,9 @@
corecmd_exec_sbin(automount_t)
corecmd_exec_bin(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.8/policy/modules/services/hal.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.9/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-01-27 21:35:04.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/services/hal.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/hal.te 2006-01-30 19:01:01.000000000 -0500
@@ -51,6 +51,7 @@
kernel_write_proc_file(hald_t)
@@ -150,34 +173,105 @@
corecmd_exec_bin(hald_t)
corecmd_exec_sbin(hald_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-2.2.8/policy/modules/services/irqbalance.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-2.2.9/policy/modules/services/irqbalance.te
--- nsaserefpolicy/policy/modules/services/irqbalance.te 2006-01-13 17:06:07.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/services/irqbalance.te 2006-01-28 00:05:06.000000000 -0500
-@@ -31,6 +31,8 @@
++++ serefpolicy-2.2.9/policy/modules/services/irqbalance.te 2006-01-30 19:01:01.000000000 -0500
+@@ -31,6 +31,9 @@
dev_read_sysfs(irqbalance_t)
++files_read_etc_files(irqbalance_t)
+files_read_etc_runtime_files(irqbalance_t)
+
fs_getattr_all_fs(irqbalance_t)
fs_search_auto_mountpoints(irqbalance_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xdm.fc serefpolicy-2.2.8/policy/modules/services/xdm.fc
---- nsaserefpolicy/policy/modules/services/xdm.fc 2006-01-20 10:02:32.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/services/xdm.fc 2006-01-28 00:28:26.000000000 -0500
-@@ -30,3 +30,7 @@
-
- /var/run/xdm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
- /var/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
-+ifdef(`targeted_policy',`
-+/usr/bin/Xorg -- gen_context(system_u:object_r:xdm_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.2.9/policy/modules/services/networkmanager.fc
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2005-11-14 18:24:07.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/networkmanager.fc 2006-01-30 19:01:01.000000000 -0500
+@@ -1,2 +1,2 @@
+
+-/usr/bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
++/usr/(s)?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.9/policy/modules/services/networkmanager.te
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-01-19 10:00:41.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/networkmanager.te 2006-01-30 19:01:01.000000000 -0500
+@@ -24,7 +24,7 @@
+ allow NetworkManager_t self:fifo_file rw_file_perms;
+ allow NetworkManager_t self:unix_dgram_socket create_socket_perms;
+ allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
+-allow NetworkManager_t self:netlink_route_socket r_netlink_socket_perms;
++allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
+ allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
+ allow NetworkManager_t self:udp_socket create_socket_perms;
+ allow NetworkManager_t self:packet_socket create_socket_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.9/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te 2006-01-25 15:59:00.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/procmail.te 2006-01-30 19:01:01.000000000 -0500
+@@ -96,6 +96,7 @@
+ optional_policy(`sendmail',`
+ mta_read_config(procmail_t)
+ sendmail_rw_tcp_socket(procmail_t)
++ sendmail_rw_unix_stream_socket(procmail_t)
+ ')
+
+ optional_policy(`spamassassin',`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-2.2.9/policy/modules/services/sendmail.if
+--- nsaserefpolicy/policy/modules/services/sendmail.if 2006-01-13 17:06:07.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/sendmail.if 2006-01-30 19:01:01.000000000 -0500
+@@ -52,6 +52,21 @@
+
+ allow $1 sendmail_t:tcp_socket { read write };
+ ')
++########################################
++## <summary>
++## Read and write sendmail unix_stream_sockets.
++## </summary>
++## <param name="domain">
++## Domain allowed access.
++## </param>
++#
++interface(`sendmail_rw_unix_stream_socket',`
++ gen_require(`
++ type sendmail_t;
++ ')
++
++ allow $1 sendmail_t:unix_stream_socket { read write };
+')
+
+ ########################################
+ ## <summary>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-2.2.9/policy/modules/services/xserver.fc
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2006-01-30 18:40:36.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/xserver.fc 2006-01-30 19:01:01.000000000 -0500
+@@ -55,16 +55,19 @@
+
+ /usr/X11R6/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+ /usr/X11R6/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
+-/usr/X11R6/bin/X -- gen_context(system_u:object_r:xserver_exec_t,s0)
++/usr/X11R6/bin/X -- gen_context(system_u:object_r:xserver_exec_t,s0)
+ /usr/X11R6/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
+ /usr/X11R6/bin/XFree86 -- gen_context(system_u:object_r:xserver_exec_t,s0)
+ /usr/X11R6/bin/Xipaq -- gen_context(system_u:object_r:xserver_exec_t,s0)
+ /usr/X11R6/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
+-/usr/X11R6/bin/Xwrapper -- gen_context(system_u:object_r:xserver_exec_t,s0)
+-
+ /usr/X11R6/lib/X11/xkb -d gen_context(system_u:object_r:xkb_var_lib_t,s0)
+ /usr/X11R6/lib/X11/xkb/.* -- gen_context(system_u:object_r:xkb_var_lib_t,s0)
+
++/usr/X11R6/bin/Xwrapper -- gen_context(system_u:object_r:xserver_exec_t,s0)
++/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
++/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
++/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xdm.if serefpolicy-2.2.8/policy/modules/services/xdm.if
---- nsaserefpolicy/policy/modules/services/xdm.if 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/services/xdm.if 2006-01-28 00:05:06.000000000 -0500
-@@ -1 +1,22 @@
- ## <summary>X windows login display manager</summary>
+ #
+ # /var
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.9/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2006-01-30 18:40:36.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/xserver.if 2006-01-30 19:02:46.000000000 -0500
+@@ -1,4 +1,25 @@
+ ## <summary>X Windows Server</summary>
+########################################
+## <summary>
+## Execute xdmd in the xdmd domain.
