rpms/selinux-policy/F-7 policy-20070501.patch, 1.12, 1.13 selinux-policy.spec, 1.458, 1.459
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed May 23 18:35:59 UTC 2007
- Previous message (by thread): rpms/selinux-policy/devel policy-20070518.patch, 1.1, 1.2 selinux-policy.spec, 1.457, 1.458
- Next message (by thread): rpms/poker-eval/F-7 .cvsignore, 1.5, 1.6 poker-eval.spec, 1.15, 1.16 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26450
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Tue May 22 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-9
- Allow dovecot-auth to send audit messages
- Fix for amands
- Allow semanage to read pp files
- Allow rhgb to read xdm_xserver_tmp
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20070501.patch 21 May 2007 17:33:57 -0000 1.12
+++ policy-20070501.patch 23 May 2007 18:35:24 -0000 1.13
@@ -177,8 +177,8 @@
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-21 10:46:53.000000000 -0400
-@@ -20,20 +20,23 @@
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-23 09:37:35.000000000 -0400
+@@ -20,20 +20,24 @@
# Local policy
#
@@ -193,6 +193,7 @@
+dev_read_sound(alsa_t)
+dev_write_sound(alsa_t)
+
++files_etc_filetrans(alsa_t, alsa_etc_rw_t, file)
manage_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
manage_lnk_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
@@ -205,7 +206,7 @@
libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)
-@@ -44,7 +47,17 @@
+@@ -44,7 +48,17 @@
userdom_manage_unpriv_user_semaphores(alsa_t)
userdom_manage_unpriv_user_shared_mem(alsa_t)
@@ -223,6 +224,28 @@
+ hal_write_log(alsa_t)
+')
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.6.4/policy/modules/admin/amanda.te
+--- nsaserefpolicy/policy/modules/admin/amanda.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amanda.te 2007-05-23 11:17:05.000000000 -0400
+@@ -85,7 +85,7 @@
+
+ # access to amandas data structure
+ allow amanda_t amanda_data_t:dir { read search write };
+-allow amanda_t amanda_data_t:file { read write };
++allow amanda_t amanda_data_t:file manage_file_perms;
+
+ # access to amanda_dumpdates_t
+ allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
+@@ -97,6 +97,9 @@
+ allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
+ allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
+
++manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
++manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
++
+ manage_files_pattern(amanda_t,amanda_log_t,amanda_log_t)
+ manage_dirs_pattern(amanda_t,amanda_log_t,amanda_log_t)
+ logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.4/policy/modules/admin/amtu.fc
--- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-05-21 10:46:53.000000000 -0400
@@ -472,7 +495,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-05-21 11:37:13.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-05-23 09:21:11.000000000 -0400
@@ -26,7 +26,7 @@
# Local policy
#
@@ -482,6 +505,14 @@
allow prelink_t self:process { execheap execmem execstack signal };
allow prelink_t self:fifo_file rw_fifo_file_perms;
+@@ -65,6 +65,7 @@
+ files_read_etc_files(prelink_t)
+ files_read_etc_runtime_files(prelink_t)
+ files_dontaudit_read_all_symlinks(prelink_t)
++files_manage_usr_files(prelink_t)
+
+ fs_getattr_xattr_fs(prelink_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.4/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 14:51:05.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-05-21 10:46:53.000000000 -0400
@@ -1110,8 +1141,8 @@
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.4/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-21 10:46:53.000000000 -0400
-@@ -39,11 +39,12 @@
++++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-23 09:28:27.000000000 -0400
+@@ -39,11 +39,13 @@
files_list_all(locate_t)
files_getattr_all_files(locate_t)
@@ -1122,6 +1153,7 @@
fs_getattr_all_fs(locate_t)
-fs_getattr_all_dirs(locate_t)
+fs_getattr_all_files(locate_t)
++fs_list_all(locate_t)
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
@@ -1510,7 +1542,7 @@
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-21 10:46:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-23 09:20:52.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -1604,7 +1636,32 @@
## Get the attributes of files in /usr.
## </summary>
## <param name="domain">
-@@ -3637,7 +3671,7 @@
+@@ -3432,6 +3466,24 @@
+
+ ########################################
+ ## <summary>
++## Create, read, write, and delete files in the /usr directory.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`files_manage_usr_files',`
++ gen_require(`
++ type usr_t;
++ ')
++
++ manage_files_pattern($1, usr_t, usr_t)
++')
++
++########################################
++## <summary>
+ ## Do not audit attempts to search /usr/src.
