rpms/selinux-policy/devel policy-20070703.patch, 1.34, 1.35 selinux-policy.spec, 1.497, 1.498

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Sat Aug 18 11:54:14 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19819

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Sat Aug 18 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-8
- Allow xserver access to urand


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- policy-20070703.patch	15 Aug 2007 00:55:49 -0000	1.34
+++ policy-20070703.patch	18 Aug 2007 11:54:11 -0000	1.35
@@ -7027,8 +7027,16 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.0.5/policy/modules/services/rhgb.te
 --- nsaserefpolicy/policy/modules/services/rhgb.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/rhgb.te	2007-08-07 09:39:49.000000000 -0400
-@@ -109,6 +109,7 @@
++++ serefpolicy-3.0.5/policy/modules/services/rhgb.te	2007-08-18 06:24:55.000000000 -0400
+@@ -59,6 +59,7 @@
+ corenet_sendrecv_all_client_packets(rhgb_t)
+ 
+ dev_read_sysfs(rhgb_t)
++dev_read_urand(rhgb_t)
+ 
+ domain_use_interactive_fds(rhgb_t)
+ 
+@@ -109,6 +110,7 @@
  
  userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
  userdom_dontaudit_search_sysadm_home_dirs(rhgb_t)
@@ -8106,8 +8114,17 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.5/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/xserver.if	2007-08-07 09:39:49.000000000 -0400
-@@ -141,7 +141,7 @@
++++ serefpolicy-3.0.5/policy/modules/services/xserver.if	2007-08-18 06:25:18.000000000 -0400
+@@ -126,6 +126,8 @@
+ 	# read events - the synaptics touchpad driver reads raw events
+ 	dev_rw_input_dev($1_xserver_t)
+ 	dev_rwx_zero($1_xserver_t)
++	dev_read_urand($1_xserver_t)
++
+ 
+ 	domain_mmap_low($1_xserver_t)
+ 
+@@ -141,7 +143,7 @@
  	fs_getattr_xattr_fs($1_xserver_t)
  	fs_search_nfs($1_xserver_t)
  	fs_search_auto_mountpoints($1_xserver_t)
@@ -8116,7 +8133,7 @@
  
  	init_getpgid($1_xserver_t)
  
-@@ -353,12 +353,6 @@
+@@ -353,12 +355,6 @@
  	# allow ps to show xauth
  	ps_process_pattern($2,$1_xauth_t)
  
@@ -8129,7 +8146,7 @@
  	domain_use_interactive_fds($1_xauth_t)
  
  	files_read_etc_files($1_xauth_t)
-@@ -387,6 +381,14 @@
+@@ -387,6 +383,14 @@
  	')
  
  	optional_policy(`
@@ -8144,7 +8161,7 @@
  		nis_use_ypbind($1_xauth_t)
  	')
  
-@@ -537,16 +539,14 @@
+@@ -537,16 +541,14 @@
  
  	gen_require(`
  		type xdm_t, xdm_tmp_t;
@@ -8163,7 +8180,7 @@
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -555,25 +555,46 @@
+@@ -555,25 +557,46 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -8219,7 +8236,7 @@
  	')
  ')
  
-@@ -626,6 +647,24 @@
+@@ -626,6 +649,24 @@
  
  ########################################
  ## <summary>
@@ -8244,7 +8261,7 @@
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -659,6 +698,73 @@
+@@ -659,6 +700,73 @@
  
  ########################################
  ## <summary>
@@ -8318,7 +8335,7 @@
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -1136,7 +1242,7 @@
+@@ -1136,7 +1244,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -8327,7 +8344,7 @@
  ')
  
  ########################################
-@@ -1325,3 +1431,62 @@
+@@ -1325,3 +1433,62 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')
@@ -10802,7 +10819,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.5/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2007-08-02 08:17:28.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/selinuxutil.te	2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/system/selinuxutil.te	2007-08-15 06:15:41.000000000 -0400
 @@ -76,7 +76,6 @@
  type restorecond_exec_t;
  init_daemon_domain(restorecond_t,restorecond_exec_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.497
retrieving revision 1.498
diff -u -r1.497 -r1.498
--- selinux-policy.spec	15 Aug 2007 00:55:49 -0000	1.497
+++ selinux-policy.spec	18 Aug 2007 11:54:11 -0000	1.498
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.5
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -288,7 +288,7 @@
 %saveFileContext targeted
 
 %post targeted
-semodule -r moilscanner 2>/dev/null
+semodule -s targeted -r moilscanner 2>/dev/null
 %loadpolicy targeted
 %relabel targeted
 exit 0
@@ -360,6 +360,9 @@
 %endif
 
 %changelog
+* Sat Aug 18 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-8
+- Allow xserver access to urand
+
 * Tue Aug 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-7
 - allow dovecot to search mountpoints

More information about the fedora-extras-commits mailing list