rpms/selinux-policy/devel modules-mls.conf, 1.27, 1.28 modules-strict.conf, 1.29, 1.30 modules-targeted.conf, 1.69, 1.70 policy-20071023.patch, 1.4, 1.5 selinux-policy.spec, 1.553, 1.554
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Nov 7 19:42:57 UTC 2007
- Previous message (by thread): rpms/cyrus-sasl/devel make-no-dlcompatorsrp-tarball.sh, NONE, 1.1 .cvsignore, 1.16, 1.17 cyrus-sasl.spec, 1.60, 1.61 sources, 1.19, 1.20 make-no-dlcompat-tarball.sh, 1.3, NONE
- Next message (by thread): rpms/qcomicbook/F-7 .cvsignore, 1.4, 1.5 qcomicbook.spec, 1.9, 1.10 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12947
Modified Files:
modules-mls.conf modules-strict.conf modules-targeted.conf
policy-20071023.patch selinux-policy.spec
Log Message:
* Mon Oct 22 2007 Dan Walsh <dwalsh at redhat.com> 3.1.0-1
- Update to upstream
Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- modules-mls.conf 4 May 2007 17:14:04 -0000 1.27
+++ modules-mls.conf 7 Nov 2007 19:42:24 -0000 1.28
@@ -754,6 +754,14 @@
#
apm = base
+# Layer: system
+# Module: application
+# Required in base
+#
+# Defines attributs and interfaces for all user applications
+#
+application = base
+
# Layer: services
# Module: tcpd
#
Index: modules-strict.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-strict.conf,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- modules-strict.conf 4 May 2007 17:14:04 -0000 1.29
+++ modules-strict.conf 7 Nov 2007 19:42:24 -0000 1.30
@@ -1242,6 +1242,15 @@
#
apm = module
+
+# Layer: system
+# Module: application
+# Required in base
+#
+# Defines attributs and interfaces for all user applications
+#
+application = base
+
# Layer: services
# Module: tcpd
#
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- modules-targeted.conf 23 Oct 2007 23:13:09 -0000 1.69
+++ modules-targeted.conf 7 Nov 2007 19:42:24 -0000 1.70
@@ -32,6 +32,13 @@
#
ada = base
+# Layer: modules
+# Module: awstats
+#
+# awstats executable
+#
+awstats = module
+
# Layer: admin
# Module: amanda
#
policy-20071023.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.4 -r 1.5 policy-20071023.patch
Index: policy-20071023.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071023.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20071023.patch 26 Oct 2007 13:38:43 -0000 1.4
+++ policy-20071023.patch 7 Nov 2007 19:42:24 -0000 1.5
@@ -1,18 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.1.0/Changelog
---- nsaserefpolicy/Changelog 2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.1.0/Changelog 2007-10-24 15:06:50.000000000 -0400
-@@ -8,8 +8,6 @@
- strict policy if the unconfined module is not present. If it is, it will
- behave like the targeted policy. Added an unconfined role to have a mix
- of confined and unconfined users.
