rpms/selinux-policy/devel modules-targeted.conf, 1.17, 1.18 policy-20060207.patch, 1.38, 1.39 selinux-policy.spec, 1.139, 1.140
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Mar 7 22:22:16 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8435
Modified Files:
modules-targeted.conf policy-20060207.patch
selinux-policy.spec
Log Message:
* Tue Mar 7 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-5
- Add Xen support
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- modules-targeted.conf 6 Mar 2006 21:33:51 -0000 1.17
+++ modules-targeted.conf 7 Mar 2006 22:22:14 -0000 1.18
@@ -988,6 +988,14 @@
ipsec = off
+# Layer: system
+# Module: xend
+#
+# TCP/IP encryption
+#
+xend = base
+
+
# Layer: apps
# Module: java
#
policy-20060207.patch:
Rules.modular | 2
policy/modules/admin/readahead.te | 2
policy/modules/admin/rpm.fc | 2
policy/modules/admin/su.fc | 1
policy/modules/admin/su.if | 6
policy/modules/admin/vbetool.te | 5
policy/modules/kernel/corenetwork.te.in | 3
policy/modules/kernel/devices.if | 20 +++
policy/modules/kernel/files.fc | 2
policy/modules/kernel/files.if | 20 ++-
policy/modules/kernel/kernel.if | 102 ++++++++++++++++
policy/modules/kernel/kernel.te | 3
policy/modules/services/apache.fc | 2
policy/modules/services/apache.if | 5
policy/modules/services/apm.fc | 2
policy/modules/services/bluetooth.te | 11 -
policy/modules/services/cron.te | 3
policy/modules/services/cups.fc | 2
policy/modules/services/cups.if | 22 +++
policy/modules/services/cups.te | 7 -
policy/modules/services/cvs.te | 2
policy/modules/services/hal.if | 41 ++++++
policy/modules/services/hal.te | 6
policy/modules/services/ktalk.fc | 1
policy/modules/services/ktalk.te | 6
policy/modules/services/nscd.if | 2
policy/modules/services/samba.te | 2
policy/modules/system/fstools.te | 1
policy/modules/system/init.te | 5
policy/modules/system/libraries.fc | 2
policy/modules/system/locallogin.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 4
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 2
policy/modules/system/xend.fc | 19 +++
policy/modules/system/xend.if | 71 +++++++++++
policy/modules/system/xend.te | 196 ++++++++++++++++++++++++++++++++
support/Makefile.devel | 5
41 files changed, 568 insertions(+), 32 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- policy-20060207.patch 6 Mar 2006 23:04:56 -0000 1.38
+++ policy-20060207.patch 7 Mar 2006 22:22:14 -0000 1.39
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.2.23/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-03-04 00:06:33.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/readahead.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/readahead.te 2006-03-07 13:42:37.000000000 -0500
@@ -18,7 +18,7 @@
# Local policy
#
@@ -10,9 +10,21 @@
allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.23/policy/modules/admin/rpm.fc
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-01-27 21:35:04.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/rpm.fc 2006-03-07 15:39:28.000000000 -0500
+@@ -25,7 +25,7 @@
+ /var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
+
+ /var/log/rpmpkgs.* -- gen_context(system_u:object_r:rpm_log_t,s0)
+-/var/log/yum\.log -- gen_context(system_u:object_r:rpm_log_t,s0)
++/var/log/yum\.log.* -- gen_context(system_u:object_r:rpm_log_t,s0)
+
+ # SuSE
+ ifdef(`distro_suse', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.23/policy/modules/admin/su.fc
--- nsaserefpolicy/policy/modules/admin/su.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/su.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/su.fc 2006-03-07 13:42:37.000000000 -0500
@@ -2,3 +2,4 @@
/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
@@ -20,7 +32,7 @@
+/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.2.23/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-03-04 00:06:33.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/su.if 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/su.if 2006-03-07 13:42:37.000000000 -0500
