rpms/selinux-policy/devel .cvsignore, 1.113, 1.114 modules-mls.conf, 1.26, 1.27 modules-strict.conf, 1.28, 1.29 modules-targeted.conf, 1.58, 1.59 policy-20070501.patch, 1.1, 1.2 selinux-policy.spec, 1.447, 1.448 sources, 1.122, 1.123
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri May 4 17:14:40 UTC 2007
- Previous message (by thread): rpms/pidgin/devel purple-fedora-prefs.xml, NONE, 1.1 .cvsignore, 1.3, 1.4 pidgin.spec, 1.10, 1.11 sources, 1.3, 1.4
- Next message (by thread): rpms/listen/devel listen.spec,1.28,1.29
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15754
Modified Files:
.cvsignore modules-mls.conf modules-strict.conf
modules-targeted.conf policy-20070501.patch
selinux-policy.spec sources
Log Message:
* Fri May 4 2007 Dan Walsh <dwalsh at redhat.com> 2.6.3-1
- Update to latest from upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- .cvsignore 1 May 2007 20:53:29 -0000 1.113
+++ .cvsignore 4 May 2007 17:14:04 -0000 1.114
@@ -115,3 +115,4 @@
serefpolicy-2.5.12.tgz
serefpolicy-2.6.1.tgz
serefpolicy-2.6.2.tgz
+serefpolicy-2.6.3.tgz
Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- modules-mls.conf 20 Mar 2007 20:45:45 -0000 1.26
+++ modules-mls.conf 4 May 2007 17:14:04 -0000 1.27
@@ -1031,6 +1031,13 @@
#
pcscd = module
+# Layer: service
+# Module: openct
+#
+# Middleware framework for smart card terminals
+#
+openct = module
+
# Layer: system
# Module: tzdata
#
Index: modules-strict.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-strict.conf,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- modules-strict.conf 17 Apr 2007 19:28:14 -0000 1.28
+++ modules-strict.conf 4 May 2007 17:14:04 -0000 1.29
@@ -1389,3 +1389,11 @@
# w3c
#
w3c = module
+
+# Layer: service
+# Module: openct
+#
+# Middleware framework for smart card terminals
+#
+openct = module
+
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- modules-targeted.conf 27 Apr 2007 17:23:49 -0000 1.58
+++ modules-targeted.conf 4 May 2007 17:14:04 -0000 1.59
@@ -829,6 +829,13 @@
#
pcscd = module
+# Layer: service
+# Module: openct
+#
+# Middleware framework for smart card terminals
+#
+openct = module
+
# Layer: system
# Module: pcmcia
#
policy-20070501.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.1 -r 1.2 policy-20070501.patch
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070501.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20070501.patch 1 May 2007 20:53:29 -0000 1.1
+++ policy-20070501.patch 4 May 2007 17:14:04 -0000 1.2
@@ -1,25 +1,18 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-2.6.2/Changelog
---- nsaserefpolicy/Changelog 2007-04-30 22:35:02.000000000 -0400
-+++ serefpolicy-2.6.2/Changelog 2007-04-30 10:52:21.000000000 -0400
-@@ -1,6 +1,3 @@
--- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
--- Patch to allow slocate to getattr other filesystems and directories on those
-- filesystems from Dan Walsh.
- - Fixes for RHEL4 from the CLIP project.
- - Replace the old lrrd fc entries with munin ones.
- - Move program admin template usage out of userdom_admin_user_template() to
-@@ -8,8 +5,6 @@
- parties.
- - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
- template instead of an interface.
