rpms/selinux-policy/F-7 policy-20070501.patch,1.81,1.82
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Dec 12 18:17:52 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12892
Modified Files:
policy-20070501.patch
Log Message:
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-62
- Fix labeling on * /usr/lib64/cups/backend/hp.*
- Upgrade to Fedora 8 cups policy
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- policy-20070501.patch 12 Dec 2007 15:44:27 -0000 1.81
+++ policy-20070501.patch 12 Dec 2007 18:17:48 -0000 1.82
@@ -5205,7 +5205,7 @@
+/usr/local/Printer/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-12-12 10:42:46.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-12-12 11:22:12.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(cups,1.6.0)
@@ -5310,18 +5310,16 @@
mls_fd_use_all_levels(cupsd_t)
mls_file_downgrade(cupsd_t)
--mls_file_write_down(cupsd_t)
--mls_file_read_up(cupsd_t)
+ mls_file_write_down(cupsd_t)
+ mls_file_read_up(cupsd_t)
-mls_rangetrans_target(cupsd_t)
-+mls_file_write_all_levels(cupsd_t)
-+mls_file_read_all_levels(cupsd_t)
mls_socket_write_all_levels(cupsd_t)
term_use_unallocated_ttys(cupsd_t)
term_search_ptys(cupsd_t)
auth_domtrans_chk_passwd(cupsd_t)
-+auth_domtrans_upd_passwd_chk(cupsd_t)
++auth_domtrans_upd_passwd(cupsd_t)
auth_dontaudit_read_pam_pid(cupsd_t)
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
@@ -5356,7 +5354,7 @@
logging_send_syslog_msg(cupsd_t)
miscfiles_read_localization(cupsd_t)
-@@ -223,25 +224,27 @@
+@@ -223,22 +224,23 @@
sysnet_read_config(cupsd_t)
@@ -5385,11 +5383,7 @@
init_stream_connect_script(cupsd_t)
unconfined_rw_pipes(cupsd_t)
-+ unconfined_rw_stream_sockets(cupsd_t)
-
- optional_policy(`
- init_dbus_chat_script(cupsd_t)
-@@ -284,16 +287,16 @@
+@@ -284,16 +286,16 @@
')
optional_policy(`
@@ -5410,7 +5404,7 @@
seutil_sigchld_newrole(cupsd_t)
')
-@@ -341,7 +344,8 @@
+@@ -341,7 +343,8 @@
kernel_read_system_state(cupsd_config_t)
kernel_read_kernel_sysctls(cupsd_config_t)
@@ -5420,7 +5414,7 @@
corenet_tcp_sendrecv_all_if(cupsd_config_t)
corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
corenet_tcp_sendrecv_all_ports(cupsd_config_t)
-@@ -351,6 +355,7 @@
+@@ -351,6 +354,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -5428,7 +5422,7 @@
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -396,12 +401,11 @@
+@@ -396,12 +400,11 @@
')
')
@@ -5444,7 +5438,7 @@
unconfined_rw_pipes(cupsd_config_t)
')
-@@ -422,6 +426,7 @@
+@@ -422,6 +425,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -5452,7 +5446,7 @@
')
optional_policy(`
-@@ -492,7 +497,8 @@
+@@ -492,7 +496,8 @@
kernel_read_system_state(cupsd_lpd_t)
kernel_read_network_state(cupsd_lpd_t)
@@ -5462,7 +5456,7 @@
corenet_tcp_sendrecv_all_if(cupsd_lpd_t)
corenet_udp_sendrecv_all_if(cupsd_lpd_t)
corenet_tcp_sendrecv_all_nodes(cupsd_lpd_t)
-@@ -510,6 +516,8 @@
+@@ -510,6 +515,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -5471,7 +5465,7 @@
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -517,22 +525,12 @@
+@@ -517,22 +524,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -5494,7 +5488,7 @@
########################################
#
# HPLIP local policy
-@@ -550,14 +548,12 @@
+@@ -550,14 +547,12 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -5513,7 +5507,7 @@
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -565,7 +561,8 @@
+@@ -565,7 +560,8 @@
kernel_read_system_state(hplip_t)
kernel_read_kernel_sysctls(hplip_t)
@@ -5523,7 +5517,7 @@
corenet_tcp_sendrecv_all_if(hplip_t)
corenet_udp_sendrecv_all_if(hplip_t)
corenet_raw_sendrecv_all_if(hplip_t)
-@@ -587,7 +584,7 @@
+@@ -587,7 +583,7 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -5532,7 +5526,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -614,13 +611,7 @@
+@@ -614,13 +610,7 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -5547,7 +5541,7 @@
optional_policy(`
seutil_sigchld_newrole(hplip_t)
-@@ -662,7 +653,8 @@
+@@ -662,7 +652,8 @@
kernel_list_proc(ptal_t)
kernel_read_proc_symlinks(ptal_t)
@@ -5557,7 +5551,7 @@
corenet_tcp_sendrecv_all_if(ptal_t)
corenet_tcp_sendrecv_all_nodes(ptal_t)
corenet_tcp_sendrecv_all_ports(ptal_t)
-@@ -693,12 +685,6 @@
+@@ -693,12 +684,6 @@
userdom_dontaudit_use_unpriv_user_fds(ptal_t)
userdom_dontaudit_search_all_users_home_content(ptal_t)
@@ -5570,7 +5564,7 @@
optional_policy(`
seutil_sigchld_newrole(ptal_t)
')
-@@ -706,3 +692,54 @@
+@@ -706,3 +691,50 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -5583,10 +5577,6 @@
+userdom_read_unpriv_users_tmp_files(cupsd_t)
+files_dontaudit_getattr_all_tmp_sockets(cupsd_t)
+
-+optional_policy(`
-+ unconfined_read_tmp_files(cupsd_t)
-+')
-+
+ifdef(`targeted_policy',`
+ term_dontaudit_use_unallocated_ttys(cupsd_t)
+ term_dontaudit_use_generic_ptys(cupsd_t)
More information about the fedora-extras-commits
mailing list