+ ## </summary>
+ ## <param name="domain">
+@@ -3637,7 +3689,7 @@
type var_t;
')
@@ -1613,7 +1670,7 @@
')
########################################
-@@ -3993,7 +4027,7 @@
+@@ -3993,7 +4045,7 @@
type var_lock_t;
')
@@ -1622,7 +1679,7 @@
')
########################################
-@@ -4012,7 +4046,7 @@
+@@ -4012,7 +4064,7 @@
type var_t, var_lock_t;
')
@@ -1631,7 +1688,7 @@
')
########################################
-@@ -4181,7 +4215,7 @@
+@@ -4181,7 +4233,7 @@
type var_run_t;
')
@@ -1640,7 +1697,7 @@
')
########################################
-@@ -4529,6 +4563,8 @@
+@@ -4529,6 +4581,8 @@
# Need to give access to /selinux/member
selinux_compute_member($1)
@@ -1649,7 +1706,7 @@
# Need sys_admin capability for mounting
allow $1 self:capability { chown fsetid sys_admin };
-@@ -4551,6 +4587,8 @@
+@@ -4551,6 +4605,8 @@
# Default type for mountpoints
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -1658,7 +1715,7 @@
')
########################################
-@@ -4588,3 +4626,28 @@
+@@ -4588,3 +4644,28 @@
allow $1 { file_type -security_file_type }:dir manage_dir_perms;
')
@@ -2364,8 +2421,22 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-05-21 10:46:53.000000000 -0400
-@@ -106,6 +106,27 @@
++++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-05-23 14:17:52.000000000 -0400
+@@ -47,6 +47,13 @@
+ ## Allow http daemon to tcp connect
+ ## </p>
+ ## </desc>
++gen_tunable(httpd_can_sendmail,false)
++
++## <desc>
++## <p>
++## Allow http daemon to tcp connect
++## </p>
++## </desc>
+ gen_tunable(httpd_can_network_connect,false)
+
+ ## <desc>
+@@ -106,6 +113,27 @@
## </desc>
gen_tunable(httpd_unified,false)
@@ -2393,7 +2464,7 @@
attribute httpdcontent;
# domains that can exec all users scripts
-@@ -257,6 +278,7 @@
+@@ -257,6 +285,7 @@
allow httpd_t httpd_modules_t:dir list_dir_perms;
mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
read_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -2401,7 +2472,7 @@
apache_domtrans_rotatelogs(httpd_t)
