rpms/selinux-policy/F-7 policy-20070501.patch, 1.83, 1.84 selinux-policy.spec, 1.512, 1.513

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20291

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Thu Dec 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-64
- Allow fsadm_t to read file_t


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- policy-20070501.patch	13 Dec 2007 15:59:13 -0000	1.83
+++ policy-20070501.patch	21 Dec 2007 07:58:15 -0000	1.84
@@ -12715,7 +12715,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.6.4/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.te	2007-09-04 10:57:17.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fstools.te	2007-12-20 16:22:24.000000000 -0500
 @@ -9,6 +9,7 @@
  type fsadm_t;
  type fsadm_exec_t;
@@ -12734,7 +12734,16 @@
  #RedHat bug #201164
  corecmd_exec_shell(fsadm_t)
  
-@@ -184,3 +184,9 @@
+@@ -125,6 +125,8 @@
+ files_read_etc_files(fsadm_t)
+ files_manage_lost_found(fsadm_t)
+ files_manage_isid_type_dirs(fsadm_t)
++files_manage_isid_type_files(fsadm_t)
++
+ # Write to /etc/mtab.
+ files_manage_etc_runtime_files(fsadm_t)
+ files_etc_filetrans_etc_runtime(fsadm_t,file)
+@@ -184,3 +186,12 @@
  	fs_dontaudit_write_ramfs_pipes(fsadm_t)
  	rhgb_stub(fsadm_t)
  ')
@@ -12744,6 +12753,9 @@
 +	xen_rw_image_files(fsadm_t)
 +')
 +
++optional_policy(`
++	unconfined_domain(fsadm_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.6.4/policy/modules/system/fusermount.fc
 --- nsaserefpolicy/policy/modules/system/fusermount.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc	2007-08-07 09:42:35.000000000 -0400
@@ -14054,7 +14066,7 @@
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te	2007-10-30 16:18:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te	2007-12-21 02:33:51.000000000 -0500
 @@ -9,6 +9,13 @@
  ifdef(`targeted_policy',`
  ## <desc>
@@ -14184,9 +14196,9 @@
 +#
 +# ntfs local policy
 +#
-+allow mount_t self:fifo_file { read write };
++allow mount_t self:fifo_file rw_fifo_file_perms;
 +allow mount_t self:unix_stream_socket create_stream_socket_perms;
-+allow mount_t self:unix_dgram_socket { connect create };
++allow mount_t self:unix_dgram_socket create_socket_perms; 
 +
 +corecmd_exec_shell(mount_t)
 +


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.512
retrieving revision 1.513
diff -u -r1.512 -r1.513
--- selinux-policy.spec	13 Dec 2007 15:59:13 -0000	1.512
+++ selinux-policy.spec	21 Dec 2007 07:58:15 -0000	1.513
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 63%{?dist}
+Release: 64%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@
 %endif
 
 %changelog
+* Thu Dec 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-64
+- Allow fsadm_t to read file_t
+
 * Thu Dec 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-63
 - Fix labeling on /var/spool/cups