[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy/F-7 policy-20070501.patch, 1.10, 1.11 selinux-policy.spec, 1.456, 1.457



Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17075

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Fri May 18 2007 Dan Walsh <dwalsh redhat com> 2.6.4-7
- Allow kerberos servers to use ldap for backing store


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- policy-20070501.patch	17 May 2007 17:16:26 -0000	1.10
+++ policy-20070501.patch	18 May 2007 13:58:12 -0000	1.11
@@ -1636,6 +1636,17 @@
 +	allow $1 root_t:dir rw_dir_perms;
 +	allow $1 root_t:file { create getattr write };
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te
+--- nsaserefpolicy/policy/modules/kernel/files.te	2007-04-23 09:35:56.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.te	2007-05-17 14:00:25.000000000 -0400
+@@ -54,6 +54,7 @@
+ files_type(etc_t)
+ # compatibility aliases for removed types:
+ typealias etc_t alias automount_etc_t;
++typealias etc_t alias snmpd_etc_t;
+ 
+ #
+ # etc_runtime_t is the type of various
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-03-26 16:24:09.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if	2007-05-08 09:59:33.000000000 -0400
@@ -3774,7 +3785,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.6.4/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2007-04-23 09:36:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/kerberos.te	2007-05-08 09:59:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/kerberos.te	2007-05-18 08:58:24.000000000 -0400
 @@ -5,6 +5,7 @@
  #
  # Declarations
@@ -3783,7 +3794,23 @@
  
  ## <desc>
  ## <p>
-@@ -248,3 +249,36 @@
+@@ -126,6 +127,7 @@
+ miscfiles_read_localization(kadmind_t)
+ 
+ sysnet_read_config(kadmind_t)
++sysnet_use_ldap(kadmind_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(kadmind_t)
+ userdom_dontaudit_search_sysadm_home_dirs(kadmind_t)
+@@ -227,6 +229,7 @@
+ miscfiles_read_localization(krb5kdc_t)
+ 
+ sysnet_read_config(krb5kdc_t)
++sysnet_use_ldap(krb5kdc_t)
+ 
+ userdom_dontaudit_use_unpriv_user_fds(krb5kdc_t)
+ userdom_dontaudit_search_sysadm_home_dirs(krb5kdc_t)
+@@ -248,3 +251,36 @@
  optional_policy(`
  	udev_read_db(krb5kdc_t)
  ')
@@ -5328,10 +5355,35 @@
  
  storage_raw_read_fixed_disk(fsdaemon_t)
  storage_raw_write_fixed_disk(fsdaemon_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-2.6.4/policy/modules/services/snmp.fc
+--- nsaserefpolicy/policy/modules/services/snmp.fc	2006-11-16 17:15:20.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/snmp.fc	2007-05-17 13:59:01.000000000 -0400
+@@ -1,11 +1,5 @@
+ 
+ #
+-# /etc
+-#
+-
+-/etc/snmp/snmp(trap)?d\.conf -- gen_context(system_u:object_r:snmpd_etc_t,s0)
+-
+-#
+ # /usr
+ #
+ /usr/sbin/snmp(trap)?d	--	gen_context(system_u:object_r:snmpd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.6.4/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2007-05-07 10:32:44.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/snmp.te	2007-05-08 09:59:33.000000000 -0400
-@@ -26,7 +26,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/snmp.te	2007-05-17 14:05:57.000000000 -0400
+@@ -9,9 +9,6 @@
+ type snmpd_exec_t;
+ init_daemon_domain(snmpd_t,snmpd_exec_t)
+ 
+-type snmpd_etc_t;
+-files_config_file(snmpd_etc_t)
+-
+ type snmpd_log_t;
+ logging_log_file(snmpd_log_t)
+ 
+@@ -26,15 +23,13 @@
  # Local policy
  #
  allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
@@ -5340,7 +5392,15 @@
  allow snmpd_t self:fifo_file rw_fifo_file_perms;
  allow snmpd_t self:unix_dgram_socket create_socket_perms;
  allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
-@@ -135,18 +135,19 @@
+ allow snmpd_t self:tcp_socket create_stream_socket_perms;
+ allow snmpd_t self:udp_socket connected_stream_socket_perms;
+ 
+-allow snmpd_t snmpd_etc_t:file { getattr read };
+-
+ allow snmpd_t snmpd_log_t:file manage_file_perms;
+ logging_log_filetrans(snmpd_t,snmpd_log_t,file)
+ 
+@@ -135,18 +130,19 @@
  
  optional_policy(`
  	mta_read_config(snmpd_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.456
retrieving revision 1.457
diff -u -r1.456 -r1.457
--- selinux-policy.spec	17 May 2007 17:16:26 -0000	1.456
+++ selinux-policy.spec	18 May 2007 13:58:12 -0000	1.457
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -359,6 +359,9 @@
 %endif
 
 %changelog
+* Fri May 18 2007 Dan Walsh <dwalsh redhat com> 2.6.4-7
+- Allow kerberos servers to use ldap for backing store
+
 * Thu May 17 2007 Dan Walsh <dwalsh redhat com> 2.6.4-6
 - allow alsactl to read kernel state
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]