@@ -186,28 +280,70 @@
+## The type of the process performing this action.
+## </param>
+#
-+interface(`xdm_domtrans',`
++interface(`xserver_domtrans',`
+ gen_require(`
-+ type xdm_t, xdm_exec_t;
++ type xdm_xserver_t, xserver_exec_t;
+ ')
+
-+ domain_auto_trans($1,xdm_exec_t,xdm_t)
++ domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
+
-+ allow $1 xdm_t:fd use;
-+ allow xdm_t $1:fd use;
-+ allow xdm_t $1:fifo_file rw_file_perms;
-+ allow xdm_t $1:process sigchld;
++ allow $1 xdm_xserver_t:fd use;
++ allow xdm_xserver_t $1:fd use;
++ allow xdm_xserver_t $1:fifo_file rw_file_perms;
++ allow xdm_xserver_t $1:process sigchld;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.8/policy/modules/system/unconfined.te
+
+ template(`xserver_common_domain_template',`
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.2.9/policy/modules/services/xserver.te
+--- nsaserefpolicy/policy/modules/services/xserver.te 2006-01-30 18:40:36.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/services/xserver.te 2006-01-30 19:06:27.000000000 -0500
+@@ -57,10 +57,8 @@
+ type xserver_log_t;
+ logging_log_file(xserver_log_t)
+
+-ifdef(`strict_policy',`
+- xserver_common_domain_template(xdm)
+- init_system_domain(xdm_xserver_t,xserver_exec_t)
+-')
++xserver_common_domain_template(xdm)
++init_system_domain(xdm_xserver_t,xserver_exec_t)
+
+ optional_policy(`prelink',`
+ prelink_object_file(xkb_var_lib_t)
+@@ -302,6 +300,9 @@
+ allow xdm_t self:process { execheap execmem };
+ unconfined_domain_template(xdm_t)
+ unconfined_domtrans(xdm_t)
++ allow xdm_xserver_t self:process { execheap execmem };
++ unconfined_domain_template(xdm_xserver_t)
++ unconfined_domtrans(xdm_xserver_t)
+ ')
+
+ tunable_policy(`use_nfs_home_dirs',`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.2.9/policy/modules/system/init.fc
+--- nsaserefpolicy/policy/modules/system/init.fc 2006-01-16 22:19:19.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/init.fc 2006-01-30 19:01:01.000000000 -0500
+@@ -22,7 +22,8 @@
+ #
+ # /sbin
+ #
+-/sbin/init -- gen_context(system_u:object_r:init_exec_t,s0)
++/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
++
+
+ ifdef(`distro_gentoo', `
+ /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.9/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-01-27 21:35:05.000000000 -0500
-+++ serefpolicy-2.2.8/policy/modules/system/unconfined.te 2006-01-28 00:05:06.000000000 -0500
++++ serefpolicy-2.2.9/policy/modules/system/unconfined.te 2006-01-30 19:01:01.000000000 -0500
@@ -148,4 +148,8 @@
optional_policy(`wine',`
wine_domtrans(unconfined_t)
')
+
-+ optional_policy(`xdm',`
-+ xdm_domtrans(unconfined_t)
++ optional_policy(`xserver',`
++ xserver_domtrans(unconfined_t)
+ ')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- selinux-policy.spec 28 Jan 2006 05:39:52 -0000 1.96
+++ selinux-policy.spec 31 Jan 2006 00:35:32 -0000 1.97
@@ -5,8 +5,8 @@
%define CHECKPOLICYVER 1.28-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.8
-Release: 2
+Version: 2.2.9
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- sources 28 Jan 2006 04:52:34 -0000 1.36
+++ sources 31 Jan 2006 00:35:32 -0000 1.37
@@ -1 +1 @@
-96d857cdcb3f6ae275fc9aff59e5ed46 serefpolicy-2.2.8.tgz
+a795741d83a3bc84cc508236316ff80b serefpolicy-2.2.9.tgz
- Previous message (by thread): rpms/policycoreutils/devel .cvsignore, 1.98, 1.99 policycoreutils-rhat.patch, 1.158, 1.159 policycoreutils.spec, 1.228, 1.229 sources, 1.102, 1.103
- Next message (by thread): rpms/perl/devel perl-5.8.8-bz178343.patch,NONE,1.1.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list