rpms/selinux-policy/F-7 policy-20070501.patch, 1.24, 1.25 selinux-policy.spec, 1.468, 1.469

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Jun 19 19:55:25 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31450

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-20
- Allow crond to domtrans to uncofined_t


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- policy-20070501.patch	19 Jun 2007 17:59:44 -0000	1.24
+++ policy-20070501.patch	19 Jun 2007 19:55:19 -0000	1.25
@@ -3373,7 +3373,7 @@
  		# fcron wants an instant update of a crontab change for the administrator
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.6.4/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cron.te	2007-06-19 13:37:21.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cron.te	2007-06-19 14:42:30.000000000 -0400
 @@ -42,6 +42,9 @@
  type cron_log_t;
  logging_log_file(cron_log_t)
@@ -3564,13 +3564,14 @@
  		mrtg_append_create_logs(system_crond_t)
  	')
  
-@@ -471,6 +479,13 @@
+@@ -471,6 +479,14 @@
  		sysstat_manage_log(system_crond_t)
  	')
  
 +	optional_policy(`
 +		unconfined_dbus_send(crond_t)
 +		unconfined_domain(crond_t)
++		unconfined_shell_domtrans(crond_t)
 +		unconfined_domain(system_crond_t)
 +		userdom_priveleged_home_dir_manager(system_crond_t)
 +	')
@@ -5347,7 +5348,7 @@
  /usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.6.4/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.if	2007-06-18 10:20:10.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.if	2007-06-19 15:11:24.000000000 -0400
 @@ -124,6 +124,7 @@
  	allow postfix_$1_t self:udp_socket create_socket_perms;
  
@@ -5368,7 +5369,7 @@
  	')
  ')
  
-@@ -274,6 +273,24 @@
+@@ -274,6 +273,42 @@
  
  ########################################
  ## <summary>
@@ -5390,10 +5391,28 @@
 +
 +########################################
 +## <summary>
++##	Allow domain to read postfix master process state
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`postfix_read_master_state',`
++	gen_require(`
++		type postfix_master_t;
++	')
++
++	read_files_pattern($1,postfix_master_t,postfix_master_t)
++')
++
++########################################
++## <summary>
  ##	Do not audit attempts to use
  ##	postfix master process file
  ##	file descriptors.
-@@ -439,6 +456,25 @@
+@@ -439,6 +474,25 @@
  
  ########################################
  ## <summary>
@@ -5419,7 +5438,7 @@
  ##	Execute postfix user mail programs
  ##	in their respective domains.
  ## </summary>
-@@ -455,3 +491,22 @@
+@@ -455,3 +509,22 @@
  
  	typeattribute $1 postfix_user_domtrans;
  ')
@@ -5588,7 +5607,7 @@
  # for scripts
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/procmail.te	2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/procmail.te	2007-06-19 15:11:05.000000000 -0400
 @@ -10,6 +10,7 @@
  type procmail_exec_t;
  domain_type(procmail_t)
@@ -5606,7 +5625,7 @@
  kernel_read_system_state(procmail_t)
  kernel_read_kernel_sysctls(procmail_t)
  
-@@ -101,9 +104,15 @@
+@@ -101,9 +104,16 @@
  ')
  
  optional_policy(`
@@ -5619,10 +5638,11 @@
  	postfix_dontaudit_use_fds(procmail_t)
 +	postfix_read_spool_files(procmail_t)
 +	postfix_read_local_state(procmail_t)
++	postfix_read_master_state(procmail_t)
  ')
  
  optional_policy(`
-@@ -119,8 +128,13 @@
+@@ -119,8 +129,13 @@
  
  optional_policy(`
  	corenet_udp_bind_generic_port(procmail_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.468
retrieving revision 1.469
diff -u -r1.468 -r1.469
--- selinux-policy.spec	19 Jun 2007 17:59:44 -0000	1.468
+++ selinux-policy.spec	19 Jun 2007 19:55:20 -0000	1.469
@@ -360,7 +360,7 @@
 %endif
 
 %changelog
-* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-19
+* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-20
 - Allow crond to domtrans to uncofined_t
 
 * Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-18

More information about the fedora-extras-commits mailing list