rpms/selinux-policy/devel modules-targeted.conf, 1.16, 1.17 policy-20060207.patch, 1.36, 1.37 selinux-policy.spec, 1.137, 1.138
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Mar 6 21:33:54 UTC 2006
- Previous message (by thread): rpms/bluez-utils/devel bluez-utils.spec, 1.35, 1.36 dund.init, 1.2, 1.3 hidd.init, 1.3, 1.4 pand.init, 1.2, 1.3
- Next message (by thread): rpms/cman-kernel/devel cman-kernel.spec,1.144,1.145
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6398
Modified Files:
modules-targeted.conf policy-20060207.patch
selinux-policy.spec
Log Message:
* Mon Mar 6 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-4
- Fixes for cups
- Make cryptosetup work with hal
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- modules-targeted.conf 4 Mar 2006 14:49:35 -0000 1.16
+++ modules-targeted.conf 6 Mar 2006 21:33:51 -0000 1.17
@@ -858,7 +858,7 @@
#
# Policy for logical volume management programs.
#
-lvm = off
+lvm = base
# Layer: system
# Module: sysnetwork
policy-20060207.patch:
Rules.modular | 2 +-
policy/modules/admin/readahead.te | 2 +-
policy/modules/admin/su.fc | 1 +
policy/modules/admin/su.if | 6 +++---
policy/modules/admin/vbetool.te | 5 +++++
policy/modules/kernel/corenetwork.te.in | 2 +-
policy/modules/kernel/devices.if | 2 +-
policy/modules/kernel/files.fc | 2 +-
policy/modules/kernel/files.if | 20 ++++++++++++++++++--
policy/modules/kernel/kernel.if | 2 +-
policy/modules/services/apache.fc | 2 ++
policy/modules/services/apache.if | 5 +++++
policy/modules/services/bluetooth.te | 11 ++++++-----
policy/modules/services/cron.te | 3 +++
policy/modules/services/cups.fc | 2 +-
policy/modules/services/cups.if | 22 ++++++++++++++++++++++
policy/modules/services/cups.te | 7 +++++--
policy/modules/services/cvs.te | 2 +-
policy/modules/services/hal.if | 21 +++++++++++++++++++++
policy/modules/services/hal.te | 6 ++++++
policy/modules/services/ktalk.fc | 1 +
policy/modules/services/ktalk.te | 6 ++++++
policy/modules/services/nscd.if | 2 +-
policy/modules/services/samba.te | 2 +-
policy/modules/system/init.te | 5 +++++
policy/modules/system/libraries.fc | 2 ++
policy/modules/system/locallogin.te | 1 +
policy/modules/system/lvm.fc | 1 +
policy/modules/system/selinuxutil.fc | 6 +++---
policy/modules/system/selinuxutil.te | 4 ++++
policy/modules/system/udev.te | 2 +-
support/Makefile.devel | 5 +----
32 files changed, 132 insertions(+), 30 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- policy-20060207.patch 6 Mar 2006 02:00:43 -0000 1.36
+++ policy-20060207.patch 6 Mar 2006 21:33:51 -0000 1.37
@@ -176,7 +176,7 @@
gen_tunable(allow_httpd_$1_script_anon_write,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.23/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-06 09:54:40.000000000 -0500
@@ -115,6 +115,7 @@
corecmd_exec_shell(bluetooth_t)
@@ -193,16 +193,25 @@
allow bluetooth_helper_t bluetooth_t:socket { read write };
-@@ -214,6 +216,9 @@
- ifdef(`xserver.te', `
- allow bluetooth_helper_t xserver_log_t:dir search;
- allow bluetooth_helper_t xserver_log_t:file { getattr read };
-+ optional_policy(`xserver', `
-+ xserver_stream_connect_xdm(bluetooth_helper_t)
-+ ');
+@@ -208,14 +210,13 @@
+ nscd_socket_use(bluetooth_helper_t)
')
++optional_policy(`xserver', `
++ xserver_stream_connect_xdm(bluetooth_helper_t)
++');
++
+ ifdef(`TODO',`
+ allow bluetooth_helper_t tmp_t:dir search;
+
+-ifdef(`xserver.te', `
+- allow bluetooth_helper_t xserver_log_t:dir search;
+- allow bluetooth_helper_t xserver_log_t:file { getattr read };
+-')
+-
ifdef(`strict_policy',`
+ ifdef(`xdm.te',`
+ allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.23/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-03-04 00:06:35.000000000 -0500
+++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-04 23:47:48.000000000 -0500
@@ -228,9 +237,38 @@
/var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.23/policy/modules/services/cups.if
+--- nsaserefpolicy/policy/modules/services/cups.if 2006-02-23 09:25:09.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.if 2006-03-06 12:24:44.000000000 -0500