# Apache-httpd needs to be able to send signals to the log rotate procs.
-@@ -297,6 +319,7 @@
+@@ -297,6 +326,7 @@
kernel_read_kernel_sysctls(httpd_t)
# for modules that want to access /proc/meminfo
kernel_read_system_state(httpd_t)
@@ -2409,7 +2480,7 @@
corenet_non_ipsec_sendrecv(httpd_t)
corenet_tcp_sendrecv_all_if(httpd_t)
-@@ -342,6 +365,9 @@
+@@ -342,6 +372,9 @@
files_read_var_lib_symlinks(httpd_t)
fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -2419,7 +2490,7 @@
libs_use_ld_so(httpd_t)
libs_use_shared_libs(httpd_t)
-@@ -362,6 +388,10 @@
+@@ -362,6 +395,10 @@
mta_send_mail(httpd_t)
@@ -2430,7 +2501,22 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(httpd_t)
term_dontaudit_use_generic_ptys(httpd_t)
-@@ -416,6 +446,10 @@
+@@ -389,6 +426,14 @@
+ corenet_tcp_connect_all_ports(httpd_t)
+ ')
+
++tunable_policy(`httpd_can_sendmail',`
++ # allow httpd to connect to mail servers
++ corenet_tcp_connect_smtp_port(httpd_t)
++ corenet_sendrecv_smtp_client_packets(httpd_t)
++ corenet_tcp_connect_pop_port(httpd_t)
++ corenet_sendrecv_pop_client_packets(httpd_t)
++')
++
+ tunable_policy(`httpd_can_network_connect_db',`
+ # allow httpd to connect to mysql/posgresql
+ corenet_tcp_connect_postgresql_port(httpd_t)
+@@ -416,6 +461,10 @@
allow httpd_t httpd_unconfined_script_exec_t:dir list_dir_perms;
')
@@ -2441,7 +2527,7 @@
tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
-@@ -433,11 +467,21 @@
+@@ -433,11 +482,21 @@
fs_read_nfs_symlinks(httpd_t)
')
@@ -2463,7 +2549,7 @@
tunable_policy(`httpd_ssi_exec',`
corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
allow httpd_sys_script_t httpd_t:fd use;
-@@ -668,6 +712,12 @@
+@@ -668,6 +727,12 @@
fs_exec_nfs_files(httpd_suexec_t)
')
@@ -2476,7 +2562,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_suexec_t)
fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -706,7 +756,8 @@
+@@ -706,7 +771,8 @@
dontaudit httpd_sys_script_t httpd_config_t:dir search;
@@ -2486,7 +2572,7 @@
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -730,11 +781,21 @@
+@@ -730,11 +796,21 @@
')
')
@@ -2508,7 +2594,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -788,3 +849,19 @@
+@@ -788,3 +864,19 @@
term_dontaudit_use_generic_ptys(httpd_rotatelogs_t)
term_dontaudit_use_unallocated_ttys(httpd_rotatelogs_t)
')
@@ -3320,7 +3406,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-05-21 10:46:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-05-22 14:42:12.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -3387,7 +3473,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -191,6 +198,7 @@
+@@ -191,11 +198,51 @@
seutil_dontaudit_search_config(dovecot_auth_t)
sysnet_dns_name_resolve(dovecot_auth_t)
@@ -3395,17 +3481,18 @@
optional_policy(`
kerberos_use(dovecot_auth_t)
-@@ -199,3 +207,43 @@
- optional_policy(`
- logging_send_syslog_msg(dovecot_auth_t)
')
+
++logging_send_syslog_msg(dovecot_auth_t)
++logging_send_audit_msg(dovecot_auth_t)
+
+optional_policy(`
+ mysql_search_db(dovecot_auth_t)
+ mysql_stream_connect(dovecot_auth_t)
+')
+
-+optional_policy(`
+ optional_policy(`
+- logging_send_syslog_msg(dovecot_auth_t)
+ postfix_create_pivate_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
+')
@@ -3438,7 +3525,7 @@
+ifdef(`targeted_policy',`
+ term_dontaudit_use_unallocated_ttys(dovecot_deliver_t)
+ term_dontaudit_use_generic_ptys(dovecot_deliver_t)
-+')
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-21 10:46:53.000000000 -0400
@@ -4218,8 +4305,13 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-2.6.4/policy/modules/services/openct.te
--- nsaserefpolicy/policy/modules/services/openct.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-05-21 10:46:53.000000000 -0400
-@@ -24,6 +24,8 @@
++++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-05-23 09:19:26.000000000 -0400
+@@ -21,9 +21,13 @@
+ dontaudit openct_t self:capability sys_tty_config;
+ allow openct_t self:process signal_perms;
+
++can_exec(openct_t,openct_exec_t)
++
manage_files_pattern(openct_t,openct_var_run_t,openct_var_run_t)
files_pid_filetrans(openct_t,openct_var_run_t,file)
@@ -4228,7 +4320,7 @@
