rpms/selinux-policy/F-8 policy-20070703.patch, 1.151, 1.152 selinux-policy.spec, 1.591, 1.592
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Dec 7 18:41:48 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25270
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Thu Dec 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-67
- Allow kdm to transition to bootloader_t through grub
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- policy-20070703.patch 6 Dec 2007 21:38:33 -0000 1.151
+++ policy-20070703.patch 7 Dec 2007 18:41:44 -0000 1.152
@@ -3237,7 +3237,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.0.8/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if 2007-12-07 13:35:56.000000000 -0500
@@ -36,6 +36,8 @@
gen_require(`
type mozilla_conf_t, mozilla_exec_t;
@@ -3327,7 +3327,7 @@
# Look for plugins
corecmd_list_bin($1_mozilla_t)
-@@ -165,11 +198,21 @@
+@@ -165,11 +198,23 @@
files_read_var_files($1_mozilla_t)
files_read_var_symlinks($1_mozilla_t)
files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -3342,6 +3342,8 @@
fs_search_auto_mountpoints($1_mozilla_t)
fs_list_inotifyfs($1_mozilla_t)
++ fs_manage_dos_dirs($1_mozilla_t)
++ fs_manage_dos_files($1_mozilla_t)
fs_rw_tmpfs_files($1_mozilla_t)
+ selinux_dontaudit_getattr_fs($1_mozilla_t)
@@ -3349,7 +3351,7 @@
term_dontaudit_getattr_pty_dirs($1_mozilla_t)
libs_use_ld_so($1_mozilla_t)
-@@ -184,16 +227,14 @@
+@@ -184,16 +229,14 @@
sysnet_dns_name_resolve($1_mozilla_t)
sysnet_read_config($1_mozilla_t)
@@ -3370,7 +3372,7 @@
tunable_policy(`allow_execmem',`
allow $1_mozilla_t self:process { execmem execstack };
-@@ -211,131 +252,8 @@
+@@ -211,131 +254,8 @@
fs_manage_cifs_symlinks($1_mozilla_t)
')
@@ -3504,7 +3506,7 @@
')
optional_policy(`
-@@ -350,21 +268,28 @@
+@@ -350,6 +270,7 @@
optional_policy(`
cups_read_rw_config($1_mozilla_t)
cups_dbus_chat($1_mozilla_t)
@@ -3512,20 +3514,15 @@
')
optional_policy(`
- dbus_system_bus_client_template($1_mozilla,$1_mozilla_t)
- dbus_send_system_bus($1_mozilla_t)
-- dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
-- dbus_send_user_bus($1,$1_mozilla_t)
-+# dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
-+# dbus_send_user_bus($1,$1_mozilla_t)
-+ ')
-+
-+ optional_policy(`
-+ gnome_exec_gconf($1_mozilla_t)
-+ gnome_manage_user_gnome_config($1,$1_mozilla_t)
+@@ -360,11 +281,17 @@
')
optional_policy(`
++ gnome_exec_gconf($1_mozilla_t)
++ gnome_manage_user_gnome_config($1,$1_mozilla_t)
++ ')
++
++ optional_policy(`
+ gnome_domtrans_user_gconf($1,$1_mozilla_t)
gnome_stream_connect_gconf_template($1,$1_mozilla_t)
')
@@ -3536,7 +3533,7 @@
')
optional_policy(`
-@@ -384,25 +309,6 @@
+@@ -384,25 +311,6 @@
thunderbird_domtrans_user_thunderbird($1, $1_mozilla_t)
')
@@ -3562,7 +3559,7 @@
')
########################################
-@@ -575,3 +481,27 @@
+@@ -575,3 +483,27 @@
allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
')
@@ -7970,7 +7967,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-12-07 13:31:07.000000000 -0500
@@ -50,6 +50,12 @@
## </param>
#
@@ -8044,7 +8041,23 @@
')
#######################################
-@@ -271,6 +296,32 @@
+@@ -236,11 +261,12 @@
+ class dbus send_msg;
+ ')
+
+- type $2_dbusd_$1_t;
+- type_change $3 $1_dbusd_t:dbus $2_dbusd_$1_t;
++# type $2_dbusd_$1_t;
++# type_change $3 $1_dbusd_t:dbus $2_dbusd_$1_t;
+
+ # SE-DBus specific permissions
+- allow $2_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
++# allow $2_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
++ allow $3 { $1_dbusd_t self }:dbus send_msg;
+
+ # For connecting to the bus
+ allow $3 $1_dbusd_t:unix_stream_socket connectto;
+@@ -271,6 +297,32 @@
allow $2 $1_dbusd_t:dbus send_msg;
')