+@@ -226,3 +226,25 @@
+ allow cupsd_t $1:tcp_socket { acceptfrom recvfrom };
+ kernel_tcp_recvfrom($1)
+ ')
++
++########################################
++## <summary>
++## Connect to cupsd over an unix domain stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`cups_stream_connect',`
++ gen_require(`
++ type cupsd_t, cupsd_var_run_t;
++ ')
++
++ files_search_pids($1)
++ allow $1 cupsd_var_run_t:dir search;
++ allow $1 cupsd_var_run_t:sock_file write;
++ allow $1 cupsd_t:unix_stream_socket connectto;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.23/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-06 12:24:35.000000000 -0500
@@ -77,7 +77,7 @@
dontaudit cupsd_t self:capability { sys_tty_config net_admin };
allow cupsd_t self:process { setsched signal_perms };
@@ -256,7 +294,15 @@
kernel_read_all_sysctls(cupsd_t)
kernel_tcp_recvfrom(cupsd_t)
-@@ -649,7 +651,7 @@
+@@ -382,6 +384,7 @@
+ allow hplip_t self:rawip_socket create_socket_perms;
+
+ allow hplip_t cupsd_etc_t:dir search;
++cups_stream_connect(hplip_t)
+
+ allow hplip_t hplip_etc_t:file r_file_perms;
+ allow hplip_t hplip_etc_t:dir r_dir_perms;
+@@ -649,7 +652,7 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(cupsd_config_t)
@@ -307,7 +353,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.23/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/hal.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/hal.te 2006-03-06 14:50:05.000000000 -0500
@@ -48,6 +48,7 @@
kernel_read_network_state(hald_t)
kernel_read_kernel_sysctls(hald_t)
@@ -324,10 +370,39 @@
term_dontaudit_use_unallocated_ttys(hald_t)
term_dontaudit_use_generic_ptys(hald_t)
files_dontaudit_read_root_files(hald_t)
+@@ -195,6 +197,10 @@
+ hotplug_read_config(hald_t)
+ ')
+
++optional_policy(`lvm', `
++ lvm_domtrans(hald_t)
++')
++
+ optional_policy(`mount',`
+ mount_domtrans(hald_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.fc serefpolicy-2.2.23/policy/modules/services/ktalk.fc
+--- nsaserefpolicy/policy/modules/services/ktalk.fc 2006-02-20 14:07:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/ktalk.fc 2006-03-06 11:04:32.000000000 -0500
+@@ -1,3 +1,4 @@
+
+ /usr/bin/in.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
+ /usr/bin/ktalkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
++/var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.2.23/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-04 23:47:48.000000000 -0500
-@@ -68,6 +68,8 @@
++++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-06 11:06:04.000000000 -0500
+@@ -14,6 +14,9 @@
+ type ktalkd_tmp_t;
+ files_tmp_file(ktalkd_tmp_t)
+
++type ktalkd_log_t;
++logging_log_file(ktalkd_log_t)
++
+ type ktalkd_var_run_t;
+ files_pid_file(ktalkd_var_run_t)
+
+@@ -68,9 +71,12 @@
files_read_etc_files(ktalkd_t)
@@ -336,6 +411,10 @@
libs_use_ld_so(ktalkd_t)
libs_use_shared_libs(ktalkd_t)
logging_send_syslog_msg(ktalkd_t)
++logging_log_filetrans(ktalkd_t,ktalkd_log_t,file)
+
+ miscfiles_read_localization(ktalkd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.23/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-02-10 21:34:14.000000000 -0500
+++ serefpolicy-2.2.23/policy/modules/services/nscd.if 2006-03-04 23:47:48.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -r1.137 -r1.138
--- selinux-policy.spec 6 Mar 2006 02:00:43 -0000 1.137
+++ selinux-policy.spec 6 Mar 2006 21:33:51 -0000 1.138
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.23
-Release: 3
+Release: 4
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -296,6 +296,10 @@
%fileList strict
%changelog
+* Mon Mar 6 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-4
+- Fixes for cups
+- Make cryptosetup work with hal
+
* Sun Mar 5 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-3
- Load Policy needs translock
- Previous message (by thread): rpms/bluez-utils/devel bluez-utils.spec, 1.35, 1.36 dund.init, 1.2, 1.3 hidd.init, 1.3, 1.4 pand.init, 1.2, 1.3
- Next message (by thread): rpms/cman-kernel/devel cman-kernel.spec,1.144,1.145
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list