rpms/selinux-policy/devel booleans-olpc.conf, NONE, 1.1 modules-olpc.conf, NONE, 1.1 securetty_types-olpc, NONE, 1.1 setrans-olpc.conf, NONE, 1.1 policy-20070525.patch, 1.3, 1.4 selinux-policy.spec, 1.460, 1.461 sources, 1.127, 1.128
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jun 26 11:16:31 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv534
Modified Files:
policy-20070525.patch selinux-policy.spec sources
Added Files:
booleans-olpc.conf modules-olpc.conf securetty_types-olpc
setrans-olpc.conf
Log Message:
* Fri May 25 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-1
- Remove ifdef strict policy from upstream
--- NEW FILE booleans-olpc.conf ---
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
#
allow_execmem = false
# Allow making a modified private filemapping executable (text relocation).
#
allow_execmod = false
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
allow_execstack = false
# Allow ftp servers to modify public filesused for public file transfer services.
#
allow_ftpd_anon_write = false
# Allow gssd to read temp directory.
#
allow_gssd_read_tmp = false
# Allow sysadm to ptrace all processes
#
allow_ptrace = false
# Allow reading of default_t files.
#
read_default_t = false
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
#
cron_can_relabel = false
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
#
staff_read_sysadm_file = false
# Allow users to read system messages.
#
user_dmesg = false
# Allow sysadm to ptrace all processes
#
allow_ptrace = false
## Control users use of ping and traceroute
user_ping = true
# Allow unlabeled packets to flow
#
allow_unlabeled_packets = true
--- NEW FILE modules-olpc.conf ---
#
# This file contains a listing of available modules.
# To prevent a module from being used in policy
# creation, set the module name to "off".
#
# For monolithic policies, modules set to "base" and "module"
# will be built into the policy.
#
# For modular policies, modules set to "base" will be
# included in the base module. "module" will be compiled
# as individual loadable modules.
#
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
acct = base
# Layer: admin
# Module: alsa
#
# Ainit ALSA configuration tool
#
alsa = base
# Layer: apps
# Module: ada
#
# ada executable
#
ada = base
# Layer: admin
# Module: anaconda
#
# Policy for the Anaconda installer.
#
anaconda = base
# Layer: system
# Module: application
# Required in base
#
# Defines attributs and interfaces for all user applications
#
application = base
# Layer: system
# Module: authlogin
#
# Common policy for authentication and user login.
#
authlogin = base
# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
#
canna = base
# Layer: system
# Module: clock
#
# Policy for reading and setting the hardware clock.
#
clock = base
# Layer: admin
# Module: consoletype
#
# Determine of the console connected to the controlling terminal.
#
consoletype = base
# Layer: kernel
# Module: corecommands
# Required in base
#
# Core policy for shells, and generic programs
# in /bin, /sbin, /usr/bin, and /usr/sbin.
#
corecommands = base
# Layer: kernel
# Module: corenetwork
# Required in base
#
# Policy controlling access to network objects
#
corenetwork = base
# Layer: services
# Module: cpucontrol
#
# Services for loading CPU microcode and CPU frequency scaling.
#
cpucontrol = base
# Layer: services
# Module: dbus
#
# Desktop messaging bus
#
dbus = base
# Layer: kernel
# Module: devices
# Required in base
#
# Device nodes and interfaces for many basic system devices.
#
devices = base
# Layer: services
# Module: dhcp
#
# Dynamic host configuration protocol (DHCP) server
#
dhcp = base
# Layer: system
# Module: domain
# Required in base
#
# Core policy for domains.
#
domain = base
# Layer: kernel
# Module: files
# Required in base
#
# Basic filesystem types and interfaces.
#
files = base
# Layer: kernel
# Module: filesystem
# Required in base
#
# Policy for filesystems.
#
filesystem = base
# Layer: system
# Module: fstools
#
# Tools for filesystem management, such as mkfs and fsck.
#
fstools = base
# Layer: system
# Module: getty
#
# Policy for getty.
#
getty = base
# Layer: services
# Module: hal
#
# Hardware abstraction layer
#
hal = base
# Layer: system
# Module: hotplug
#
# Policy for hotplug system, for supporting the
# connection and disconnection of devices at runtime.
#
hotplug = base
# Layer: system
# Module: init
#
# System initialization programs (init and init scripts).
#
init = base
# Layer: system
# Module: iptables
#
# Policy for iptables.
#
iptables = base
# Layer: apps
# Module: java
#
# java executable
#
java = base
# Layer: kernel
# Module: kernel
# Required in base
#
# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