@@ -141,10 +141,10 @@
# By default, revert to the calling domain when a shell is executed.
@@ -37,7 +49,7 @@
kernel_read_kernel_sysctls($1_su_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.2.23/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-02-01 08:23:27.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/vbetool.te 2006-03-06 17:41:24.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/admin/vbetool.te 2006-03-07 13:42:37.000000000 -0500
@@ -15,6 +15,7 @@
# Local policy
#
@@ -56,7 +68,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-02-20 14:07:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in 2006-03-07 13:42:37.000000000 -0500
@@ -66,7 +66,7 @@
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
@@ -66,9 +78,17 @@
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,50000,s0, tcp,50002,s0)
network_port(i18n_input, tcp,9010,s0)
+@@ -126,6 +126,7 @@
+ network_port(uucpd, tcp,540,s0)
+ network_port(vnc, tcp,5900,s0)
+ network_port(xserver, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0, tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0, tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0, tcp,6017,s0, tcp,6018,s0, tcp,6019,s0)
++network_port(xen, tcp,8002,s0)
+ network_port(zebra, tcp,2601,s0)
+ network_port(zope, tcp,8021,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.23/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-23 09:25:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-07 16:50:04.000000000 -0500
@@ -2384,7 +2384,7 @@
')
@@ -78,9 +98,31 @@
')
########################################
+@@ -2732,3 +2732,21 @@
+ typeattribute $1 memory_raw_write, memory_raw_read;
+ ')
+
++########################################
++## <summary>
++## Dontaudit getattr on all device nodes.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`dev_dontaudit_getattr_all_device_nodes',`
++ gen_require(`
++ attribute device_node;
++ ')
++
++ dontaudit $1 device_node:dir_file_class_set getattr;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.23/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-03-04 00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/files.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/files.fc 2006-03-07 13:42:37.000000000 -0500
@@ -93,7 +93,7 @@
# HOME_ROOT
# expanded by genhomedircon
@@ -92,7 +134,7 @@
HOME_ROOT/lost\+found/.* <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.23/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-03-04 00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/files.if 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/files.if 2006-03-07 13:42:37.000000000 -0500
@@ -1648,6 +1648,21 @@
')
@@ -133,17 +175,16 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.23/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-03-04 00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/kernel.if 2006-03-06 16:54:38.000000000 -0500
-@@ -1023,7 +1023,7 @@
- ')
++++ serefpolicy-2.2.23/policy/modules/kernel/kernel.if 2006-03-07 14:00:35.000000000 -0500
+@@ -1044,6 +1044,7 @@
allow $1 proc_t:dir search;
-- allow $1 sysctl_t:dir r_dir_perms;
-+ allow $1 sysctl_t:dir rw_dir_perms;
- allow $1 sysctl_vm_t:file r_file_perms;
+ allow $1 sysctl_t:dir r_dir_perms;
++ allow $1 sysctl_vm_t:dir rw_dir_perms;
+ allow $1 sysctl_vm_t:file rw_file_perms;
')
-@@ -1328,7 +1328,7 @@
+@@ -1328,7 +1329,7 @@
allow $1 proc_t:dir search;
allow $1 sysctl_t:dir r_dir_perms;
@@ -152,9 +193,125 @@
allow $1 sysctl_kernel_t:file rw_file_perms;
')
+@@ -1946,3 +1947,102 @@
+
+ kernel_rw_all_sysctls($1)
+ ')
++
++
++
++########################################
++## <summary>
++## Do not audit attempts to search the xen
++## state directory.
++## </summary>
++## <param name="domain">
++## <summary>
++## The process type reading the state.
++## </summary>
++## </param>
++##
++#
++interface(`kernel_dontaudit_search_xen_state',`
++ gen_require(`
++ type proc_xen_t;
++ ')
++
++ dontaudit $1 proc_xen_t:dir search;
++')
++
++########################################
++## <summary>
++## Allow searching of xen state directory.
++## </summary>
++## <param name="domain">
++## <summary>
++## The process type reading the state.
++## </summary>
++## </param>
++##
++#
++interface(`kernel_search_xen_state',`
++ gen_require(`
++ type proc_xen_t;
++ ')
++
++ allow $1 proc_xen_t:dir search;
++')
++
++########################################
++## <summary>
++## Allow caller to read the xen state information.
++## </summary>
++## <param name="domain">
++## <summary>
++## The process type reading the state.
++## </summary>
++## </param>
++##
++#
++interface(`kernel_read_xen_state',`
++ gen_require(`
++ type proc_t, proc_xen_t;
++ ')
++
++ allow $1 proc_t:dir search;
++ allow $1 proc_xen_t:dir r_dir_perms;
++ allow $1 proc_xen_t:file r_file_perms;
++ allow $1 proc_xen_t:lnk_file { getattr read };
++')
++
++########################################
++## <summary>
++## Allow caller to read the xen state symbolic links.
