rpms/selinux-policy/F-8 policy-20070703.patch, 1.122, 1.123 selinux-policy.spec, 1.568, 1.569
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Nov 6 21:06:44 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5254
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Tue Nov 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
- Allow all dns_resolves to use avahi stream
- Don't transition from unconfined_t to ping_t
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- policy-20070703.patch 6 Nov 2007 16:46:45 -0000 1.122
+++ policy-20070703.patch 6 Nov 2007 21:06:39 -0000 1.123
@@ -16438,7 +16438,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.0.8/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2007-11-06 15:55:57.000000000 -0500
@@ -145,6 +145,25 @@
########################################
@@ -16465,7 +16465,18 @@
## Send and receive messages from
## dhcpc over dbus.
## </summary>
-@@ -522,6 +541,8 @@
+@@ -493,6 +512,10 @@
+
+ files_search_etc($1)
+ allow $1 net_conf_t:file read_file_perms;
++
++ optional_policy(`
++ avahi_stream_connect($1)
++ ')
+ ')
+
+ ########################################
+@@ -522,6 +545,8 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
@@ -16474,7 +16485,7 @@
')
########################################
-@@ -556,3 +577,23 @@
+@@ -556,3 +581,23 @@
files_search_etc($1)
allow $1 net_conf_t:file read_file_perms;
')
@@ -17245,7 +17256,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-02 11:09:48.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-06 16:01:20.000000000 -0500
@@ -29,8 +29,9 @@
')
@@ -18077,7 +18088,7 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-@@ -1029,15 +1135,11 @@
+@@ -1029,23 +1135,14 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
@@ -18087,15 +18098,24 @@
optional_policy(`
- kerberos_use($1_t)
-- ')
--
-- optional_policy(`
-- loadkeys_run($1_t,$1_r,$1_tty_device_t)
+ hal_dbus_chat($1_t)
')
+- optional_policy(`
+- loadkeys_run($1_t,$1_r,$1_tty_device_t)
+- ')
+-
+- optional_policy(`
+- netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+- netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+- ')
+-
+- # Run pppd in pppd_t by default for user
++ # Run pppd in pppd_t by default for user
optional_policy(`
-@@ -1054,17 +1156,6 @@
+ ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+ ')
+@@ -1054,17 +1151,6 @@
setroubleshoot_stream_connect($1_t)
')
@@ -18113,7 +18133,7 @@
')
#######################################
-@@ -1102,6 +1193,8 @@
+@@ -1102,6 +1188,8 @@
class passwd { passwd chfn chsh rootok crontab };
')
@@ -18122,7 +18142,7 @@
##############################
#
# Declarations
-@@ -1127,7 +1220,7 @@
+@@ -1127,7 +1215,7 @@
# $1_t local policy
#
@@ -18131,7 +18151,7 @@
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
-@@ -1139,7 +1232,11 @@
+@@ -1139,7 +1227,11 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -18144,7 +18164,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
-@@ -1277,6 +1374,7 @@
+@@ -1277,6 +1369,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -18152,7 +18172,7 @@
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1642,9 +1740,13 @@
+@@ -1642,9 +1735,13 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@@ -18166,7 +18186,7 @@
files_type($2)
')
-@@ -1894,10 +1996,46 @@
+@@ -1894,10 +1991,46 @@
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
type $1_home_dir_t, $1_home_t;
@@ -18214,7 +18234,7 @@
')
########################################
-@@ -3078,7 +3216,7 @@
+@@ -3078,7 +3211,7 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -18223,7 +18243,7 @@
')
files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4609,11 +4747,29 @@
+@@ -4609,11 +4742,29 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -18254,7 +18274,7 @@
')
########################################
-@@ -4633,6 +4789,14 @@
+@@ -4633,6 +4784,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -18269,7 +18289,7 @@
')
########################################
-@@ -5323,7 +5487,7 @@
+@@ -5323,7 +5482,7 @@
attribute user_tmpfile;
')
@@ -18278,7 +18298,7 @@
')
########################################
-@@ -5529,6 +5693,24 @@
+@@ -5529,6 +5688,24 @@
########################################
## <summary>
@@ -18303,7 +18323,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5559,3 +5741,386 @@
+@@ -5559,3 +5736,386 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -18692,7 +18712,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.0.8/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.te 2007-11-06 16:05:52.000000000 -0500
@@ -24,13 +24,6 @@
## <desc>
@@ -18812,7 +18832,7 @@
', `
userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -494,3 +497,7 @@
+@@ -494,3 +497,15 @@
optional_policy(`
yam_run(sysadm_t,sysadm_r,admin_terminal)
')
@@ -18820,6 +18840,14 @@
+tunable_policy(`allow_console_login', `
+ term_use_console(userdomain)
+')
++
++optional_policy(`
++ netutils_run_ping_cond(user_t,user_r,{ user_tty_device_t user_devpts_t })
++ netutils_run_ping_cond(staff_t,staff_r,{ staff_tty_device_t staff_devpts_t })
++ netutils_run_traceroute_cond(user_t,user_r,{ user_tty_device_t user_devpts_t })
++ netutils_run_traceroute_cond(staff_t,staff_r,{ staff_tty_device_t staff_devpts_t })
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.0.8/policy/modules/system/virt.fc
--- nsaserefpolicy/policy/modules/system/virt.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.8/policy/modules/system/virt.fc 2007-10-29 23:59:29.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.568
retrieving revision 1.569
diff -u -r1.568 -r1.569
--- selinux-policy.spec 6 Nov 2007 16:46:45 -0000 1.568
+++ selinux-policy.spec 6 Nov 2007 21:06:40 -0000 1.569
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 46%{?dist}
+Release: 47%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -379,6 +379,10 @@
%endif
%changelog
+* Tue Nov 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-47
+- Allow all dns_resolves to use avahi stream
+- Don't transition from unconfined_t to ping_t
+
* Tue Nov 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-46
- Allow sendmail to interact with winbind
- Allow dovecot to write log files
More information about the fedora-extras-commits
mailing list