--- Added modules:
-- exim (Dan Walsh)
-
- * Fri Sep 28 2007 Chris PeBenito <selinux at tresys.com> - 20070928
- - Add support for setting the unknown permissions handling.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.1.0/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -1,15 +1,9 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -40,7 +28,7 @@
+system_r:xdm_t:s0 system_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_type serefpolicy-3.1.0/config/appconfig-mcs/default_type
--- nsaserefpolicy/config/appconfig-mcs/default_type 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/default_type 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/default_type 2007-11-06 09:28:35.000000000 -0500
@@ -1,4 +1,4 @@
+system_r:unconfined_t
sysadm_r:sysadm_t
@@ -49,13 +37,13 @@
user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.1.0/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/failsafe_context 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/failsafe_context 2007-11-06 09:28:35.000000000 -0500
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.1.0/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mcs/guest_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/guest_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -63,7 +51,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.1.0/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/root_default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/root_default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -1,11 +1,10 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -85,35 +73,45 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.1.0/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/seusers 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/seusers 2007-11-06 09:28:35.000000000 -0500
@@ -1,3 +1,2 @@
-system_u:system_u:s0-mcs_systemhigh
root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+__default__:system_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.1.0/config/appconfig-mcs/staff_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mcs/staff_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
-@@ -0,0 +1,9 @@
-+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-+system_r:remote_login_t:s0 staff_r:staff_t:s0
-+system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2007-11-05 10:28:59.000000000 -0500
++++ serefpolicy-3.1.0/config/appconfig-mcs/staff_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
+@@ -1,10 +1,9 @@
+ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0 staff_r:staff_t:s0
+ system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0 staff_r:staff_crond_t:s0
+system_r:crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
-+system_r:xdm_t:s0 staff_r:staff_t:s0
-+staff_r:staff_su_t:s0 staff_r:staff_t:s0
-+staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
-+sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
-+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+ system_r:xdm_t:s0 staff_r:staff_t:s0
+ staff_r:staff_su_t:s0 staff_r:staff_t:s0
+ staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
+ sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
+ sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.1.0/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mcs/userhelper_context 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/userhelper_context 2007-11-06 09:28:35.000000000 -0500
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.1.0/config/appconfig-mcs/user_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mcs/user_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
-@@ -0,0 +1,7 @@
+--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2007-11-05 10:28:59.000000000 -0500
++++ serefpolicy-3.1.0/config/appconfig-mcs/user_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
+@@ -1,8 +1,7 @@
+-system_r:local_login_t:s0 user_r:user_t:s0
+-system_r:remote_login_t:s0 user_r:user_t:s0
+-system_r:sshd_t:s0 user_r:user_t:s0
+-system_r:crond_t:s0 user_r:user_crond_t:s0
+-system_r:xdm_t:s0 user_r:user_t:s0
+-user_r:user_su_t:s0 user_r:user_t:s0
+-user_r:user_sudo_t:s0 user_r:user_t:s0
+-
+system_r:local_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
@@ -123,7 +121,7 @@
+user_r:user_sudo_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.1.0/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mcs/xguest_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mcs/xguest_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -132,7 +130,7 @@
+system_r:xdm_t xguest_r:xguest_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.1.0/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mls/default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mls/default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -1,15 +1,12 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -162,7 +160,7 @@
+user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.1.0/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mls/guest_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mls/guest_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -170,7 +168,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.1.0/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/config/appconfig-mls/root_default_contexts 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/config/appconfig-mls/root_default_contexts 2007-11-06 09:28:35.000000000 -0500
@@ -1,11 +1,9 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -190,41 +188,50 @@
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.1.0/config/appconfig-mls/staff_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mls/staff_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
-@@ -0,0 +1,9 @@
-+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-+system_r:remote_login_t:s0 staff_r:staff_t:s0
-+system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2007-11-05 10:28:58.000000000 -0500
++++ serefpolicy-3.1.0/config/appconfig-mls/staff_u_default_contexts 2007-11-06 09:28:35.000000000 -0500
+@@ -1,10 +1,9 @@
+ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0 staff_r:staff_t:s0
+ system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0 staff_r:staff_crond_t:s0
+system_r:crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
-+system_r:xdm_t:s0 staff_r:staff_t:s0
-+staff_r:staff_su_t:s0 staff_r:staff_t:s0
-+staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
-+sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
-+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+ system_r:xdm_t:s0 staff_r:staff_t:s0
+ staff_r:staff_su_t:s0 staff_r:staff_t:s0
+ staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
+ sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
+ sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.1.0/config/appconfig-mls/user_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/config/appconfig-mls/user_u_default_contexts 2007-10-24 15:06:50.000000000 -0400
-@@ -0,0 +1,7 @@
-+system_r:local_login_t:s0 user_r:user_t:s0
-+system_r:remote_login_t:s0 user_r:user_t:s0
-+system_r:sshd_t:s0 user_r:user_t:s0
-+system_r:crond_t:s0 user_r:user_crond_t:s0
-+system_r:xdm_t:s0 user_r:user_t:s0
-+user_r:user_su_t:s0 user_r:user_t:s0
-+user_r:user_sudo_t:s0 user_r:user_t:s0
[...8658 lines suppressed...]