++## </summary>
++## <param name="domain">
++## <summary>
++## The process type reading the state.
++## </summary>
++## </param>
++##
++#
++interface(`kernel_read_xen_state_symlinks',`
++ gen_require(`
++ type proc_t, proc_xen_t;
++ ')
++
++ allow $1 proc_t:dir search;
++ allow $1 proc_xen_t:dir r_dir_perms;
++ allow $1 proc_xen_t:lnk_file r_file_perms;
++')
++
++
++########################################
++#
++# kernel_rw_xen(domain)
++#
++interface(`kernel_write_xen_state',`
++ gen_require(`
++ type proc_t, proc_xen_t;
++ ')
++
++ allow $1 proc_t:dir search;
++ allow $1 proc_xen_t:dir r_dir_perms;
++ allow $1 proc_xen_t:file write;
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.2.23/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-02-07 10:43:26.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/kernel/kernel.te 2006-03-07 13:42:37.000000000 -0500
+@@ -75,6 +75,9 @@
+ type proc_net_t, proc_type;
+ genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
+
++type proc_xen_t, proc_type;
++genfscon proc /xen gen_context(system_u:object_r:proc_xen_t,s0)
++
+ #
+ # Sysctl types
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.2.23/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-27 17:17:23.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apache.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/apache.fc 2006-03-07 13:42:37.000000000 -0500
@@ -15,6 +15,7 @@
/etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0)
@@ -170,7 +327,7 @@
+/usr/share/selinux-policy([^/]*)?/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.23/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apache.if 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/apache.if 2006-03-07 13:42:37.000000000 -0500
@@ -12,6 +12,11 @@
## </param>
#
@@ -183,9 +340,21 @@
# allow write access to public file transfer
# services files.
gen_tunable(allow_httpd_$1_script_anon_write,false)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.fc serefpolicy-2.2.23/policy/modules/services/apm.fc
+--- nsaserefpolicy/policy/modules/services/apm.fc 2005-11-14 18:24:08.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/apm.fc 2006-03-07 15:38:20.000000000 -0500
+@@ -11,7 +11,7 @@
+ #
+ # /var
+ #
+-/var/log/acpid -- gen_context(system_u:object_r:apmd_log_t,s0)
++/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0)
+
+ /var/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
+ /var/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.23/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-06 09:54:40.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-07 13:42:37.000000000 -0500
@@ -115,6 +115,7 @@
corecmd_exec_shell(bluetooth_t)
@@ -223,7 +392,7 @@
allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.2.23/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-07 13:42:37.000000000 -0500
@@ -166,6 +166,9 @@
allow crond_t unconfined_t:dbus send_msg;
@@ -236,7 +405,7 @@
allow crond_t crond_tmp_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.2.23/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2005-11-14 18:24:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.fc 2006-03-07 13:42:37.000000000 -0500
@@ -43,7 +43,7 @@
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
/var/log/turboprint_cups\.log.* -- gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -248,7 +417,7 @@
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.2.23/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2006-02-23 09:25:09.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.if 2006-03-06 12:24:44.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.if 2006-03-07 13:42:37.000000000 -0500
@@ -226,3 +226,25 @@
allow cupsd_t $1:tcp_socket { acceptfrom recvfrom };
kernel_tcp_recvfrom($1)
@@ -277,7 +446,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.23/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-06 12:24:35.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-07 13:42:37.000000000 -0500
@@ -77,7 +77,7 @@
dontaudit cupsd_t self:capability { sys_tty_config net_admin };
allow cupsd_t self:process { setsched signal_perms };
@@ -322,7 +491,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.2.23/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-03-04 00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cvs.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/cvs.te 2006-03-07 13:42:37.000000000 -0500
@@ -11,7 +11,7 @@
inetd_tcp_service_domain(cvs_t,cvs_exec_t)
role system_r types cvs_t;
@@ -334,7 +503,7 @@
type cvs_tmp_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.2.23/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/hal.if 2006-03-06 17:40:22.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/hal.if 2006-03-07 13:42:37.000000000 -0500
@@ -100,3 +100,44 @@
allow $1 hald_t:dbus send_msg;
allow hald_t $1:dbus send_msg;
@@ -382,7 +551,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.23/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/hal.te 2006-03-06 14:50:05.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/hal.te 2006-03-07 13:42:37.000000000 -0500
