rpms/selinux-policy/devel policy-20070703.patch,1.36,1.37
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Aug 20 22:15:49 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30698
Modified Files:
policy-20070703.patch
Log Message:
* Sat Aug 18 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-9
- Allow sshd to write to proc_t for afs login
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- policy-20070703.patch 20 Aug 2007 21:43:05 -0000 1.36
+++ policy-20070703.patch 20 Aug 2007 22:15:46 -0000 1.37
@@ -2388,6 +2388,53 @@
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.0.5/policy/modules/kernel/corenetwork.if.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-07-03 07:05:38.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/kernel/corenetwork.if.in 2007-08-20 18:15:26.000000000 -0400
+@@ -1449,6 +1449,43 @@
+
+ ########################################
+ ## <summary>
++## Connect TCP sockets to rpc ports.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`corenet_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to connect TCP sockets
++## all rpc ports.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
+ ## Read and write the TUN/TAP virtual network device.
+ ## </summary>
+ ## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.5/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-07-03 07:05:38.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/kernel/corenetwork.te.in 2007-08-07 09:39:49.000000000 -0400
@@ -5249,7 +5296,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.5/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/dovecot.te 2007-08-14 08:15:55.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/dovecot.te 2007-08-20 17:56:52.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -5311,7 +5358,7 @@
seutil_sigchld_newrole(dovecot_t)
')
-@@ -145,33 +144,39 @@
+@@ -145,33 +144,40 @@
# dovecot auth local policy
#
@@ -5333,6 +5380,7 @@
+files_read_var_symlinks(dovecot_t)
allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
++dovecot_auth_stream_connect(dovecot_auth_t)
kernel_read_all_sysctls(dovecot_auth_t)
kernel_read_system_state(dovecot_auth_t)
@@ -5353,7 +5401,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,12 +190,46 @@
+@@ -185,12 +191,46 @@
seutil_dontaudit_search_config(dovecot_auth_t)
More information about the fedora-extras-commits
mailing list