rpms/selinux-policy/F-8 policy-20070703.patch, 1.148, 1.149 selinux-policy.spec, 1.588, 1.589

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Dec 3 03:30:03 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4663

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Sun Dec 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
- Allow xdm to list all filesystem directories


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -r1.148 -r1.149
--- policy-20070703.patch	3 Dec 2007 02:38:53 -0000	1.148
+++ policy-20070703.patch	3 Dec 2007 03:29:59 -0000	1.149
@@ -14382,7 +14382,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-12-02 22:01:51.000000000 -0500
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -14435,12 +14435,13 @@
  
  # Allow gdm to run gdm-binary
  can_exec(xdm_t, xdm_exec_t)
-@@ -132,15 +147,20 @@
+@@ -132,15 +147,21 @@
  manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 +fs_rw_tmpfs_files(xdm_xserver_t)
 +fs_getattr_all_fs(xdm_t)
++fs_list_all(xdm_t)
  
  manage_dirs_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)	
  manage_files_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
@@ -14457,7 +14458,7 @@
  
  allow xdm_t xdm_xserver_t:process signal;
  allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -185,6 +205,7 @@
+@@ -185,6 +206,7 @@
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_all_nodes(xdm_t)
  corenet_udp_bind_all_nodes(xdm_t)
@@ -14465,7 +14466,7 @@
  corenet_tcp_connect_all_ports(xdm_t)
  corenet_sendrecv_all_client_packets(xdm_t)
  # xdm tries to bind to biff_port_t
-@@ -197,6 +218,7 @@
+@@ -197,6 +219,7 @@
  dev_getattr_mouse_dev(xdm_t)
  dev_setattr_mouse_dev(xdm_t)
  dev_rw_apm_bios(xdm_t)
@@ -14473,7 +14474,7 @@
  dev_setattr_apm_bios_dev(xdm_t)
  dev_rw_dri(xdm_t)
  dev_rw_agp(xdm_t)
-@@ -209,8 +231,8 @@
+@@ -209,8 +232,8 @@
  dev_setattr_video_dev(xdm_t)
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
@@ -14484,7 +14485,7 @@
  dev_getattr_power_mgmt_dev(xdm_t)
  dev_setattr_power_mgmt_dev(xdm_t)
  
-@@ -246,6 +268,7 @@
+@@ -246,6 +269,7 @@
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -14492,7 +14493,7 @@
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -257,6 +280,7 @@
+@@ -257,6 +281,7 @@
  libs_exec_lib_files(xdm_t)
  
  logging_read_generic_logs(xdm_t)
@@ -14500,7 +14501,7 @@
  
  miscfiles_read_localization(xdm_t)
  miscfiles_read_fonts(xdm_t)
-@@ -268,9 +292,14 @@
+@@ -268,9 +293,14 @@
  userdom_create_all_users_keys(xdm_t)
  # for .dmrc
  userdom_read_unpriv_users_home_content_files(xdm_t)
@@ -14515,7 +14516,7 @@
  
  xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
  
-@@ -306,6 +335,11 @@
+@@ -306,6 +336,11 @@
  
  optional_policy(`
  	consolekit_dbus_chat(xdm_t)
@@ -14527,7 +14528,7 @@
  ')
  
  optional_policy(`
-@@ -313,6 +347,10 @@
+@@ -313,6 +348,10 @@
  ')
  
  optional_policy(`
@@ -14538,7 +14539,7 @@
  	# Talk to the console mouse server.
  	gpm_stream_connect(xdm_t)
  	gpm_setattr_gpmctl(xdm_t)
-@@ -348,12 +386,8 @@
+@@ -348,12 +387,8 @@
  ')
  
  optional_policy(`
@@ -14552,7 +14553,7 @@
  
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
-@@ -385,7 +419,7 @@
+@@ -385,7 +420,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -14561,7 +14562,7 @@
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +431,15 @@
+@@ -397,6 +432,15 @@
  can_exec(xdm_xserver_t, xkb_var_lib_t)
  files_search_var_lib(xdm_xserver_t)
  
@@ -14577,7 +14578,7 @@
  # VNC v4 module in X server
  corenet_tcp_bind_vnc_port(xdm_xserver_t)
  
-@@ -425,6 +468,14 @@
+@@ -425,6 +469,14 @@
  ')
  
  optional_policy(`
@@ -14592,7 +14593,7 @@
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -434,47 +485,26 @@
+@@ -434,47 +486,26 @@
  ')
  
  optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.588
retrieving revision 1.589
diff -u -r1.588 -r1.589
--- selinux-policy.spec	3 Dec 2007 02:38:53 -0000	1.588
+++ selinux-policy.spec	3 Dec 2007 03:29:59 -0000	1.589
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 63%{?dist}
+Release: 64%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
 %endif
 
 %changelog
+* Sun Dec 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-64
+- Allow xdm to list all filesystem directories
+
 * Wed Nov 28 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-63
 - Change labeling on hpijs
 - Fix unconfined_u defintion

More information about the fedora-extras-commits mailing list