rpms/selinux-policy/F-7 policy-20070501.patch, 1.10, 1.11 selinux-policy.spec, 1.456, 1.457
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri May 18 13:58:19 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17075
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Fri May 18 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-7
- Allow kerberos servers to use ldap for backing store
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20070501.patch 17 May 2007 17:16:26 -0000 1.10
+++ policy-20070501.patch 18 May 2007 13:58:12 -0000 1.11
@@ -1636,6 +1636,17 @@
+ allow $1 root_t:dir rw_dir_perms;
+ allow $1 root_t:file { create getattr write };
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te 2007-04-23 09:35:56.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-05-17 14:00:25.000000000 -0400
+@@ -54,6 +54,7 @@
+ files_type(etc_t)
+ # compatibility aliases for removed types:
+ typealias etc_t alias automount_etc_t;
++typealias etc_t alias snmpd_etc_t;
+
+ #
+ # etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-03-26 16:24:09.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-05-08 09:59:33.000000000 -0400
@@ -3774,7 +3785,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.6.4/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2007-04-23 09:36:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-05-08 09:59:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-05-18 08:58:24.000000000 -0400
@@ -5,6 +5,7 @@
#
# Declarations
@@ -3783,7 +3794,23 @@
## <desc>
## <p>
-@@ -248,3 +249,36 @@
+@@ -126,6 +127,7 @@
+ miscfiles_read_localization(kadmind_t)
+
+ sysnet_read_config(kadmind_t)
++sysnet_use_ldap(kadmind_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
+ userdom_dontaudit_search_sysadm_home_dirs(kadmind_t)
+@@ -227,6 +229,7 @@
+ miscfiles_read_localization(krb5kdc_t)
+
+ sysnet_read_config(krb5kdc_t)
++sysnet_use_ldap(krb5kdc_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
+ userdom_dontaudit_search_sysadm_home_dirs(krb5kdc_t)
+@@ -248,3 +251,36 @@
optional_policy(`
udev_read_db(krb5kdc_t)
')
@@ -5328,10 +5355,35 @@
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-2.6.4/policy/modules/services/snmp.fc
+--- nsaserefpolicy/policy/modules/services/snmp.fc 2006-11-16 17:15:20.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/snmp.fc 2007-05-17 13:59:01.000000000 -0400
+@@ -1,11 +1,5 @@
+
+ #
+-# /etc
+-#
+-
+-/etc/snmp/snmp(trap)?d\.conf -- gen_context(system_u:object_r:snmpd_etc_t,s0)
+-
+-#
+ # /usr
+ #
+ /usr/sbin/snmp(trap)?d -- gen_context(system_u:object_r:snmpd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.6.4/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2007-05-07 10:32:44.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-05-08 09:59:33.000000000 -0400
-@@ -26,7 +26,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-05-17 14:05:57.000000000 -0400
+@@ -9,9 +9,6 @@
+ type snmpd_exec_t;
+ init_daemon_domain(snmpd_t,snmpd_exec_t)
+
+-type snmpd_etc_t;
+-files_config_file(snmpd_etc_t)
+-
+ type snmpd_log_t;
+ logging_log_file(snmpd_log_t)
+
+@@ -26,15 +23,13 @@
# Local policy
#
allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
@@ -5340,7 +5392,15 @@
allow snmpd_t self:fifo_file rw_fifo_file_perms;
allow snmpd_t self:unix_dgram_socket create_socket_perms;
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -135,18 +135,19 @@
+ allow snmpd_t self:tcp_socket create_stream_socket_perms;
+ allow snmpd_t self:udp_socket connected_stream_socket_perms;
+
+-allow snmpd_t snmpd_etc_t:file { getattr read };
+-
+ allow snmpd_t snmpd_log_t:file manage_file_perms;
+ logging_log_filetrans(snmpd_t,snmpd_log_t,file)
+
+@@ -135,18 +130,19 @@
optional_policy(`
mta_read_config(snmpd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.456
retrieving revision 1.457
diff -u -r1.456 -r1.457
--- selinux-policy.spec 17 May 2007 17:16:26 -0000 1.456
+++ selinux-policy.spec 18 May 2007 13:58:12 -0000 1.457
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -359,6 +359,9 @@
%endif
%changelog
+* Fri May 18 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-7
+- Allow kerberos servers to use ldap for backing store
+
* Thu May 17 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-6
- allow alsactl to read kernel state
More information about the fedora-extras-commits
mailing list