rpms/selinux-policy/devel policy-20070219.patch, 1.16, 1.17 selinux-policy.spec, 1.408, 1.409
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 14 12:48:11 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11815
Modified Files:
policy-20070219.patch selinux-policy.spec
Log Message:
* Tue Mar 13 2007 Dan Walsh <dwalsh at redhat.com> 2.5.8-4
- Allow insmod to launch init scripts
policy-20070219.patch:
Changelog | 0
Rules.modular | 12 +
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 65 ++++++-
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 1
policy/modules/admin/netutils.te | 3
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 65 +++++++
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.if | 5
policy/modules/admin/sudo.te | 1
policy/modules/admin/usermanage.te | 40 +++-
policy/modules/apps/gnome.if | 25 ++-
policy/modules/apps/gpg.fc | 2
policy/modules/apps/gpg.if | 1
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 38 ++++
policy/modules/kernel/corenetwork.if.in | 54 ++++++
policy/modules/kernel/corenetwork.te.in | 9 +
policy/modules/kernel/devices.if | 18 ++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 23 ++
policy/modules/kernel/files.if | 53 +++++-
policy/modules/kernel/filesystem.if | 20 ++
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 11 +
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 135 ++++++++++++++++
policy/modules/kernel/selinux.te | 40 ++++
policy/modules/kernel/storage.fc | 3
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 23 ++
policy/modules/services/apache.if | 197 +++++++++++++++++++++++
policy/modules/services/apache.te | 40 ++++
policy/modules/services/automount.te | 1
policy/modules/services/ccs.te | 12 +
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 46 +++++
policy/modules/services/consolekit.te | 71 ++++++++
policy/modules/services/cpucontrol.te | 1
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 43 ++++-
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 57 ++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/dovecot.te | 5
policy/modules/services/fail2ban.fc | 4
policy/modules/services/fail2ban.if | 87 ++++++++++
policy/modules/services/fail2ban.te | 77 +++++++++
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 6
policy/modules/services/hal.te | 94 +++++++++++
policy/modules/services/inetd.te | 5
policy/modules/services/mta.te | 2
policy/modules/services/nis.if | 5
policy/modules/services/pegasus.if | 27 +++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 2
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 3
policy/modules/services/radius.te | 7
policy/modules/services/ricci.te | 5
policy/modules/services/rpc.if | 5
policy/modules/services/rpc.te | 3
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 80 +++++++++
policy/modules/services/samba.te | 14 +
policy/modules/services/setroubleshoot.te | 1
policy/modules/services/smartmon.te | 1
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 5
policy/modules/services/sysstat.te | 1
policy/modules/services/xserver.if | 2
policy/modules/services/xserver.te | 4
policy/modules/services/zabbix.fc | 4
policy/modules/services/zabbix.if | 87 ++++++++++
policy/modules/services/zabbix.te | 64 +++++++
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 106 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 87 ++++++++--
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 3
policy/modules/system/init.te | 28 ++-
policy/modules/system/ipsec.if | 100 ++++++++++++
policy/modules/system/ipsec.te | 9 -
policy/modules/system/iptables.te | 9 -
policy/modules/system/libraries.te | 20 ++
policy/modules/system/locallogin.te | 10 +
policy/modules/system/logging.te | 4
policy/modules/system/lvm.te | 10 +
policy/modules/system/modutils.te | 7
policy/modules/system/mount.te | 10 -
policy/modules/system/netlabel.te | 3
policy/modules/system/selinuxutil.fc | 2
policy/modules/system/selinuxutil.if | 217 ++++++++++++++++++++++++++
policy/modules/system/selinuxutil.te | 163 ++++++-------------
policy/modules/system/udev.te | 5
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.te | 16 +
policy/modules/system/userdomain.if | 248 ++++++++++++++++--------------
policy/modules/system/userdomain.te | 43 +++--
policy/modules/system/xen.te | 26 +++
policy/support/obj_perm_sets.spt | 2
128 files changed, 2895 insertions(+), 405 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20070219.patch 13 Mar 2007 17:46:34 -0000 1.16
+++ policy-20070219.patch 14 Mar 2007 12:48:09 -0000 1.17
@@ -4033,7 +4033,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.5.8/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.8/policy/modules/system/init.if 2007-03-09 10:35:29.000000000 -0500
++++ serefpolicy-2.5.8/policy/modules/system/init.if 2007-03-13 15:21:22.000000000 -0400
@@ -202,11 +202,14 @@
gen_require(`
type initrc_t;
@@ -4439,8 +4439,25 @@
# LVM will complain a lot if it cannot set its priority.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.5.8/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.8/policy/modules/system/modutils.te 2007-03-09 10:35:29.000000000 -0500
-@@ -118,7 +118,8 @@
++++ serefpolicy-2.5.8/policy/modules/system/modutils.te 2007-03-13 15:21:56.000000000 -0400
+@@ -68,7 +68,7 @@
+ # for locking: (cjp: ????)
+ files_write_kernel_modules(insmod_t)
+
+-dev_read_sysfs(insmod_t)
++dev_rw_sysfs(insmod_t)
+ dev_search_usbfs(insmod_t)
+ dev_rw_mtrr(insmod_t)
+ dev_read_urand(insmod_t)
+@@ -102,6 +102,7 @@
+ init_use_fds(insmod_t)
+ init_use_script_fds(insmod_t)
+ init_use_script_ptys(insmod_t)
++init_spec_domtrans_script(insmod_t)
+
+ libs_use_ld_so(insmod_t)
+ libs_use_shared_libs(insmod_t)
+@@ -118,7 +119,8 @@
}
ifdef(`targeted_policy',`
@@ -4450,7 +4467,7 @@
')
optional_policy(`
-@@ -180,6 +181,7 @@
+@@ -180,6 +182,7 @@
files_read_kernel_symbol_table(depmod_t)
files_read_kernel_modules(depmod_t)
@@ -5027,8 +5044,16 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.5.8/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.8/policy/modules/system/udev.te 2007-03-09 10:35:29.000000000 -0500
-@@ -172,8 +172,6 @@
++++ serefpolicy-2.5.8/policy/modules/system/udev.te 2007-03-13 15:19:04.000000000 -0400
+@@ -167,13 +167,14 @@
+
+ # for arping used for static IP addresses on PCMCIA ethernet
+ netutils_domtrans(udev_t)
++
++ term_search_ptys(udev_t)
++
+ ')
+
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(udev_t)
term_dontaudit_use_generic_ptys(udev_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.408
retrieving revision 1.409
diff -u -r1.408 -r1.409
--- selinux-policy.spec 13 Mar 2007 17:46:34 -0000 1.408
+++ selinux-policy.spec 14 Mar 2007 12:48:09 -0000 1.409
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.5.8
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
%endif
%changelog
+* Tue Mar 13 2007 Dan Walsh <dwalsh at redhat.com> 2.5.8-4
+- Allow insmod to launch init scripts
+
* Tue Mar 13 2007 Dan Walsh <dwalsh at redhat.com> 2.5.8-3
- Remove setsebool policy
More information about the fedora-cvs-commits
mailing list