@@ -48,6 +48,7 @@
kernel_read_network_state(hald_t)
kernel_read_kernel_sysctls(hald_t)
@@ -412,7 +581,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.fc serefpolicy-2.2.23/policy/modules/services/ktalk.fc
--- nsaserefpolicy/policy/modules/services/ktalk.fc 2006-02-20 14:07:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/ktalk.fc 2006-03-06 11:04:32.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/ktalk.fc 2006-03-07 13:42:37.000000000 -0500
@@ -1,3 +1,4 @@
/usr/bin/in.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
@@ -420,7 +589,7 @@
+/var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.2.23/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-06 11:06:04.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-07 13:42:37.000000000 -0500
@@ -14,6 +14,9 @@
type ktalkd_tmp_t;
files_tmp_file(ktalkd_tmp_t)
@@ -446,7 +615,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.23/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-02-10 21:34:14.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/nscd.if 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/nscd.if 2006-03-07 13:42:37.000000000 -0500
@@ -49,8 +49,8 @@
dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
@@ -459,7 +628,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.23/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-03-04 00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/samba.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/services/samba.te 2006-03-07 13:42:37.000000000 -0500
@@ -32,7 +32,7 @@
type samba_secrets_t;
files_type(samba_secrets_t)
@@ -469,9 +638,20 @@
files_config_file(samba_share_t)
type samba_var_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.23/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/fstools.te 2006-03-07 16:50:14.000000000 -0500
+@@ -73,6 +73,7 @@
+ dev_getattr_usbfs_dirs(fsadm_t)
+ # Access to /dev/mapper/control
+ dev_rw_lvm_control(fsadm_t)
++dev_dontaudit_getattr_all_device_nodes(fsadm_t)
+
+ fs_search_auto_mountpoints(fsadm_t)
+ fs_getattr_xattr_fs(fsadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.23/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/init.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/init.te 2006-03-07 13:42:37.000000000 -0500
@@ -349,6 +349,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
@@ -493,7 +673,7 @@
# this also would result in a type transition
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.23/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-02-20 14:07:38.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/libraries.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/libraries.fc 2006-03-07 13:42:37.000000000 -0500
@@ -65,6 +65,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -512,7 +692,7 @@
/usr/lib(64)?/.*/program/.*\.so.* gen_context(system_u:object_r:shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.2.23/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/locallogin.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/locallogin.te 2006-03-07 13:42:37.000000000 -0500
@@ -20,6 +20,7 @@
type local_login_tmp_t;
@@ -523,7 +703,7 @@
type sulogin_exec_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.2.23/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/lvm.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/lvm.fc 2006-03-07 13:42:37.000000000 -0500
@@ -25,6 +25,7 @@
# /sbin
#
@@ -532,9 +712,21 @@
/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.2.23/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/lvm.te 2006-03-07 17:10:36.000000000 -0500
+@@ -129,6 +129,8 @@
+
+ # DAC overrides and mknod for modifying /dev entries (vgmknodes)
+ allow lvm_t self:capability { dac_override ipc_lock sys_admin sys_nice mknod chown sys_resource };
++# Needed for dmraid
++allow lvm_t self:capability sys_rawio;
+ dontaudit lvm_t self:capability sys_tty_config;
+ allow lvm_t self:process { sigchld sigkill sigstop signull signal };
+ # LVM will complain a lot if it cannot set its priority.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-02-23 09:25:09.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc 2006-03-07 13:42:37.000000000 -0500
@@ -8,9 +8,9 @@
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
@@ -550,7 +742,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.2.23/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te 2006-03-05 20:56:17.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te 2006-03-07 13:42:37.000000000 -0500
@@ -192,6 +192,9 @@
selinux_load_policy(load_policy_t)
selinux_set_boolean(load_policy_t)
@@ -569,9 +761,22 @@
term_use_all_user_ttys(newrole_t)
term_use_all_user_ptys(newrole_t)
term_relabel_all_user_ttys(newrole_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.23/policy/modules/system/sysnetwork.te