--- Added modules:
-- rwho (Nalin Dahyabhai)
-
- * Tue Apr 17 2007 Chris PeBenito <selinux at tresys.com> - 20070417
- - Patch for sasl's use of kerberos from Dan Walsh.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.2/policy/flask/access_vectors
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.6.3/man/man8/ftpd_selinux.8
+--- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-04-02 10:58:34.000000000 -0400
++++ serefpolicy-2.6.3/man/man8/ftpd_selinux.8 2007-05-04 12:31:34.000000000 -0400
+@@ -12,7 +12,7 @@
+ .TP
+ chcon -R -t public_content_t /var/ftp
+ .TP
+-If you want to setup a directory where you can upload files to you must label the files and directories ftpd_anon_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
++If you want to setup a directory where you can upload files to you must label the files and directories public_content_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
+ .TP
+ chcon -t public_content_rw_t /var/ftp/incoming
+ .TP
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.3/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.6.2/policy/flask/access_vectors 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/flask/access_vectors 2007-05-04 12:31:34.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -38,9 +31,9 @@
}
class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.6.2/policy/global_booleans
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.6.3/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.2/policy/global_booleans 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/global_booleans 2007-05-04 12:31:34.000000000 -0400
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -57,9 +50,9 @@
## <desc>
## <p>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.6.2/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.6.3/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-03-26 16:24:14.000000000 -0400
-+++ serefpolicy-2.6.2/policy/global_tunables 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/global_tunables 2007-05-04 12:31:34.000000000 -0400
@@ -102,12 +102,6 @@
## </desc>
gen_tunable(use_samba_home_dirs,false)
@@ -86,9 +79,9 @@
+## </desc>
+gen_tunable(allow_console_login,false)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.2/policy/mls
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.3/policy/mls
--- nsaserefpolicy/policy/mls 2007-03-09 13:02:20.000000000 -0500
-+++ serefpolicy-2.6.2/policy/mls 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/mls 2007-05-04 12:31:34.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -160,9 +153,9 @@
( t2 == unlabeled_t ));
mlsconstrain association { polmatch }
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.6.2/policy/modules/admin/acct.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.6.3/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/admin/acct.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/acct.te 2007-05-04 12:31:34.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -171,25 +164,25 @@
type acct_data_t;
logging_log_file(acct_data_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.2/policy/modules/admin/alsa.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.3/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/admin/alsa.fc 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/alsa.fc 2007-05-04 12:31:34.000000000 -0400
@@ -1,4 +1,5 @@
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.2/policy/modules/admin/amtu.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.3/policy/modules/admin/amtu.fc
--- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/admin/amtu.fc 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/amtu.fc 2007-05-04 12:31:34.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.6.2/policy/modules/admin/amtu.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.6.3/policy/modules/admin/amtu.if
--- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/admin/amtu.if 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/amtu.if 2007-05-04 12:31:34.000000000 -0400
@@ -0,0 +1,53 @@
+## <summary>
+## abstract Machine Test Utility
@@ -244,9 +237,9 @@
+ role $2 types amtu_t;
+ allow amtu_t $3:chr_file rw_term_perms;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.2/policy/modules/admin/amtu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.3/policy/modules/admin/amtu.te
--- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/admin/amtu.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/amtu.te 2007-05-04 12:31:34.000000000 -0400
@@ -0,0 +1,57 @@
+policy_module(amtu,1.0.23)
+
@@ -305,9 +298,9 @@
+ term_dontaudit_search_ptys(amtu_t)
+');
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.2/policy/modules/admin/bootloader.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.3/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/admin/bootloader.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/bootloader.te 2007-05-04 12:31:34.000000000 -0400
@@ -65,6 +65,8 @@
files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
@@ -325,9 +318,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.2/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.3/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/admin/consoletype.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/consoletype.te 2007-05-04 12:31:34.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -359,9 +352,9 @@
domain_use_interactive_fds(consoletype_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.2/policy/modules/admin/dmesg.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.3/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/admin/dmesg.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/dmesg.te 2007-05-04 12:31:34.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -370,9 +363,9 @@
role system_r types dmesg_t;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.2/policy/modules/admin/kudzu.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.3/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/admin/kudzu.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/kudzu.te 2007-05-04 12:31:34.000000000 -0400
@@ -21,8 +21,8 @@
# Local policy
#
@@ -393,9 +386,9 @@
# kudzu will telinit to make init re-read
# the inittab after configuring serial consoles
init_telinit(kudzu_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.2/policy/modules/admin/logrotate.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.3/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/admin/logrotate.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/admin/logrotate.te 2007-05-04 12:31:34.000000000 -0400
@@ -75,6 +75,7 @@
mls_file_read_up(logrotate_t)
mls_file_write_down(logrotate_t)
[...2679 lines suppressed...]
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.6.2/policy/modules/system/unconfined.if 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/system/unconfined.if 2007-05-04 12:38:48.000000000 -0400