@@ -8077,7 +8090,7 @@
########################################
## <summary>
## Read dbus configuration.
-@@ -286,6 +337,7 @@
+@@ -286,6 +338,7 @@
type dbusd_etc_t;
')
@@ -8085,7 +8098,7 @@
allow $1 dbusd_etc_t:file read_file_perms;
')
-@@ -346,3 +398,55 @@
+@@ -346,3 +399,55 @@
allow $1 system_dbusd_t:dbus *;
')
@@ -8301,7 +8314,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.8/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dovecot.te 2007-12-06 11:00:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dovecot.te 2007-12-06 20:33:21.000000000 -0500
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -8427,7 +8440,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,12 +198,50 @@
+@@ -185,12 +198,54 @@
seutil_dontaudit_search_config(dovecot_auth_t)
@@ -8445,12 +8458,12 @@
+
+optional_policy(`
+ nis_authenticate(dovecot_auth_t)
- ')
++')
+
+optional_policy(`
+ postfix_manage_pivate_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
-+')
+ ')
+
+# for gssapi (kerberos)
+userdom_list_unpriv_users_tmp(dovecot_auth_t)
@@ -8461,6 +8474,8 @@
+#
+# dovecot deliver local policy
+#
++allow dovecot_deliver_t self:unix_dgram_socket create_socket_perms;
++
+allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+allow dovecot_deliver_t dovecot_var_run_t:dir r_dir_perms;
+
@@ -8475,6 +8490,8 @@
+libs_use_ld_so(dovecot_deliver_t)
+libs_use_shared_libs(dovecot_deliver_t)
+
++logging_send_syslog_msg(dovecot_deliver_t)
++
+miscfiles_read_localization(dovecot_deliver_t)
+
+optional_policy(`
@@ -9624,7 +9641,7 @@
+files_type(mailscanner_spool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.0.8/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.if 2007-12-06 11:03:00.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/mta.if 2007-12-06 16:44:16.000000000 -0500
@@ -87,6 +87,8 @@
# It wants to check for nscd
files_dontaudit_search_pids($1_mail_t)
@@ -14443,7 +14460,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-12-02 22:01:51.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-12-06 20:54:55.000000000 -0500
@@ -16,6 +16,13 @@
## <desc>
@@ -14577,9 +14594,14 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -306,6 +336,11 @@
+@@ -305,7 +335,16 @@
+ ')
optional_policy(`
++ bootloader_domtrans(xdm_t)
++')
++
++optional_policy(`
consolekit_dbus_chat(xdm_t)
+ dbus_system_bus_client_template(xdm, xdm_t)
+ dbus_send_system_bus(xdm_t)
@@ -14589,7 +14611,7 @@
')
optional_policy(`
-@@ -313,6 +348,10 @@
+@@ -313,6 +352,10 @@
')
optional_policy(`
@@ -14600,11 +14622,9 @@
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
-@@ -348,12 +387,8 @@
- ')
-
+@@ -350,10 +393,7 @@
optional_policy(`
-- unconfined_domain(xdm_t)
+ unconfined_domain(xdm_t)
unconfined_domtrans(xdm_t)
-
- ifndef(`distro_redhat',`
@@ -14614,7 +14634,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -385,7 +420,7 @@
+@@ -385,7 +425,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -14623,7 +14643,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +432,15 @@
+@@ -397,6 +437,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -14639,7 +14659,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -425,6 +469,14 @@
+@@ -425,6 +474,14 @@
')
optional_policy(`
@@ -14654,7 +14674,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -434,47 +486,26 @@
+@@ -434,47 +491,26 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.591
retrieving revision 1.592
diff -u -r1.591 -r1.592
--- selinux-policy.spec 6 Dec 2007 21:38:33 -0000 1.591
+++ selinux-policy.spec 7 Dec 2007 18:41:45 -0000 1.592
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 66%{?dist}
+Release: 67%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Thu Dec 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-67
+- Allow kdm to transition to bootloader_t through grub
+
* Thu Dec 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-66
- Allow depmod to read tmp files from rpm
- Dontaudit pam_timestamp_check access to ~.xsessions
More information about the fedora-extras-commits
mailing list