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-03-04 00:06:37.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/sysnetwork.te 2006-03-07 15:47:26.000000000 -0500
+@@ -322,6 +322,9 @@
+ udev_dontaudit_rw_dgram_sockets(ifconfig_t)
+ ')
+ ')
++optional_policy(`xend',`
++ xend_append_log(ifconfig_t)
++')
+
+ ifdef(`targeted_policy',`
+ term_use_generic_ptys(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.2.23/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-03-04 00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/udev.te 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/udev.te 2006-03-07 13:42:37.000000000 -0500
@@ -39,7 +39,7 @@
# Local policy
#
@@ -581,9 +786,307 @@
dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow udev_t self:process { execmem setfscreate };
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xend.fc serefpolicy-2.2.23/policy/modules/system/xend.fc
+--- nsaserefpolicy/policy/modules/system/xend.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/xend.fc 2006-03-07 14:59:39.000000000 -0500
+@@ -0,0 +1,19 @@
++# xend executable will have:
++# label: system_u:object_r:xend_exec_t
++# MLS sensitivity: s0
++# MCS categories: <none>
++/usr/sbin/xend -- system_u:object_r:xend_exec_t:s0
++/usr/sbin/xenconsoled -- system_u:object_r:xenconsoled_exec_t:s0
++/usr/sbin/xenstored -- system_u:object_r:xenstored_exec_t:s0
++
++/var/log/xend\.log -- system_u:object_r:xend_var_log_t:s0
++/var/log/xend-debug\.log -- system_u:object_r:xend_var_log_t:s0
++/var/lib/xen(/.*)? system_u:object_r:xend_var_lib_t:s0
++/var/lib/xend(/.*)? system_u:object_r:xend_var_lib_t:s0
++/var/lib/xenstored(/.*)? system_u:object_r:xenstored_var_lib_t:s0
++/var/run/xenstored(/.*)? system_u:object_r:xenstored_var_run_t:s0
++/var/run/xend\.pid -- system_u:object_r:xend_var_run_t:s0
++/var/run/xenstore\.pid -- system_u:object_r:xenstored_var_run_t:s0
++/var/run/xenconsoled\.pid -- system_u:object_r:xenconsoled_var_run_t:s0
++/etc/xen/scripts(/.*)? system_u:object_r:bin_t:s0
++/dev/evtchn -c system_u:object_r:xend_device_t:s0
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xend.if serefpolicy-2.2.23/policy/modules/system/xend.if
+--- nsaserefpolicy/policy/modules/system/xend.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/xend.if 2006-03-07 15:47:54.000000000 -0500
+@@ -0,0 +1,71 @@
++## <summary>policy for xen</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run xend.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`xend_domtrans',`
++ gen_requires(`
++ type xend_t, xend_exec_t;
++ ')
++
++ domain_auto_trans($1,xend_exec_t,xend_t)
++
++ allow $1 xend_t:fd use;
++ allow xend_t $1:fd use;
++ allow xend_t $1:fifo_file rw_file_perms;
++ allow xend_t $1:process sigchld;
++')
++
++
++########################################
++## <summary>
++## Allow the specified domain to append
++## xend log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`xend_append_log',`
++ gen_require(`
++ type var_log_t, xend_var_log_t;
++ ')
++
++ files_search_var($1)
++ allow $1 var_log_t:dir r_dir_perms;
++ allow $1 xend_var_log_t:file { getattr append };
++ dontaudit $1 xend_var_log_t:file write;
++')
++
++
++
++########################################
++## <summary>
++## Connect to xenstored over an unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`xend_store_stream_connect',`
++ gen_require(`
++ type xenstored_t, xenstored_var_run_t;
++ ')
++
++ files_search_pids($1)
++ allow $1 xenstored_var_run_t:dir search;
++ allow $1 xenstored_var_run_t:sock_file { getattr write };
++ allow $1 xenstored_t:unix_stream_socket connectto;
++')
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xend.te serefpolicy-2.2.23/policy/modules/system/xend.te
+--- nsaserefpolicy/policy/modules/system/xend.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-2.2.23/policy/modules/system/xend.te 2006-03-07 15:55:35.000000000 -0500
+@@ -0,0 +1,196 @@
++policy_module(xend,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type xend_t;
++type xend_exec_t;
++domain_type(xend_t)
++init_daemon_domain(xend_t, xend_exec_t)
++
++# pid files
++type xend_var_run_t;
++files_pid_file(xend_var_run_t)
++
++# log files
++type xend_var_log_t;
++logging_log_file(xend_var_log_t)
++
++# var/lib files
++type xend_var_lib_t;
++files_type(xend_var_lib_t)
++
++# var/lib files
++type xend_device_t;
++dev_node(xend_device_t)
++
++type xenstored_t;
++type xenstored_exec_t;
++domain_type(xenstored_t)
++domain_entry_file(xenstored_t,xenstored_exec_t)
++
++# pid files
++type xenstored_var_run_t;
++files_pid_file(xenstored_var_run_t)
++
++# var/lib files
++type xenstored_var_lib_t;
++files_type(xenstored_var_lib_t)
++
++type xenconsoled_t;
++type xenconsoled_exec_t;
++domain_type(xenconsoled_t)
++domain_entry_file(xenconsoled_t,xenconsoled_exec_t)
++
++# pid files
++type xenconsoled_var_run_t;
++files_pid_file(xenconsoled_var_run_t)
++
++########################################
++#
++# xend local policy
++#
++# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.
