rpms/selinux-policy/devel policy-20071130.patch, 1.11, 1.12 selinux-policy.spec, 1.570, 1.571
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Dec 18 13:59:34 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27203
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Dec 18 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-4
- Allow cron to run unconfined apps
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20071130.patch 17 Dec 2007 22:49:08 -0000 1.11
+++ policy-20071130.patch 18 Dec 2007 13:59:31 -0000 1.12
@@ -5323,7 +5323,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.2.4/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-12-06 13:12:03.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/cron.te 2007-12-13 17:37:34.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/cron.te 2007-12-18 08:34:29.000000000 -0500
@@ -50,6 +50,7 @@
type crond_tmp_t;
@@ -5373,7 +5373,16 @@
kernel_read_kernel_sysctls(crond_t)
kernel_search_key(crond_t)
-@@ -148,7 +154,9 @@
+@@ -133,6 +139,8 @@
+ corecmd_read_bin_symlinks(crond_t)
+
+ domain_use_interactive_fds(crond_t)
++domain_subj_id_change_exemption(crond_t)
++domain_role_change_exemption(crond_t)
+
+ files_read_etc_files(crond_t)
+ files_read_generic_spool(crond_t)
+@@ -148,7 +156,9 @@
libs_use_ld_so(crond_t)
libs_use_shared_libs(crond_t)
@@ -5383,7 +5392,7 @@
seutil_read_config(crond_t)
seutil_read_default_contexts(crond_t)
-@@ -163,9 +171,6 @@
+@@ -163,9 +173,6 @@
mta_send_mail(crond_t)
ifdef(`distro_debian',`
@@ -5393,7 +5402,7 @@
optional_policy(`
# Debian logcheck has the home dir set to its cache
logwatch_search_cache_dir(crond_t)
-@@ -180,16 +185,39 @@
+@@ -180,16 +187,39 @@
')
')
@@ -5433,7 +5442,7 @@
amavis_search_lib(crond_t)
')
-@@ -267,9 +295,16 @@
+@@ -267,9 +297,16 @@
filetrans_pattern(system_crond_t,crond_tmp_t,system_crond_tmp_t,{ file lnk_file })
files_tmp_filetrans(system_crond_t,system_crond_tmp_t,file)
@@ -5451,7 +5460,7 @@
kernel_read_kernel_sysctls(system_crond_t)
kernel_read_system_state(system_crond_t)
-@@ -323,7 +358,7 @@
+@@ -323,7 +360,7 @@
init_read_utmp(system_crond_t)
init_dontaudit_rw_utmp(system_crond_t)
# prelink tells init to restart it self, we either need to allow or dontaudit
@@ -5460,7 +5469,7 @@
auth_use_nsswitch(system_crond_t)
-@@ -333,6 +368,7 @@
+@@ -333,6 +370,7 @@
libs_exec_ld_so(system_crond_t)
logging_read_generic_logs(system_crond_t)
@@ -5468,7 +5477,7 @@
logging_send_syslog_msg(system_crond_t)
miscfiles_read_localization(system_crond_t)
-@@ -383,6 +419,14 @@
+@@ -383,6 +421,14 @@
')
optional_policy(`
@@ -5483,7 +5492,7 @@
mrtg_append_create_logs(system_crond_t)
')
-@@ -415,8 +459,7 @@
+@@ -415,8 +461,7 @@
')
optional_policy(`
@@ -5493,12 +5502,13 @@
')
optional_policy(`
-@@ -424,8 +467,12 @@
+@@ -424,8 +469,13 @@
')
optional_policy(`
+ unconfined_dbus_send(crond_t)
+ unconfined_shell_domtrans(crond_t)
++ unconfined_domain(crond_t)
unconfined_domain(system_crond_t)
+')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.570
retrieving revision 1.571
diff -u -r1.570 -r1.571
--- selinux-policy.spec 17 Dec 2007 22:49:08 -0000 1.570
+++ selinux-policy.spec 18 Dec 2007 13:59:31 -0000 1.571
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.4
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -382,6 +382,9 @@
%endif
%changelog
+* Tue Dec 18 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-4
+- Allow cron to run unconfined apps
+
* Mon Dec 17 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-3
- Modify default login to unconfined_u
More information about the fedora-extras-commits
mailing list