rpms/selinux-policy/F-8 policy-20070703.patch,1.156,1.157
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Dec 18 19:58:31 UTC 2007
- Previous message (by thread): rpms/gpsbabel/F-7 .cvsignore, 1.2, 1.3 gpsbabel.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/selinux-policy/devel modules-targeted.conf, 1.75, 1.76 policy-20071130.patch, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14823
Modified Files:
policy-20070703.patch
Log Message:
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-69
- Allow ssh to read sym links in homedirs
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -r1.156 -r1.157
--- policy-20070703.patch 17 Dec 2007 22:50:40 -0000 1.156
+++ policy-20070703.patch 18 Dec 2007 19:58:21 -0000 1.157
@@ -1615,7 +1615,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.0.8/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/kudzu.te 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/admin/kudzu.te 2007-12-18 13:49:54.000000000 -0500
@@ -21,8 +21,8 @@
# Local policy
#
@@ -1644,7 +1644,7 @@
# kudzu will telinit to make init re-read
# the inittab after configuring serial consoles
init_telinit(kudzu_t)
-@@ -134,20 +137,15 @@
+@@ -134,36 +137,18 @@
')
optional_policy(`
@@ -1667,16 +1667,24 @@
+ udev_read_db(kudzu_t)
')
- ifdef(`TODO',`
-@@ -162,6 +160,9 @@
- allow kudzu_t rhgb_t:unix_stream_socket connectto;
- ')
+-ifdef(`TODO',`
+-allow kudzu_t modules_conf_t:file unlink;
+-optional_policy(`
+- allow kudzu_t printconf_t:file { getattr read };
+-')
optional_policy(`
+- allow kudzu_t xserver_exec_t:file getattr;
+-')
+-optional_policy(`
+- allow kudzu_t rhgb_t:unix_stream_socket connectto;
+-')
+-optional_policy(`
+- role system_r types sysadm_userhelper_t;
+- domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
+-')
+-allow kudzu_t cupsd_rw_etc_t:dir r_dir_perms;
++ unconfined_domtrans(kudzu_t)
+ unconfined_domain(kudzu_t)
-+')
-+optional_policy(`
- role system_r types sysadm_userhelper_t;
- domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.0.8/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-10-22 13:21:42.000000000 -0400
@@ -3886,7 +3894,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2007-12-18 11:39:11.000000000 -0500
@@ -36,6 +36,11 @@
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -3899,7 +3907,15 @@
/etc/hotplug/.*agent -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/.*rc -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0)
-@@ -126,10 +131,10 @@
+@@ -108,7 +113,6 @@
+ /opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+-
+ #
+ # /usr
+ #
+@@ -126,10 +130,10 @@
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -3912,7 +3928,7 @@
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
-@@ -163,7 +168,10 @@
+@@ -163,8 +167,13 @@
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -3922,9 +3938,12 @@
+/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -180,6 +188,7 @@
+ /usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
+@@ -180,6 +189,7 @@
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
@@ -3932,7 +3951,7 @@
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -259,3 +268,18 @@
+@@ -259,3 +269,18 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -4210,7 +4229,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.0.8/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.if 2007-12-18 10:37:23.000000000 -0500
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -6861,8 +6880,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.0.8/policy/modules/services/bitlbee.te
--- nsaserefpolicy/policy/modules/services/bitlbee.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/bitlbee.te 2007-12-02 21:15:34.000000000 -0500
-@@ -0,0 +1,70 @@
++++ serefpolicy-3.0.8/policy/modules/services/bitlbee.te 2007-12-18 09:56:09.000000000 -0500
+@@ -0,0 +1,73 @@
+
+policy_module(bitlbee, 1.0.0)
+
@@ -6919,6 +6938,9 @@
+corenet_tcp_connect_msnp_port(bitlbee_t)
+corenet_tcp_sendrecv_msnp_port(bitlbee_t)
+
++dev_read_rand(bitlbee_t)
++dev_read_urand(bitlbee_t)
++
+files_read_etc_files(bitlbee_t)
+files_search_pids(bitlbee_t)
+# grant read-only access to the user help files
@@ -13377,7 +13399,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.0.8/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/spamassassin.if 2007-12-05 08:51:28.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/spamassassin.if 2007-12-18 13:43:52.000000000 -0500
@@ -286,6 +286,12 @@
userdom_manage_user_home_content_symlinks($1,spamd_t)
')
@@ -13415,7 +13437,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.0.8/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/spamassassin.te 2007-12-13 15:57:17.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/spamassassin.te 2007-12-18 13:54:36.000000000 -0500
@@ -81,11 +81,12 @@
# var/lib files for spamd
@@ -13452,6 +13474,37 @@
dcc_stream_connect_dccifd(spamd_t)
')
+@@ -212,3 +216,30 @@
+ optional_policy(`
+ udev_read_db(spamd_t)
+ ')
++
++optional_policy(`
++tunable_policy(`spamd_enable_home_dirs',`
++ userdom_manage_user_home_content_dirs(unconfined,spamd_t)
++ userdom_manage_user_home_content_files(unconfined,spamd_t)
++ userdom_manage_user_home_content_symlinks(unconfined,spamd_t)
++')
++
++optional_policy(`
++ tunable_policy(`spamd_enable_home_dirs',`
++ razor_manage_user_home_files(unconfined,spamd_t)
++ ')
++')
++')
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(spamd_t)
++ fs_manage_nfs_files(spamd_t)
++ fs_manage_nfs_symlinks(spamd_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(spamd_t)
++ fs_manage_cifs_files(spamd_t)
++ fs_manage_cifs_symlinks(spamd_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.0.8/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/squid.fc 2007-12-02 21:15:34.000000000 -0500
- Previous message (by thread): rpms/gpsbabel/F-7 .cvsignore, 1.2, 1.3 gpsbabel.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/selinux-policy/devel modules-targeted.conf, 1.75, 1.76 policy-20071130.patch, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list