rpms/selinux-policy/F-8 policy-20070703.patch, 1.119, 1.120 selinux-policy.spec, 1.565, 1.566

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Nov 1 17:27:04 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12906

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Thu Nov 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-44
- Add policy.xml to devel
- Dontaudit tmpreaper getattr on lost_found dir
- Additional bluetooth file context
- Allow dhcpc to transition to networkmanager


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -r1.119 -r1.120
--- policy-20070703.patch	31 Oct 2007 13:50:55 -0000	1.119
+++ policy-20070703.patch	1 Nov 2007 17:27:00 -0000	1.120
@@ -2095,8 +2095,16 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te	2007-10-29 23:59:29.000000000 -0400
-@@ -43,5 +43,10 @@
++++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te	2007-11-01 11:49:52.000000000 -0400
+@@ -28,6 +28,7 @@
+ files_purge_tmp(tmpreaper_t)
+ # why does it need setattr?
+ files_setattr_all_tmp_dirs(tmpreaper_t)
++files_dontaudit_getattr_lost_found_dirs(tmpreaper_t)
+ 
+ mls_file_read_all_levels(tmpreaper_t)
+ mls_file_write_all_levels(tmpreaper_t)
+@@ -43,5 +44,10 @@
  cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
  
  optional_policy(`
@@ -4773,12 +4781,12 @@
  neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.0.8/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/storage.fc	2007-11-01 11:47:11.000000000 -0400
 @@ -31,6 +31,7 @@
  /dev/pcd[0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pd[a-d][^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/pg[0-3]		-c	gen_context(system_u:object_r:removable_device_t,s0)
-+/dev/ps3d.*   		-b 	gen_context(system_u:object_r:fixed_disk_device_t:s0)
++/dev/ps3d.*   		-b 	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/ram.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rawctl		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/rd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -6216,6 +6224,14 @@
 +	# normally started from inetd using tcpwrappers, so use those entry points
 +	tcpd_wrapped_domain(bitlbee_t, bitlbee_exec_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.0.8/policy/modules/services/bluetooth.fc
+--- nsaserefpolicy/policy/modules/services/bluetooth.fc	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/bluetooth.fc	2007-11-01 11:53:30.000000000 -0400
+@@ -22,3 +22,4 @@
+ #
+ /var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
+ /var/run/sdp		-s	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
++/var/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.0.8/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/bluetooth.te	2007-10-29 23:59:29.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.565
retrieving revision 1.566
diff -u -r1.565 -r1.566
--- selinux-policy.spec	31 Oct 2007 13:50:55 -0000	1.565
+++ selinux-policy.spec	1 Nov 2007 17:27:01 -0000	1.566
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -70,6 +70,7 @@
 %{_usr}/share/selinux/devel/Makefile
 %{_usr}/share/selinux/devel/policygentool
 %{_usr}/share/selinux/devel/example.*
+%{_usr}/share/selinux/devel/policy.*
 %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
 
 %post devel
@@ -215,6 +216,7 @@
 install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
 install -m 644 $RPM_SOURCE_DIR/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
 install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
+install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
 echo  "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
 chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
 
@@ -373,6 +375,12 @@
 %endif
 
 %changelog
+* Thu Nov 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-44
+- Add policy.xml to devel
+- Dontaudit tmpreaper getattr on lost_found dir
+- Additional bluetooth file context
+- Allow dhcpc to transition to networkmanager
+
 * Tue Oct 30 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-43
 - Add type definition for /dev/kvm

More information about the fedora-extras-commits mailing list