rpms/selinux-policy/F-7 policy-20070501.patch, 1.42, 1.43 selinux-policy.spec, 1.482, 1.483
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Aug 3 18:26:53 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18279
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Fri Aug 3 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-32
- Allow ping to bind to rawip_socket
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20070501.patch 1 Aug 2007 20:41:28 -0000 1.42
+++ policy-20070501.patch 3 Aug 2007 18:26:51 -0000 1.43
@@ -574,7 +574,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-08-03 08:45:43.000000000 -0400
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -583,6 +583,14 @@
role system_r types traceroute_t;
########################################
+@@ -118,6 +119,7 @@
+ corenet_tcp_sendrecv_all_if(ping_t)
+ corenet_raw_sendrecv_all_if(ping_t)
+ corenet_raw_sendrecv_all_nodes(ping_t)
++corenet_raw_bind_all_nodes(ping_t)
+ corenet_tcp_sendrecv_all_nodes(ping_t)
+ corenet_tcp_sendrecv_all_ports(ping_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-07-31 16:39:53.000000000 -0400
@@ -676,7 +684,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-08-02 15:13:10.000000000 -0400
@@ -211,6 +211,24 @@
########################################
@@ -733,7 +741,7 @@
')
########################################
-@@ -290,3 +329,85 @@
+@@ -290,3 +329,103 @@
dontaudit $1 rpm_var_lib_t:file manage_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
')
@@ -783,6 +791,24 @@
+
+########################################
+## <summary>
++## allow domain to read, RPM tmp files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`rpm_read_tmp_files',`
++ gen_require(`
++ type rpm_tmp_t;
++ ')
++
++ allow $1 rpm_tmp_t:file r_file_perms;
++')
++
++########################################
++## <summary>
+## Do not audit attempts to read,
+## write RPM tmp files
+## </summary>
@@ -8786,8 +8812,8 @@
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-07-31 16:39:53.000000000 -0400
-@@ -0,0 +1,51 @@
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-08-03 14:21:48.000000000 -0400
+@@ -0,0 +1,47 @@
+policy_module(fusermount,1.0.0)
+
+########################################
@@ -8830,10 +8856,6 @@
+ hal_rw_pipes(fusermount_t)
+')
+
-+optional_policy(`
-+ mount_ntfs_rw_stream_sockets(fusermount_t)
-+')
-+
+ifdef(`targeted_policy',`
+ term_use_generic_ptys(fusermount_t)
+ term_use_console(fusermount_t)
@@ -9203,7 +9225,7 @@
# vmware
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-07-31 16:39:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-08-02 15:13:32.000000000 -0400
@@ -62,7 +62,8 @@
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
@@ -9743,53 +9765,9 @@
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
-
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.6.4/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-07-31 16:39:53.000000000 -0400
-@@ -143,3 +143,40 @@
- mount_domtrans($1)
- ')
- ')
-+
-+########################################
-+## <summary>
-+## Execute a domain transition to run mount_ntfs.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`mount_ntfs_domtrans',`
-+ gen_require(`
-+ type mount_ntfs_t, mount_ntfs_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,mount_ntfs_exec_t,mount_ntfs_t)
-+')
-+
-+########################################
-+## <summary>
-+## Allow the specified domain to read/write to
-+## init scripts with a unix domain stream sockets.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`mount_ntfs_rw_stream_sockets',`
-+ gen_require(`
-+ type mount_ntfs_t;
-+ ')
-+
-+ allow $1 mount_ntfs_t:unix_stream_socket { read write };
-+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-08-01 16:40:38.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-08-03 14:22:02.000000000 -0400
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
## <desc>
@@ -9917,7 +9895,7 @@
+fusermount_domtrans(mount_t)
+fusermount_use_fds(mount_t)
+
-+# modutils_domtrans_insmod(mount_t)
++modutils_exec_insmod(mount_t)
+
+optional_policy(`
+ hal_write_log(mount_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.482
retrieving revision 1.483
diff -u -r1.482 -r1.483
--- selinux-policy.spec 1 Aug 2007 20:41:28 -0000 1.482
+++ selinux-policy.spec 3 Aug 2007 18:26:51 -0000 1.483
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 31%{?dist}
+Release: 32%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@
%endif
%changelog
+* Fri Aug 3 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-32
+- Allow ping to bind to rawip_socket
+
* Wed Aug 1 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-31
- Fix specification of nagios cgi scripts
More information about the fedora-extras-commits
mailing list