@@ -18,7 +18,7 @@
')
@@ -7526,9 +7699,32 @@
nscd_unconfined($1)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.2/policy/modules/system/unconfined.te
+@@ -556,3 +559,22 @@
+
+ allow $1 unconfined_t:dbus acquire_svc;
+ ')
++
++########################################
++## <summary>
++## Allow ptrace of unconfined domain
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`unconfined_ptrace',`
++ gen_require(`
++ type unconfined_t;
++ ')
++
++ allow $1 unconfined_t:process ptrace;
++')
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.3/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/system/unconfined.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/system/unconfined.te 2007-05-04 12:31:35.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -7554,7 +7750,18 @@
optional_policy(`
ada_domtrans(unconfined_t)
')
-@@ -153,6 +164,8 @@
+@@ -63,10 +74,6 @@
+ ')
+
+ optional_policy(`
+- bootloader_domtrans(unconfined_t)
+- ')
+-
+- optional_policy(`
+ init_dbus_chat_script(unconfined_t)
+
+ dbus_stub(unconfined_t)
+@@ -153,6 +160,8 @@
optional_policy(`
rpm_domtrans(unconfined_t)
@@ -7563,7 +7770,7 @@
')
optional_policy(`
-@@ -192,6 +205,9 @@
+@@ -192,6 +201,9 @@
optional_policy(`
xserver_domtrans_xdm_xserver(unconfined_t)
')
@@ -7573,7 +7780,7 @@
')
########################################
-@@ -200,10 +216,18 @@
+@@ -200,10 +212,18 @@
#
ifdef(`targeted_policy',`
@@ -7592,9 +7799,9 @@
dbus_stub(unconfined_execmem_t)
init_dbus_chat_script(unconfined_execmem_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.2/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.3/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/system/userdomain.if 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/system/userdomain.if 2007-05-04 12:36:46.000000000 -0400
@@ -114,6 +114,18 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -8027,7 +8234,7 @@
')
########################################
-@@ -5721,3 +5713,92 @@
+@@ -5721,3 +5713,112 @@
allow $1 user_home_dir_t:dir manage_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -8120,9 +8327,29 @@
+ dontaudit $1 sysadm_home_dir_t:dir write;
+ ')
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.2/policy/modules/system/userdomain.te
++
++########################################
++## <summary>
++## Ptrace all user domains.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`userdom_ptrace_all_users',`
++ gen_require(`
++ attribute userdomain;
++ ')
++
++ allow $1 userdomain:process ptrace;
++')
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.3/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/system/userdomain.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/system/userdomain.te 2007-05-04 12:31:35.000000000 -0400
@@ -15,7 +15,6 @@
# Declarations
#
@@ -8299,9 +8526,9 @@
+tunable_policy(`allow_console_login', `
+ term_use_console(userdomain)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.2/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.3/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.2/policy/modules/system/xen.te 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/modules/system/xen.te 2007-05-04 12:31:35.000000000 -0400
@@ -25,6 +25,10 @@
domain_type(xend_t)
init_daemon_domain(xend_t, xend_exec_t)
@@ -8384,9 +8611,9 @@
+fs_read_nfs_files(xend_t)
+fs_getattr_all_fs(xend_t)
+fs_read_dos_files(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-2.6.2/policy/support/misc_patterns.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-2.6.3/policy/support/misc_patterns.spt
--- nsaserefpolicy/policy/support/misc_patterns.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.6.2/policy/support/misc_patterns.spt 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/policy/support/misc_patterns.spt 2007-05-04 12:31:35.000000000 -0400
@@ -41,11 +41,6 @@
#
# Other process permissions
@@ -8399,10 +8626,18 @@
define(`ps_process_pattern',`
allow $1 $2:dir { search getattr read };
allow $1 $2:{ file lnk_file } { read getattr };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.2/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.6.2/policy/support/obj_perm_sets.spt 2007-04-30 11:26:06.000000000 -0400
-@@ -215,7 +215,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.3/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-04 12:19:23.000000000 -0400
++++ serefpolicy-2.6.3/policy/support/obj_perm_sets.spt 2007-05-04 12:31:35.000000000 -0400
+@@ -203,7 +203,6 @@
+ define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
+ define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
+ define(`create_dir_perms',`{ getattr create }')
+-define(`rename_dir_perms',`{ getattr rename }')
+ define(`delete_dir_perms',`{ getattr rmdir }')
+ define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
+ define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
+@@ -216,7 +215,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
define(`read_file_perms',`{ getattr read lock ioctl }')
@@ -8411,7 +8646,7 @@
define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
define(`append_file_perms',`{ getattr append lock ioctl }')
define(`write_file_perms',`{ getattr write append lock ioctl }')
-@@ -324,3 +324,13 @@
+@@ -325,3 +324,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
@@ -8425,9 +8660,9 @@
+define(`all_association', `{ sendto recvfrom setcontext polmatch } ')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.2/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.3/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400
-+++ serefpolicy-2.6.2/Rules.modular 2007-04-30 11:26:06.000000000 -0400
++++ serefpolicy-2.6.3/Rules.modular 2007-05-04 12:31:35.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.447
retrieving revision 1.448
diff -u -r1.447 -r1.448
--- selinux-policy.spec 2 May 2007 02:53:14 -0000 1.447
+++ selinux-policy.spec 4 May 2007 17:14:04 -0000 1.448
@@ -16,7 +16,7 @@
%define CHECKPOLICYVER 2.0.1-2
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.6.2
+Version: 2.6.3
Release: 1%{?dist}
License: GPL
Group: System Environment/Base
@@ -359,6 +359,9 @@
%endif
%changelog
+* Fri May 4 2007 Dan Walsh <dwalsh at redhat.com> 2.6.3-1
+- Update to latest from upstream
+
* Mon Apr 30 2007 Dan Walsh <dwalsh at redhat.com> 2.6.2-1
- Update to latest from upstream
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- sources 2 May 2007 02:53:14 -0000 1.122
+++ sources 4 May 2007 17:14:04 -0000 1.123
@@ -1 +1 @@
-9d4a51d5eb19dcf85fa1e28bfb27d048 serefpolicy-2.6.2.tgz
+e7e4854e3bd60e61453f054b404ec3b9 serefpolicy-2.6.3.tgz
- Previous message (by thread): rpms/pidgin/devel purple-fedora-prefs.xml, NONE, 1.1 .cvsignore, 1.3, 1.4 pidgin.spec, 1.10, 1.11 sources, 1.3, 1.4
- Next message (by thread): rpms/listen/devel listen.spec,1.28,1.29
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list