rpms/selinux-policy/devel policy-20070525.patch, 1.11, 1.12 selinux-policy.spec, 1.465, 1.466
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jul 2 20:32:48 UTC 2007
- Previous message (by thread): rpms/selinux-policy/F-7 booleans-targeted.conf, 1.27, 1.28 policy-20070501.patch, 1.30, 1.31 selinux-policy.spec, 1.475, 1.476
- Next message (by thread): rpms/pango/devel .cvsignore, 1.59, 1.60 pango.spec, 1.117, 1.118 sources, 1.59, 1.60
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19566
Modified Files:
policy-20070525.patch selinux-policy.spec
Log Message:
* Mon Jul 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-5
- Default to user_u:system_r:unconfined_t
policy-20070525.patch:
Index: policy-20070525.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070525.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20070525.patch 2 Jul 2007 15:00:50 -0000 1.11
+++ policy-20070525.patch 2 Jul 2007 20:32:38 -0000 1.12
@@ -3121,7 +3121,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.1/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-06-11 16:05:30.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/apache.te 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/apache.te 2007-07-02 12:44:51.000000000 -0400
@@ -47,6 +47,13 @@
## Allow http daemon to tcp connect
## </p>
@@ -3662,19 +3662,20 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.0.1/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/bind.te 2007-06-19 17:06:27.000000000 -0400
-@@ -119,6 +119,10 @@
++++ serefpolicy-3.0.1/policy/modules/services/bind.te 2007-07-02 11:10:15.000000000 -0400
+@@ -118,6 +118,11 @@
+ corenet_sendrecv_dns_client_packets(named_t)
corenet_sendrecv_rndc_server_packets(named_t)
corenet_sendrecv_rndc_client_packets(named_t)
-
++corenet_udp_bind_all_unreserved_ports(named_t)
++
+#dnsmasq
+corenet_tcp_bind_dhcpd_port(named_t)
+corenet_udp_bind_dhcpd_port(named_t)
-+
+
dev_read_sysfs(named_t)
dev_read_rand(named_t)
-
-@@ -230,6 +234,7 @@
+@@ -230,6 +235,7 @@
corenet_tcp_sendrecv_all_nodes(ndc_t)
corenet_tcp_sendrecv_all_ports(ndc_t)
corenet_tcp_connect_rndc_port(ndc_t)
@@ -3682,7 +3683,7 @@
corenet_sendrecv_rndc_client_packets(ndc_t)
fs_getattr_xattr_fs(ndc_t)
-@@ -257,6 +262,10 @@
+@@ -257,6 +263,10 @@
allow ndc_t named_conf_t:dir search;
')
@@ -5536,7 +5537,7 @@
corenet_tcp_connect_all_ports(ypxfr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.0.1/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/nscd.te 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/nscd.te 2007-07-02 11:38:32.000000000 -0400
@@ -28,14 +28,14 @@
# Local policy
#
@@ -5555,7 +5556,16 @@
allow nscd_t self:tcp_socket create_socket_perms;
allow nscd_t self:udp_socket create_socket_perms;
-@@ -92,6 +92,7 @@
+@@ -72,6 +72,8 @@
+ corenet_udp_sendrecv_all_nodes(nscd_t)
+ corenet_tcp_sendrecv_all_ports(nscd_t)
+ corenet_udp_sendrecv_all_ports(nscd_t)
++corenet_udp_bind_all_nodes(nscd_t)
++corenet_udp_bind_all_nodes(nscd_t)
+ corenet_tcp_connect_all_ports(nscd_t)
+ corenet_sendrecv_all_client_packets(nscd_t)
+ corenet_rw_tun_tap_dev(nscd_t)
+@@ -92,6 +94,7 @@
libs_use_ld_so(nscd_t)
libs_use_shared_libs(nscd_t)
@@ -5563,7 +5573,7 @@
logging_send_syslog_msg(nscd_t)
miscfiles_read_localization(nscd_t)
-@@ -113,3 +114,11 @@
+@@ -113,3 +116,12 @@
xen_dontaudit_rw_unix_stream_sockets(nscd_t)
xen_append_log(nscd_t)
')
@@ -5573,8 +5583,9 @@
+ samba_append_log(nscd_t)
+ samba_dontaudit_use_fds(nscd_t)
+ ')
++ samba_read_config(nscd_t)
++ samba_read_var_files(nscd_t)
+')
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.0.1/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-06-11 16:05:30.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/ntp.te 2007-06-19 17:06:27.000000000 -0400
@@ -5666,8 +5677,22 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.0.1/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2007-06-11 16:05:30.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/openvpn.te 2007-06-19 17:06:27.000000000 -0400
-@@ -42,8 +42,8 @@
++++ serefpolicy-3.0.1/policy/modules/services/openvpn.te 2007-07-02 12:46:29.000000000 -0400
+@@ -6,6 +6,13 @@
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Allow openvpn to read home directories
++## </p>
++## </desc>
++gen_tunable(openvpn_enable_homedirs,false)
++
+ # main openvpn domain
+ type openvpn_t;
+ type openvpn_exec_t;
+@@ -42,8 +49,8 @@
allow openvpn_t openvpn_var_log_t:file manage_file_perms;
logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
@@ -5678,7 +5703,7 @@
kernel_read_kernel_sysctls(openvpn_t)
kernel_read_net_sysctls(openvpn_t)
-@@ -66,6 +66,7 @@
+@@ -66,6 +73,7 @@