+@@ -5558,3 +5735,379 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -16216,9 +14464,6 @@
+ ')
+
+')
-+optional_policy(`
-+ setroubleshoot_dontaudit_stream_connect($1_usertype)
-+')
+
+# gnome keyring wants to read this. Needs to be exlicitly granted
+dev_dontaudit_read_rand($1_usertype)
@@ -16358,8 +14603,16 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.1.0/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-10-12 08:56:08.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/system/userdomain.te 2007-10-24 15:06:50.000000000 -0400
-@@ -24,13 +24,6 @@
++++ serefpolicy-3.1.0/policy/modules/system/userdomain.te 2007-11-06 16:05:43.000000000 -0500
+@@ -17,20 +17,13 @@
+
+ ## <desc>
+ ## <p>
+-## Allow sysadm to ptrace all processes
++## Allow sysadm to debug or ptrace all processes
+ ## </p>
+ ## </desc>
+ gen_tunable(allow_ptrace,false)
## <desc>
## <p>
@@ -16478,7 +14731,7 @@
', `
userdom_security_admin_template(sysadm_t, sysadm_r, admin_terminal)
')
-@@ -494,3 +497,7 @@
+@@ -494,3 +497,15 @@
optional_policy(`
yam_run(sysadm_t, sysadm_r, admin_terminal)
')
@@ -16486,14 +14739,22 @@
+tunable_policy(`allow_console_login', `
+ term_use_console(userdomain)
+')
++
++optional_policy(`
++ netutils_run_ping_cond(user_t,user_r,{ user_tty_device_t user_devpts_t })
++ netutils_run_ping_cond(staff_t,staff_r,{ staff_tty_device_t staff_devpts_t })
++ netutils_run_traceroute_cond(user_t,user_r,{ user_tty_device_t user_devpts_t })
++ netutils_run_traceroute_cond(staff_t,staff_r,{ staff_tty_device_t staff_devpts_t })
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.1.0/policy/modules/system/virt.fc
--- nsaserefpolicy/policy/modules/system/virt.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/system/virt.fc 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/system/virt.fc 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.1.0/policy/modules/system/virt.if
--- nsaserefpolicy/policy/modules/system/virt.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/system/virt.if 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/system/virt.if 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,78 @@
+## <summary>Virtualization </summary>
+
@@ -16575,14 +14836,14 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.1.0/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/system/virt.te 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/system/virt.te 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,3 @@
+# var/lib files
+type virt_var_lib_t;
+files_type(virt_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.1.0/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2007-06-21 09:32:04.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/system/xen.if 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/system/xen.if 2007-11-06 09:28:35.000000000 -0500
@@ -191,3 +191,24 @@
domtrans_pattern($1,xm_exec_t,xm_t)
@@ -16610,7 +14871,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.1.0/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-10-12 08:56:08.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/system/xen.te 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/system/xen.te 2007-11-06 09:28:35.000000000 -0500
@@ -6,6 +6,13 @@
# Declarations
#
@@ -16779,17 +15040,17 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.1.0/policy/modules/users/guest.fc
--- nsaserefpolicy/policy/modules/users/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/guest.fc 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/guest.fc 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+# No guest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.1.0/policy/modules/users/guest.if
--- nsaserefpolicy/policy/modules/users/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/guest.if 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/guest.if 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for guest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.1.0/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/guest.te 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/guest.te 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1,18 @@
+policy_module(guest,1.0.0)
+userdom_unpriv_login_user(guest)
@@ -16811,18 +15072,18 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.1.0/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/logadm.fc 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/logadm.fc 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.1.0/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/logadm.if 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/logadm.if 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for logadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.1.0/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/logadm.te 2007-10-24 15:06:50.000000000 -0400
