rpms/selinux-policy/devel policy-20071130.patch, 1.13, 1.14 selinux-policy.spec, 1.571, 1.572
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Dec 19 09:27:20 UTC 2007
- Previous message (by thread): rpms/ps3pf-utils/F-8 ps3pf-utils.spec, NONE, 1.1 ps3pf_utils-2.1-rpath.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kdesdk/devel kdesdk-3.97.0-fix-kompare.patch, 1.2, 1.3 kdesdk.spec, 1.85, 1.86
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2105
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Wed Dec 19 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-5
- Fix munin file context
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20071130.patch 18 Dec 2007 19:58:20 -0000 1.13
+++ policy-20071130.patch 19 Dec 2007 09:27:15 -0000 1.14
@@ -765,8 +765,8 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.2.4/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/admin/logrotate.te 2007-12-13 17:37:33.000000000 -0500
-@@ -96,6 +96,7 @@
++++ serefpolicy-3.2.4/policy/modules/admin/logrotate.te 2007-12-18 16:55:23.000000000 -0500
+@@ -96,9 +96,11 @@
files_read_etc_files(logrotate_t)
files_read_etc_runtime_files(logrotate_t)
files_read_all_pids(logrotate_t)
@@ -774,6 +774,10 @@
# Write to /var/spool/slrnpull - should be moved into its own type.
files_manage_generic_spool(logrotate_t)
files_manage_generic_spool_dirs(logrotate_t)
++files_getattr_generic_locks(logrotate_t)
+
+ # cjp: why is this needed?
+ init_domtrans_script(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.2.4/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-10-23 07:37:52.000000000 -0400
+++ serefpolicy-3.2.4/policy/modules/admin/logwatch.te 2007-12-13 17:37:33.000000000 -0500
@@ -3691,7 +3695,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.4/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/kernel/files.if 2007-12-13 17:37:34.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/kernel/files.if 2007-12-18 16:54:32.000000000 -0500
@@ -1266,6 +1266,24 @@
########################################
@@ -5382,7 +5386,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.2.4/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-12-06 13:12:03.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/cron.te 2007-12-18 08:34:29.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/cron.te 2007-12-18 16:51:52.000000000 -0500
@@ -50,6 +50,7 @@
type crond_tmp_t;
@@ -5461,7 +5465,7 @@
optional_policy(`
# Debian logcheck has the home dir set to its cache
logwatch_search_cache_dir(crond_t)
-@@ -180,16 +187,39 @@
+@@ -180,21 +187,45 @@
')
')
@@ -5501,7 +5505,14 @@
amavis_search_lib(crond_t)
')
-@@ -267,9 +297,16 @@
+ optional_policy(`
+- hal_dbus_send(crond_t)
++ hal_dbus_chat(crond_t)
++ hal_dbus_chat(system_crond_t)
+ ')
+
+ optional_policy(`
+@@ -267,9 +298,16 @@
filetrans_pattern(system_crond_t,crond_tmp_t,system_crond_tmp_t,{ file lnk_file })
files_tmp_filetrans(system_crond_t,system_crond_tmp_t,file)
@@ -5519,7 +5530,7 @@
kernel_read_kernel_sysctls(system_crond_t)
kernel_read_system_state(system_crond_t)
-@@ -323,7 +360,7 @@
+@@ -323,7 +361,7 @@
init_read_utmp(system_crond_t)
init_dontaudit_rw_utmp(system_crond_t)
# prelink tells init to restart it self, we either need to allow or dontaudit
@@ -5528,7 +5539,7 @@
auth_use_nsswitch(system_crond_t)
-@@ -333,6 +370,7 @@
+@@ -333,6 +371,7 @@
libs_exec_ld_so(system_crond_t)
logging_read_generic_logs(system_crond_t)
@@ -5536,7 +5547,7 @@
logging_send_syslog_msg(system_crond_t)
miscfiles_read_localization(system_crond_t)
-@@ -383,6 +421,14 @@
+@@ -383,6 +422,14 @@
')
optional_policy(`
@@ -5551,7 +5562,7 @@
mrtg_append_create_logs(system_crond_t)
')
-@@ -415,8 +461,7 @@
+@@ -415,8 +462,7 @@
')
optional_policy(`
@@ -5561,7 +5572,7 @@
')
optional_policy(`
-@@ -424,8 +469,13 @@
+@@ -424,8 +470,13 @@
')
optional_policy(`
@@ -7354,22 +7365,22 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.2.4/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2007-04-30 10:41:38.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/munin.fc 2007-12-18 14:51:15.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/munin.fc 2007-12-19 03:52:33.000000000 -0500
@@ -8,4 +8,5 @@
/var/lib/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
/var/log/munin.* -- gen_context(system_u:object_r:munin_log_t,s0)
/var/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
-/var/www/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
-+/var/www/html/munin(/.*)? gen_context(system_u:object_r:http_munin_content_t,s0)
-+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:http_munin_script_exec_t,s0)
++/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
++/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.2.4/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2007-11-15 13:40:14.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/munin.te 2007-12-18 14:50:13.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/munin.te 2007-12-19 04:07:12.000000000 -0500
@@ -37,6 +37,9 @@
allow munin_t self:unix_dgram_socket { create_socket_perms sendto };
allow munin_t self:tcp_socket create_stream_socket_perms;
allow munin_t self:udp_socket create_socket_perms;
-+allow munin_t self:fifo_file create_fifo_file_perms;
++allow munin_t self:fifo_file manage_fifo_file_perms;
+
+can_exec(munin_t, munin_exec_t)
@@ -7383,7 +7394,15 @@
dev_read_sysfs(munin_t)
dev_read_urand(munin_t)
-@@ -118,3 +122,9 @@
+@@ -91,6 +95,7 @@
+
+ logging_send_syslog_msg(munin_t)
+
++miscfiles_read_fonts(munin_t)
+ miscfiles_read_localization(munin_t)
+
+ sysnet_read_config(munin_t)
+@@ -118,3 +123,9 @@
optional_policy(`
udev_read_db(munin_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.571
retrieving revision 1.572
diff -u -r1.571 -r1.572
--- selinux-policy.spec 18 Dec 2007 13:59:31 -0000 1.571
+++ selinux-policy.spec 19 Dec 2007 09:27:15 -0000 1.572
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.4
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -382,6 +382,9 @@
%endif
%changelog
+* Wed Dec 19 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-5
+- Fix munin file context
+
* Tue Dec 18 2007 Dan Walsh <dwalsh at redhat.com> 3.2.4-4
- Allow cron to run unconfined apps
- Previous message (by thread): rpms/ps3pf-utils/F-8 ps3pf-utils.spec, NONE, 1.1 ps3pf_utils-2.1-rpath.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kdesdk/devel kdesdk-3.97.0-fix-kompare.patch, 1.2, 1.3 kdesdk.spec, 1.85, 1.86
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list