rpms/selinux-policy/devel policy-20061016.patch,1.16,1.17
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 3 21:41:07 UTC 2006
- Previous message (by thread): rpms/libselinux/devel libselinux-rhat.patch, 1.92, 1.93 libselinux.spec, 1.231, 1.232
- Next message (by thread): rpms/checkpolicy/devel .cvsignore, 1.65, 1.66 checkpolicy.spec, 1.104, 1.105 sources, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4370
Modified Files:
policy-20061016.patch
Log Message:
* Fri Nov 3 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-8
- Lots of fixes for ricci
policy-20061016.patch:
Rules.modular | 10
policy/flask/access_vectors | 2
policy/global_tunables | 44 ++
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 4
policy/modules/admin/anaconda.te | 4
policy/modules/admin/bootloader.fc | 2
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/logwatch.te | 1
policy/modules/admin/netutils.te | 6
policy/modules/admin/prelink.te | 10
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 3
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 3
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.te.in | 6
policy/modules/kernel/devices.fc | 3
policy/modules/kernel/domain.te | 7
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 48 ++-
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 6
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 1
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 20 +
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.if | 2
policy/modules/services/apache.te | 9
policy/modules/services/automount.te | 4
policy/modules/services/bluetooth.te | 2
policy/modules/services/ccs.fc | 10
policy/modules/services/ccs.if | 83 +++++
policy/modules/services/ccs.te | 89 +++++
policy/modules/services/cron.if | 26 -
policy/modules/services/cron.te | 8
policy/modules/services/cups.fc | 6
policy/modules/services/cups.if | 21 +
policy/modules/services/cups.te | 18 +
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 2
policy/modules/services/lpd.fc | 5
policy/modules/services/lpd.if | 72 ++--
policy/modules/services/mta.te | 1
policy/modules/services/networkmanager.te | 4
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.te | 16 -
policy/modules/services/pegasus.if | 31 +
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 26 +
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++
policy/modules/services/ricci.te | 477 ++++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 6
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 10
policy/modules/services/sasl.te | 2
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.te | 7
policy/modules/services/ssh.te | 4
policy/modules/services/telnet.te | 1
policy/modules/services/xserver.if | 40 ++
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.fc | 1
policy/modules/system/authlogin.if | 4
policy/modules/system/clock.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 3
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 16 -
policy/modules/system/iscsi.fc | 9
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 94 +++++
policy/modules/system/libraries.fc | 8
policy/modules/system/locallogin.if | 37 ++
policy/modules/system/locallogin.te | 2
policy/modules/system/logging.te | 5
policy/modules/system/mount.fc | 1
policy/modules/system/mount.te | 13
policy/modules/system/raid.te | 10
policy/modules/system/selinuxutil.if | 6
policy/modules/system/selinuxutil.te | 8
policy/modules/system/setrans.te | 5
policy/modules/system/unconfined.if | 19 +
policy/modules/system/unconfined.te | 20 -
policy/modules/system/userdomain.if | 227 +++++++++++++-
policy/modules/system/userdomain.te | 14
policy/modules/system/xen.fc | 3
policy/modules/system/xen.te | 59 +++
107 files changed, 2006 insertions(+), 138 deletions(-)
Index: policy-20061016.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20061016.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20061016.patch 3 Nov 2006 21:27:47 -0000 1.16
+++ policy-20061016.patch 3 Nov 2006 21:40:55 -0000 1.17
@@ -89,8 +89,16 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.2/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/amanda.te 2006-11-03 08:59:56.000000000 -0500
-@@ -97,7 +97,7 @@
++++ serefpolicy-2.4.2/policy/modules/admin/amanda.te 2006-11-03 16:40:05.000000000 -0500
+@@ -75,6 +75,7 @@
+ allow amanda_t self:unix_dgram_socket create_socket_perms;
+ allow amanda_t self:tcp_socket create_stream_socket_perms;
+ allow amanda_t self:udp_socket create_socket_perms;
++allow amanda_t self:netlink_route_socket r_netlink_socket_perms;
+
+ # access to amanda_amandates_t
+ allow amanda_t amanda_amandates_t:file { getattr lock read write };
+@@ -97,7 +98,7 @@
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
allow amanda_t amanda_log_t:file create_file_perms;
@@ -99,7 +107,7 @@
logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
allow amanda_t amanda_tmp_t:dir create_dir_perms;
-@@ -123,6 +123,7 @@
+@@ -123,6 +124,7 @@
corenet_udp_sendrecv_all_ports(amanda_t)
corenet_tcp_bind_all_nodes(amanda_t)
corenet_udp_bind_all_nodes(amanda_t)
@@ -3211,7 +3219,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.4.2/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/raid.te 2006-11-03 15:27:42.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/raid.te 2006-11-03 16:37:26.000000000 -0500
@@ -22,7 +22,9 @@
allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
dontaudit mdadm_t self:capability sys_tty_config;
@@ -3222,11 +3230,9 @@
allow mdadm_t mdadm_var_run_t:file create_file_perms;
files_pid_filetrans(mdadm_t,mdadm_var_run_t,file)
-@@ -35,13 +37,17 @@
- # Ignore attempts to read every device file
+@@ -36,12 +38,15 @@
dev_dontaudit_getattr_all_blk_files(mdadm_t)
dev_dontaudit_getattr_all_chr_files(mdadm_t)
-+dev_dontaudit_getattr_all_sock_files(mdadm_t)
dev_dontaudit_getattr_generic_files(mdadm_t)
+dev_dontaudit_getattr_generic_chr_files(mdadm_t)
+dev_dontaudit_getattr_generic_blk_files(mdadm_t)
@@ -3240,7 +3246,7 @@
term_dontaudit_use_console(mdadm_t)
term_dontaudit_list_ptys(mdadm_t)
-@@ -49,6 +55,7 @@
+@@ -49,6 +54,7 @@
# Helper program access
corecmd_exec_bin(mdadm_t)
corecmd_exec_sbin(mdadm_t)
@@ -3248,7 +3254,7 @@
domain_use_interactive_fds(mdadm_t)
-@@ -84,3 +91,7 @@
+@@ -84,3 +90,7 @@
optional_policy(`
udev_read_db(mdadm_t)
')
- Previous message (by thread): rpms/libselinux/devel libselinux-rhat.patch, 1.92, 1.93 libselinux.spec, 1.231, 1.232
- Next message (by thread): rpms/checkpolicy/devel .cvsignore, 1.65, 1.66 checkpolicy.spec, 1.104, 1.105 sources, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list