-@@ -0,0 +1,12 @@
++++ serefpolicy-3.1.0/policy/modules/users/logadm.te 2007-11-07 12:19:29.000000000 -0500
+@@ -0,0 +1,11 @@
+policy_module(logadm,1.0.0)
+
+########################################
@@ -16833,26 +15094,25 @@
+
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
-+logging_syslog_admin(logadm, logadm_t, logadm_r)
-+logging_audit_admin(logadm, logadm_t, logadm_r)
++logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.1.0/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/metadata.xml 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/metadata.xml 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+<summary>Policy modules for users</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.1.0/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/webadm.fc 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/webadm.fc 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+# No webadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.1.0/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/webadm.if 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/webadm.if 2007-11-06 09:28:35.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for webadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.1.0/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.1.0/policy/modules/users/webadm.te 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/users/webadm.te 2007-11-07 12:19:49.000000000 -0500
@@ -0,0 +1,42 @@
+policy_module(webadm,1.0.0)
+
@@ -16889,7 +15149,7 @@
+userdom_dontaudit_search_sysadm_home_dirs(webadm_t)
+userdom_dontaudit_search_generic_user_home_dirs(webadm_t)
+
-+apache_admin(webadm, webadm_t, webadm_r)
++apache_admin(webadm_t, webadm_r, { webadm_devpts_t webadm_tty_device_t })
+
+gen_require(`
+ type gadmin_t;
@@ -16898,7 +15158,7 @@
+allow webadm_t gadmin_t:dir getattr;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.1.0/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/policy/support/obj_perm_sets.spt 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/support/obj_perm_sets.spt 2007-11-06 09:28:36.000000000 -0500
@@ -204,7 +204,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -16921,10 +15181,10 @@
+define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
-+
++define(`manage_key_perms', `{ create link read search setattr view write } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.1.0/policy/users
--- nsaserefpolicy/policy/users 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.1.0/policy/users 2007-10-24 15:06:50.000000000 -0400
++++ serefpolicy-3.1.0/policy/users 2007-11-06 09:28:36.000000000 -0500
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.553
retrieving revision 1.554
diff -u -r1.553 -r1.554
--- selinux-policy.spec 23 Oct 2007 23:13:09 -0000 1.553
+++ selinux-policy.spec 7 Nov 2007 19:42:24 -0000 1.554
@@ -70,6 +70,7 @@
%{_usr}/share/selinux/devel/Makefile
%{_usr}/share/selinux/devel/policygentool
%{_usr}/share/selinux/devel/example.*
+%{_usr}/share/selinux/devel/policy.*
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
%post devel
@@ -166,7 +167,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2393.
+Based off of reference policy: Checked out revision 2483.
%build
@@ -215,6 +216,7 @@
install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
install -m 644 $RPM_SOURCE_DIR/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
+install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
echo "htmlview file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
@@ -288,7 +290,7 @@
%loadpolicy targeted
if [ $1 = 1 ]; then
-semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u
+semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
semanage login -m -s "unconfined_u" __default__ 2> /dev/null
semanage login -m -s "system_u" root 2> /dev/null
semanage user -a -P guest -R guest_r guest_u
@@ -300,6 +302,10 @@
exit 0
+%triggerpostun targeted -- selinux-policy-targeted < 3.0.8-44-1
+semanage user -m -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
+exit 0
+
%triggerpostun targeted -- selinux-policy-targeted < 3.0.8-14-1
setsebool -P use_nfs_home_dirs=1
semanage login -m -s "system_u" __default__ 2> /dev/null
- Previous message (by thread): rpms/cyrus-sasl/devel make-no-dlcompatorsrp-tarball.sh, NONE, 1.1 .cvsignore, 1.16, 1.17 cyrus-sasl.spec, 1.60, 1.61 sources, 1.19, 1.20 make-no-dlcompat-tarball.sh, 1.3, NONE
- Next message (by thread): rpms/qcomicbook/F-7 .cvsignore, 1.4, 1.5 qcomicbook.spec, 1.9, 1.10 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list