rpms/selinux-policy/devel policy-20070703.patch, 1.37, 1.38 selinux-policy.spec, 1.499, 1.500
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Aug 20 23:02:34 UTC 2007
- Previous message (by thread): rpms/yum-cron/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/libsepol/devel .cvsignore, 1.119, 1.120 libsepol.spec, 1.158, 1.159 sources, 1.120, 1.121
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8144
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Mon Aug 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-10
- Add ldconfig_cache_t
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- policy-20070703.patch 20 Aug 2007 22:15:46 -0000 1.37
+++ policy-20070703.patch 20 Aug 2007 23:02:29 -0000 1.38
@@ -5249,7 +5249,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.0.5/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-20 18:21:06.000000000 -0400
@@ -18,3 +18,43 @@
manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
@@ -7884,7 +7884,7 @@
+/usr/bin/nasd -- gen_context(system_u:object_r:soundd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.0.5/policy/modules/services/soundserver.if
--- nsaserefpolicy/policy/modules/services/soundserver.if 2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 17:00:30.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 18:36:50.000000000 -0400
@@ -13,3 +13,64 @@
interface(`soundserver_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -9928,7 +9928,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.5/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-08-02 08:17:28.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-07 09:39:49.000000000 -0400
++++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-20 19:01:03.000000000 -0400
@@ -65,11 +65,12 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -9968,23 +9968,35 @@
+/usr/lib/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
-+/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ld_so_cache_t,s0)
++/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.5/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-08-02 08:17:28.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 17:12:36.000000000 -0400
-@@ -44,9 +44,9 @@
++++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 19:00:40.000000000 -0400
+@@ -23,6 +23,9 @@
+ init_system_domain(ldconfig_t,ldconfig_exec_t)
+ role system_r types ldconfig_t;
+
++type ldconfig_cache_t;
++files_type(ldconfig_cache_t)
++
+ type ldconfig_tmp_t;
+ files_tmp_file(ldconfig_tmp_t)
+
+@@ -44,9 +47,11 @@
# ldconfig local policy
#
-allow ldconfig_t self:capability sys_chroot;
+allow ldconfig_t self:capability { dac_override sys_chroot };
++
++manage_files_pattern(ldconfig_t,ldconfig_cache_t,ldconfig_cache_t)
-allow ldconfig_t ld_so_cache_t:file manage_file_perms;
+manage_files_pattern(ldconfig_t,ld_so_cache_t,ld_so_cache_t)
files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
-@@ -60,8 +60,11 @@
+@@ -60,8 +65,11 @@
fs_getattr_xattr_fs(ldconfig_t)
@@ -9996,7 +10008,7 @@
files_search_var_lib(ldconfig_t)
files_read_etc_files(ldconfig_t)
files_search_tmp(ldconfig_t)
-@@ -96,4 +99,11 @@
+@@ -96,4 +104,11 @@
# and executes ldconfig on it. If you dont allow this kernel installs
# blow up.
rpm_manage_script_tmp_files(ldconfig_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.499
retrieving revision 1.500
diff -u -r1.499 -r1.500
--- selinux-policy.spec 20 Aug 2007 21:43:05 -0000 1.499
+++ selinux-policy.spec 20 Aug 2007 23:02:30 -0000 1.500
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.5
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -360,6 +360,9 @@
%endif
%changelog
+* Mon Aug 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-10
+- Add ldconfig_cache_t
+
* Sat Aug 18 2007 Dan Walsh <dwalsh at redhat.com> 3.0.5-9
- Allow sshd to write to proc_t for afs login
- Previous message (by thread): rpms/yum-cron/devel .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 sources, NONE, 1.1
- Next message (by thread): rpms/libsepol/devel .cvsignore, 1.119, 1.120 libsepol.spec, 1.158, 1.159 sources, 1.120, 1.121
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list