rpms/selinux-policy/F-8 policy-20070703.patch, 1.148, 1.149 selinux-policy.spec, 1.588, 1.589
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Dec 3 03:30:03 UTC 2007
- Previous message (by thread): rpms/powerpc-utils/devel nvsetenv, 1.1, 1.2 powerpc-utils.spec, 1.1, 1.2
- Next message (by thread): rpms/qt4-theme-quarticurve/devel .cvsignore, 1.4, 1.5 qt4-theme-quarticurve.spec, 1.7, 1.8 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4663
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Sun Dec 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -r1.148 -r1.149
--- policy-20070703.patch 3 Dec 2007 02:38:53 -0000 1.148
+++ policy-20070703.patch 3 Dec 2007 03:29:59 -0000 1.149
@@ -14382,7 +14382,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-12-02 22:01:51.000000000 -0500
@@ -16,6 +16,13 @@
## <desc>
@@ -14435,12 +14435,13 @@
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -132,15 +147,20 @@
+@@ -132,15 +147,21 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_rw_tmpfs_files(xdm_xserver_t)
+fs_getattr_all_fs(xdm_t)
++fs_list_all(xdm_t)
manage_dirs_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
manage_files_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
@@ -14457,7 +14458,7 @@
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -185,6 +205,7 @@
+@@ -185,6 +206,7 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_all_nodes(xdm_t)
corenet_udp_bind_all_nodes(xdm_t)
@@ -14465,7 +14466,7 @@
corenet_tcp_connect_all_ports(xdm_t)
corenet_sendrecv_all_client_packets(xdm_t)
# xdm tries to bind to biff_port_t
-@@ -197,6 +218,7 @@
+@@ -197,6 +219,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -14473,7 +14474,7 @@
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -209,8 +231,8 @@
+@@ -209,8 +232,8 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -14484,7 +14485,7 @@
dev_getattr_power_mgmt_dev(xdm_t)
dev_setattr_power_mgmt_dev(xdm_t)
-@@ -246,6 +268,7 @@
+@@ -246,6 +269,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -14492,7 +14493,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -257,6 +280,7 @@
+@@ -257,6 +281,7 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -14500,7 +14501,7 @@
miscfiles_read_localization(xdm_t)
miscfiles_read_fonts(xdm_t)
-@@ -268,9 +292,14 @@
+@@ -268,9 +293,14 @@
userdom_create_all_users_keys(xdm_t)
# for .dmrc
userdom_read_unpriv_users_home_content_files(xdm_t)
@@ -14515,7 +14516,7 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -306,6 +335,11 @@
+@@ -306,6 +336,11 @@
optional_policy(`
consolekit_dbus_chat(xdm_t)
@@ -14527,7 +14528,7 @@
')
optional_policy(`
-@@ -313,6 +347,10 @@
+@@ -313,6 +348,10 @@
')
optional_policy(`
@@ -14538,7 +14539,7 @@
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
-@@ -348,12 +386,8 @@
+@@ -348,12 +387,8 @@
')
optional_policy(`
@@ -14552,7 +14553,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -385,7 +419,7 @@
+@@ -385,7 +420,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -14561,7 +14562,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +431,15 @@
+@@ -397,6 +432,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -14577,7 +14578,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -425,6 +468,14 @@
+@@ -425,6 +469,14 @@
')
optional_policy(`
@@ -14592,7 +14593,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -434,47 +485,26 @@
+@@ -434,47 +486,26 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.588
retrieving revision 1.589
diff -u -r1.588 -r1.589
--- selinux-policy.spec 3 Dec 2007 02:38:53 -0000 1.588
+++ selinux-policy.spec 3 Dec 2007 03:29:59 -0000 1.589
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 63%{?dist}
+Release: 64%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Sun Dec 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
+- Allow xdm to list all filesystem directories
+
* Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
- Change labeling on hpijs
- Fix unconfined_u defintion
- Previous message (by thread): rpms/powerpc-utils/devel nvsetenv, 1.1, 1.2 powerpc-utils.spec, 1.1, 1.2
- Next message (by thread): rpms/qt4-theme-quarticurve/devel .cvsignore, 1.4, 1.5 qt4-theme-quarticurve.spec, 1.7, 1.8 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list