rpms/selinux-policy/F-8 policy-20070703.patch, 1.157, 1.158 selinux-policy.spec, 1.595, 1.596

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Fri Dec 21 08:00:54 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20460

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Wed Dec 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-69
- Allow ssh to read sym links in homedirs


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- policy-20070703.patch	18 Dec 2007 19:58:21 -0000	1.157
+++ policy-20070703.patch	21 Dec 2007 08:00:48 -0000	1.158
@@ -15579,7 +15579,7 @@
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.0.8/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/fstools.te	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/fstools.te	2007-12-20 16:21:38.000000000 -0500
 @@ -109,8 +109,7 @@
  
  term_use_console(fsadm_t)
@@ -15590,7 +15590,15 @@
  #RedHat bug #201164
  corecmd_exec_shell(fsadm_t)
  
-@@ -183,4 +182,9 @@
+@@ -126,6 +125,7 @@
+ files_read_etc_files(fsadm_t)
+ files_manage_lost_found(fsadm_t)
+ files_manage_isid_type_dirs(fsadm_t)
++files_manage_isid_type_files(fsadm_t)
+ # Write to /etc/mtab.
+ files_manage_etc_runtime_files(fsadm_t)
+ files_etc_filetrans_etc_runtime(fsadm_t,file)
+@@ -183,4 +183,13 @@
  
  optional_policy(`
  	xen_append_log(fsadm_t)
@@ -15599,6 +15607,10 @@
 +
 +tunable_policy(`xen_use_nfs',`
 +	fs_manage_nfs_files(fsadm_t)
++')
++
++optional_policy(`
++	unconfined_domain(fsadm_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-3.0.8/policy/modules/system/fusermount.fc
 --- nsaserefpolicy/policy/modules/system/fusermount.fc	1969-12-31 19:00:00.000000000 -0500
@@ -17434,7 +17446,7 @@
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/mount.te	2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/mount.te	2007-12-21 02:36:44.000000000 -0500
 @@ -8,6 +8,13 @@
  
  ## <desc>
@@ -17549,33 +17561,44 @@
  ')
  
  optional_policy(`
-@@ -189,10 +204,6 @@
- 	samba_domtrans_smbmount(mount_t)
+@@ -180,17 +195,17 @@
+ 	')
  ')
  
--optional_policy(`
+-# for kernel package installation
+ optional_policy(`
+-	rpm_rw_pipes(mount_t)
++	lvm_domtrans(mount_t)
+ ')
+ 
++# for kernel package installation
+ optional_policy(`
+-	samba_domtrans_smbmount(mount_t)
++	rpm_rw_pipes(mount_t)
+ ')
+ 
+ optional_policy(`
 -	nscd_socket_use(mount_t)
--')
--
++	samba_domtrans_smbmount(mount_t)
+ ')
+ 
  ########################################
- #
- # Unconfined mount local policy
-@@ -201,4 +212,29 @@
+@@ -201,4 +216,29 @@
  optional_policy(`
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)
 +	optional_policy(`
 +		hal_dbus_chat(unconfined_mount_t)
 +	')
-+')
+ ')
 +
 +########################################
 +#
 +# ntfs local policy
 +#
-+allow mount_t self:fifo_file { read write };
++allow mount_t self:fifo_file rw_fifo_file_perms;
 +allow mount_t self:unix_stream_socket create_stream_socket_perms;
-+allow mount_t self:unix_dgram_socket { connect create };
++allow mount_t self:unix_dgram_socket create_socket_perms; 
 +
 +corecmd_exec_shell(mount_t)
 +
@@ -17588,7 +17611,7 @@
 +	hal_write_log(mount_t)
 +	hal_use_fds(mount_t)
 +	hal_rw_pipes(mount_t)
- ')
++')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.0.8/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2007-10-22 13:21:39.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.595
retrieving revision 1.596
diff -u -r1.595 -r1.596
--- selinux-policy.spec	17 Dec 2007 22:50:40 -0000	1.595
+++ selinux-policy.spec	21 Dec 2007 08:00:48 -0000	1.596
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 69%{?dist}
+Release: 70%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz

More information about the fedora-extras-commits mailing list