corenet_udp_bind_openvpn_port(openvpn_t)
corenet_sendrecv_openvpn_server_packets(openvpn_t)
corenet_rw_tun_tap_dev(openvpn_t)
@@ -5686,18 +5711,30 @@
dev_search_sysfs(openvpn_t)
dev_read_rand(openvpn_t)
-@@ -84,6 +85,11 @@
+@@ -80,10 +88,23 @@
+ logging_send_syslog_msg(openvpn_t)
+
+ miscfiles_read_localization(openvpn_t)
++miscfiles_read_certs(openvpn_t)
+
sysnet_dns_name_resolve(openvpn_t)
sysnet_exec_ifconfig(openvpn_t)
-+ifdef(`targeted_policy',`
-+ # Need to interact with terminals if config option "auth-user-pass" is used
-+ term_use_generic_ptys(openvpn_t)
++tunable_policy(`openvpn_enable_homedirs',`
++ userdom_read_unpriv_users_home_content_files(openvpn_t)
+')
+
optional_policy(`
daemontools_service_domain(openvpn_t,openvpn_exec_t)
')
++
++# Need to interact with terminals if config option "auth-user-pass" is used
++userdom_use_sysadm_terms(openvpn_t)
++
++optional_policy(`
++ unconfined_use_terminals(openvpn_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-3.0.1/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/pegasus.if 2007-06-19 17:06:27.000000000 -0400
@@ -7221,7 +7258,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-06-11 16:05:30.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/xserver.te 2007-06-20 09:48:35.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/xserver.te 2007-07-02 12:10:01.000000000 -0400
@@ -16,6 +16,13 @@
## <desc>
@@ -7236,7 +7273,7 @@
## Allow xdm logins as sysadm
## </p>
## </desc>
-@@ -132,6 +139,7 @@
+@@ -132,15 +139,19 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -7244,7 +7281,10 @@
manage_dirs_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
manage_files_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
-@@ -140,7 +148,8 @@
+ files_var_lib_filetrans(xdm_t,xdm_var_lib_t,file)
++# Read machine-id
++files_read_var_lib_files(xdm_t)
+
manage_dirs_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
manage_files_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
manage_fifo_files_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
@@ -7254,7 +7294,7 @@
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -245,6 +254,7 @@
+@@ -245,6 +256,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -7262,7 +7302,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -256,6 +266,7 @@
+@@ -256,6 +268,7 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -7270,7 +7310,7 @@
miscfiles_read_localization(xdm_t)
miscfiles_read_fonts(xdm_t)
-@@ -270,6 +281,10 @@
+@@ -270,6 +283,10 @@
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -7281,7 +7321,7 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -305,6 +320,8 @@
+@@ -305,6 +322,8 @@
optional_policy(`
consolekit_dbus_chat(xdm_t)
@@ -7290,7 +7330,7 @@
')
optional_policy(`
-@@ -347,12 +364,8 @@
+@@ -347,12 +366,8 @@
')
optional_policy(`
@@ -7304,7 +7344,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -424,6 +437,10 @@
+@@ -424,6 +439,10 @@
')
optional_policy(`
@@ -7315,7 +7355,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -433,47 +450,15 @@
+@@ -433,47 +452,15 @@
')
optional_policy(`
@@ -8767,12 +8807,12 @@
files_dontaudit_search_isid_type_dirs(syslogd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.0.1/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-05-29 14:10:58.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/lvm.fc 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/lvm.fc 2007-07-02 16:25:30.000000000 -0400
@@ -15,6 +15,7 @@
#
/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0)
/etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0)
-+/etc/lvm/cache(./*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
++/etc/lvm/cache(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
@@ -9534,7 +9574,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.1/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/unconfined.if 2007-06-22 11:17:20.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/unconfined.if 2007-07-02 12:39:12.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.465
retrieving revision 1.466
diff -u -r1.465 -r1.466
--- selinux-policy.spec 2 Jul 2007 15:00:50 -0000 1.465
+++ selinux-policy.spec 2 Jul 2007 20:32:38 -0000 1.466
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.1
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
- Previous message (by thread): rpms/selinux-policy/F-7 booleans-targeted.conf, 1.27, 1.28 policy-20070501.patch, 1.30, 1.31 selinux-policy.spec, 1.475, 1.476
- Next message (by thread): rpms/pango/devel .cvsignore, 1.59, 1.60 pango.spec, 1.117, 1.118 sources, 1.59, 1.60
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list