kernel_read_kernel_sysctls(openct_t)
kernel_list_proc(openct_t)
kernel_read_proc_symlinks(openct_t)
-@@ -31,6 +33,8 @@
+@@ -31,6 +35,8 @@
dev_read_sysfs(openct_t)
# openct asks for this
dev_rw_usbfs(openct_t)
@@ -5096,7 +5188,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-21 10:46:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-23 14:32:58.000000000 -0400
@@ -28,6 +28,35 @@
## </desc>
gen_tunable(samba_share_nfs,false)
@@ -5308,7 +5400,7 @@
allow winbind_helper_t samba_var_t:dir search;
stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -764,3 +837,24 @@
+@@ -764,3 +837,23 @@
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
')
@@ -5331,8 +5423,7 @@
+tunable_policy(`samba_run_unconfined',`
+ domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
+')
-+
-+
++unconfined_domain(samba_unconfined_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.6.4/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/sasl.te 2007-05-21 10:46:53.000000000 -0400
@@ -5682,6 +5773,18 @@
+corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t)
+
+miscfiles_read_certs(httpd_w3c_validator_script_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.6.4/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/xserver.if 2007-05-23 09:19:06.000000000 -0400
+@@ -1136,7 +1136,7 @@
+ type xdm_xserver_tmp_t;
+ ')
+
+- allow $1 xdm_xserver_tmp_t:file { getattr read };
++ read_files_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t)
+ ')
+
+ ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.fc serefpolicy-2.6.4/policy/modules/system/application.fc
--- nsaserefpolicy/policy/modules/system/application.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.6.4/policy/modules/system/application.fc 2007-05-21 10:46:53.000000000 -0400
@@ -6944,7 +7047,7 @@
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.6.4/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-05-21 10:46:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-05-23 13:28:28.000000000 -0400
@@ -16,6 +16,7 @@
type lvm_t;
type lvm_exec_t;
@@ -6981,8 +7084,14 @@
term_getattr_all_user_ttys(lvm_t)
term_list_ptys(lvm_t)
-@@ -307,3 +313,8 @@
+@@ -305,5 +311,14 @@
+ ')
+
optional_policy(`
++ modutils_domtrans_insmod(lvm_t)
++')
++
++optional_policy(`
udev_read_db(lvm_t)
')
+
@@ -7280,7 +7389,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.6.4/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-05-21 10:46:53.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-05-23 10:41:40.000000000 -0400
@@ -1,10 +1,8 @@
policy_module(selinuxutil,1.5.0)
@@ -7459,7 +7568,16 @@
dev_read_urand(semanage_t)
-@@ -621,6 +632,15 @@
+@@ -595,6 +606,8 @@
+
+ # Running genhomedircon requires this for finding all users
+ auth_use_nsswitch(semanage_t)
++# Admins are creating pp files in random locations
++auth_read_all_files_except_shadow(semanage_t)
+
+ libs_use_ld_so(semanage_t)
+ libs_use_shared_libs(semanage_t)
+@@ -621,6 +634,15 @@
userdom_search_sysadm_home_dirs(semanage_t)
@@ -7475,7 +7593,7 @@
# cjp: need a more general way to handle this:
ifdef(`enable_mls',`
# read secadm tmp files
-@@ -700,6 +720,8 @@
+@@ -700,6 +722,8 @@
ifdef(`hide_broken_symptoms',`
# cjp: cover up stray file descriptors.
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.458
retrieving revision 1.459
diff -u -r1.458 -r1.459
--- selinux-policy.spec 21 May 2007 17:33:57 -0000 1.458
+++ selinux-policy.spec 23 May 2007 18:35:24 -0000 1.459
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -359,6 +359,13 @@
%endif
%changelog
+* Tue May 22 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-9
+- Allow dovecot-auth to send audit messages
+- Fix for amands
+- Allow semanage to read pp files
+- Allow rhgb to read xdm_xserver_tmp
+
+
* Mon May 21 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-8
- mdadm needs mknod capability
- Previous message (by thread): rpms/selinux-policy/devel policy-20070518.patch, 1.1, 1.2 selinux-policy.spec, 1.457, 1.458
- Next message (by thread): rpms/poker-eval/F-7 .cvsignore, 1.5, 1.6 poker-eval.spec, 1.15, 1.16 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list