#
kernel = base
# Layer: admin
# Module: kudzu
#
# Hardware detection and configuration tools
#
kudzu = base
# Layer: system
# Module: libraries
#
# Policy for system libraries.
#
libraries = base
# Layer: system
# Module: locallogin
#
# Policy for local logins.
#
locallogin = base
# Layer: system
# Module: logging
#
# Policy for the kernel message logger and system logging daemon.
#
logging = base
# Layer: kernel
# Module: mcs
# Required in base
#
# MultiCategory security policy
#
mcs = base
# Layer: system
# Module: miscfiles
#
# Miscelaneous files.
#
miscfiles = base
# Layer: system
# Module: modutils
#
# Policy for kernel module utilities
#
modutils = base
# Layer: apps
# Module: mono
#
# mono executable
#
mono = base
# Layer: admin
# Module: netutils
#
# Network analysis utilities
#
netutils = base
# Layer: services
# Module: networkmanager
#
# Manager for dynamically switching between networks.
#
networkmanager = base
# Layer: services
# Module: nscd
#
# Name service cache daemon
#
nscd = base
# Layer: services
# Module: ntp
#
# Network time protocol daemon
#
ntp = base
# Layer: admin
# Module: prelink
#
# Manage temporary directory sizes and file ages
#
prelink = base
# Layer: admin
# Module: readahead
#
# Readahead, read files into page cache for improved performance
#
readahead = base
# Layer: admin
# Module: rpm
#
# Policy for the RPM package manager.
#
rpm = base
# Layer: kernel
# Module: selinux
# Required in base
#
# Policy for kernel security interface, in particular, selinuxfs.
#
selinux = base
# Layer: system
# Module: selinuxutil
#
# Policy for SELinux policy and userland applications.
#
selinuxutil = base
# Layer: kernel
# Module: storage
#
# Policy controlling access to storage devices
#
storage = base
# Layer: system
# Module: sysnetwork
#
# Policy for network configuration: ifconfig and dhcp client.
#
sysnetwork = base
# Layer: system
# Module: udev
#
# Policy for udev.
#
udev = base
# Layer: system
# Module: userdomain
#
# Policy for user domains
#
userdomain = base
# Layer: system
# Module: unconfined
#
# The unconfined domain.
#
unconfined = base
# Layer: admin
# Module: usbmodules
#
# List kernel modules of USB devices
#
usbmodules = base
# Layer: services
# Module: xfs
#
# X Windows Font Server
#
xfs = base
# Layer: services
# Module: xserver
#
# X windows login display manager
#
xserver = base
# Module: terminal
# Required in base
#
# Policy for terminals.
#
terminal = base
# Layer: kernel
# Module: mls
# Required in base
#
# Multilevel security policy
#
mls = base
--- NEW FILE securetty_types-olpc ---
--- NEW FILE setrans-olpc.conf ---
#
# Multi-Category Security translation table for SELinux
#
# Uncomment the following to disable translation libary
# disable=1
#
# Objects can be categorized with 0-1023 categories defined by the admin.
# Objects can be in more than one category at a time.
# Categories are stored in the system as c0-c1023. Users can use this
# table to translate the categories into a more meaningful output.
# Examples:
# s0:c0=CompanyConfidential
# s0:c1=PatientRecord
# s0:c2=Unclassified
# s0:c3=TopSecret
# s0:c1,c3=CompanyConfidentialRedHat
s0=
s0-s0:c0.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh
policy-20070525.patch:
Index: policy-20070525.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070525.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20070525.patch 26 Jun 2007 10:16:54 -0000 1.3
+++ policy-20070525.patch 26 Jun 2007 11:15:55 -0000 1.4
@@ -9489,7 +9489,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/unconfined.te 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/unconfined.te 2007-06-26 07:04:16.000000000 -0400
@@ -5,30 +5,36 @@
#
# Declarations
@@ -9539,7 +9539,7 @@
mcs_ptrace_all(unconfined_t)
init_run_daemon(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
-+init_spec_domtrans_script(unconfined_t)
++init_domtrans_script(unconfined_t)
libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.460
retrieving revision 1.461
diff -u -r1.460 -r1.461
--- selinux-policy.spec 22 Jun 2007 19:21:00 -0000 1.460
+++ selinux-policy.spec 26 Jun 2007 11:15:55 -0000 1.461
@@ -172,7 +172,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2336.
+Based off of reference policy: Checked out revision 2348.
%prep
%setup -q -n serefpolicy-%{version}
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -r1.127 -r1.128
--- sources 31 May 2007 18:40:35 -0000 1.127
+++ sources 26 Jun 2007 11:15:55 -0000 1.128
@@ -1 +1 @@
-7c004ddde0e20cfeba8a94b2aa308a06 serefpolicy-3.0.1.tgz
+15e7cf49d82f31ea9b50c3520399c22d serefpolicy-3.0.1.tgz
More information about the fedora-extras-commits
mailing list