++
++# Some common macros (you might be able to remove some)
++files_read_etc_files(xend_t)
++libs_use_ld_so(xend_t)
++libs_use_shared_libs(xend_t)
++miscfiles_read_localization(xend_t)
++## internal communication is often done using fifo and unix sockets.
++allow xend_t self:fifo_file rw_file_perms;
++allow xend_t self:unix_stream_socket create_stream_socket_perms;
++allow xend_t self:process signal;
++allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_nice };
++allow xend_t self:netlink_route_socket r_netlink_socket_perms;
++
++# pid file
++allow xend_t xend_var_run_t:file manage_file_perms;
++allow xend_t xend_var_run_t:sock_file manage_file_perms;
++allow xend_t xend_var_run_t:dir rw_dir_perms;
++files_pid_filetrans(xend_t,xend_var_run_t, { file sock_file })
++
++# log files
++allow xend_t xend_var_log_t:file create_file_perms;
++allow xend_t xend_var_log_t:sock_file create_file_perms;
++allow xend_t xend_var_log_t:dir { rw_dir_perms setattr };
++logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
++
++# var/lib files for xend
++allow xend_t xend_var_lib_t:file create_file_perms;
++allow xend_t xend_var_lib_t:sock_file create_file_perms;
++allow xend_t xend_var_lib_t:dir create_dir_perms;
++files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir sock_file })
++
++## Networking basics (adjust to your needs!)
++sysnet_dns_name_resolve(xend_t)
++corenet_tcp_sendrecv_all_if(xend_t)
++corenet_tcp_sendrecv_all_nodes(xend_t)
++corenet_tcp_sendrecv_all_ports(xend_t)
++corenet_non_ipsec_sendrecv(xend_t)
++corenet_tcp_bind_xen_port(xend_t)
++corenet_tcp_bind_soundd_port(xend_t)
++allow xend_t self:tcp_socket create_stream_socket_perms;
++allow xend_t self:packet_socket create_socket_perms;
++allow xend_t self:unix_dgram_socket create_socket_perms;
++
++corecmd_exec_sbin(xend_t)
++corecmd_exec_bin(xend_t)
++corecmd_exec_shell(xend_t)
++
++consoletype_exec(xend_t)
++
++dev_read_urand(xend_t)
++dev_filetrans(xend_t, xend_device_t, chr_file)
++dev_rw_sysfs(xend_t)
++
++domain_read_all_domains_state(xend_t)
++domain_dontaudit_read_all_domains_state(xend_t)
++
++domain_auto_trans(xend_t, xenconsoled_exec_t, xenconsoled_t)
++role system_r types xenconsoled_t;
++
++domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
++role system_r types xenstored_t;
++
++kernel_read_kernel_sysctls(xend_t)
++kernel_read_system_state(xend_t)
++kernel_write_xen_state(xend_t)
++kernel_read_xen_state(xend_t)
++kernel_read_net_sysctls(xend_t)
++kernel_read_network_state(xend_t)
++
++logging_send_syslog_msg(xend_t)
++
++sysnet_domtrans_dhcpc(xend_t)
++sysnet_signal_dhcpc(xend_t)
++
++sysnet_domtrans_ifconfig(xend_t)
++
++term_dontaudit_getattr_all_user_ptys(xend_t)
++term_dontaudit_use_generic_ptys(xend_t)
++
++xend_store_stream_connect(xend_t)
++
++################################ xenconsoled_t ##########################################
++# Some common macros (you might be able to remove some)
++libs_use_ld_so(xenconsoled_t)
++libs_use_shared_libs(xenconsoled_t)
++miscfiles_read_localization(xenconsoled_t)
++files_search_etc(xenconsoled_t)
++allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
++allow xenconsoled_t xend_t:fd use;
++allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
++allow xenconsoled_t self:fifo_file { read write };
++
