rpms/selinux-policy/F-7 policy-20070501.patch, 1.83, 1.84 selinux-policy.spec, 1.512, 1.513
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Dec 21 07:58:22 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20291
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Thu Dec 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-64
- Allow fsadm_t to read file_t
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- policy-20070501.patch 13 Dec 2007 15:59:13 -0000 1.83
+++ policy-20070501.patch 21 Dec 2007 07:58:15 -0000 1.84
@@ -12715,7 +12715,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.6.4/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-09-04 10:57:17.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-12-20 16:22:24.000000000 -0500
@@ -9,6 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -12734,7 +12734,16 @@
#RedHat bug #201164
corecmd_exec_shell(fsadm_t)
-@@ -184,3 +184,9 @@
+@@ -125,6 +125,8 @@
+ files_read_etc_files(fsadm_t)
+ files_manage_lost_found(fsadm_t)
+ files_manage_isid_type_dirs(fsadm_t)
++files_manage_isid_type_files(fsadm_t)
++
+ # Write to /etc/mtab.
+ files_manage_etc_runtime_files(fsadm_t)
+ files_etc_filetrans_etc_runtime(fsadm_t,file)
+@@ -184,3 +186,12 @@
fs_dontaudit_write_ramfs_pipes(fsadm_t)
rhgb_stub(fsadm_t)
')
@@ -12744,6 +12753,9 @@
+ xen_rw_image_files(fsadm_t)
+')
+
++optional_policy(`
++ unconfined_domain(fsadm_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.6.4/policy/modules/system/fusermount.fc
--- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-08-07 09:42:35.000000000 -0400
@@ -14054,7 +14066,7 @@
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-10-30 16:18:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-12-21 02:33:51.000000000 -0500
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
## <desc>
@@ -14184,9 +14196,9 @@
+#
+# ntfs local policy
+#
-+allow mount_t self:fifo_file { read write };
++allow mount_t self:fifo_file rw_fifo_file_perms;
+allow mount_t self:unix_stream_socket create_stream_socket_perms;
-+allow mount_t self:unix_dgram_socket { connect create };
++allow mount_t self:unix_dgram_socket create_socket_perms;
+
+corecmd_exec_shell(mount_t)
+
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.512
retrieving revision 1.513
diff -u -r1.512 -r1.513
--- selinux-policy.spec 13 Dec 2007 15:59:13 -0000 1.512
+++ selinux-policy.spec 21 Dec 2007 07:58:15 -0000 1.513
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 63%{?dist}
+Release: 64%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@
%endif
%changelog
+* Thu Dec 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-64
+- Allow fsadm_t to read file_t
+
* Thu Dec 13 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-63
- Fix labeling on /var/spool/cups
More information about the fedora-extras-commits
mailing list