++kernel_read_kernel_sysctls(xenconsoled_t)
++kernel_write_xen_state(xenconsoled_t)
++kernel_read_xen_state(xenconsoled_t)
++
++xend_append_log(xenconsoled_t)
++xend_store_stream_connect(xenconsoled_t)
++
++# pid file
++allow xenconsoled_t xenconsoled_var_run_t:file manage_file_perms;
++allow xenconsoled_t xenconsoled_var_run_t:sock_file manage_file_perms;
++allow xenconsoled_t xenconsoled_var_run_t:dir rw_dir_perms;
++files_pid_filetrans(xenconsoled_t,xenconsoled_var_run_t, { file sock_file })
++
++term_dontaudit_use_generic_ptys(xenconsoled_t)
++
++################################ xenstored_t ##########################################
++# Some common macros (you might be able to remove some)
++libs_use_ld_so(xenstored_t)
++libs_use_shared_libs(xenstored_t)
++miscfiles_read_localization(xenstored_t)
++files_search_etc(xenstored_t)
++allow xenstored_t self:capability { dac_override mknod };
++allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
++allow xenstored_t xend_t:process sigchld;
++
++# pid file
++allow xenstored_t xenstored_var_run_t:file manage_file_perms;
++allow xenstored_t xenstored_var_run_t:sock_file manage_file_perms;
++allow xenstored_t xenstored_var_run_t:dir rw_dir_perms;
++files_pid_filetrans(xenstored_t,xenstored_var_run_t, { file sock_file })
++
++# var/lib files for xenstored
++allow xenstored_t xenstored_var_lib_t:file create_file_perms;
++allow xenstored_t xenstored_var_lib_t:sock_file create_file_perms;
++allow xenstored_t xenstored_var_lib_t:dir create_dir_perms;
++files_var_lib_filetrans(xenstored_t,xenstored_var_lib_t,{ file dir sock_file })
++
++allow xenstored_t xend_t:fd use;
++kernel_write_xen_state(xenstored_t)
++kernel_read_xen_state(xenstored_t)
++
++term_dontaudit_use_generic_ptys(xenstored_t)
++
++xend_append_log(xenstored_t)
++
++allow xenstored_t xend_t:fifo_file write;
++allow xenstored_t xend_device_t:chr_file rw_file_perms;
++
++dev_filetrans(xenstored_t, xend_device_t, { dir chr_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.23/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-02-17 14:46:10.000000000 -0500
-+++ serefpolicy-2.2.23/Rules.modular 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/Rules.modular 2006-03-07 13:42:37.000000000 -0500
@@ -204,7 +204,7 @@
#
$(APPDIR)/customizable_types: $(BASE_CONF)
@@ -595,7 +1098,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-2.2.23/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2006-02-22 14:09:04.000000000 -0500
-+++ serefpolicy-2.2.23/support/Makefile.devel 2006-03-04 23:47:48.000000000 -0500
++++ serefpolicy-2.2.23/support/Makefile.devel 2006-03-07 13:42:37.000000000 -0500
@@ -6,10 +6,7 @@
SED ?= sed
EINFO ?= echo
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -r1.139 -r1.140
--- selinux-policy.spec 6 Mar 2006 23:05:10 -0000 1.139
+++ selinux-policy.spec 7 Mar 2006 22:22:14 -0000 1.140
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.23
-Release: 5
+Release: 6
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -296,6 +296,9 @@
%fileList strict
%changelog
+* Tue Mar 7 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-5
+- Add Xen support
+
* Mon Mar 6 2006 Dan Walsh <dwalsh at redhat.com> 2.2.23-4
- Fixes for cups
- Make cryptosetup work with hal
More information about the fedora-cvs-commits
mailing list