rpms/selinux-policy/F-8 policy-20070703.patch,1.129,1.130

Sat Nov 10 14:14:24 UTC 2007

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17906

Modified Files:
	policy-20070703.patch 
Log Message:
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-51
- Allow login programs to run mount
- Dontaudit writes to user_home_t for semanage
- Allow sendmail to write to cyrus_stream
- Define /dev/dmmidi1 as a sound_device_t
- Allow saslauthd to use nis_authentication


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.129
retrieving revision 1.130
diff -u -r1.129 -r1.130

--- policy-20070703.patch	10 Nov 2007 13:18:35 -0000	1.129
+++ policy-20070703.patch	10 Nov 2007 14:14:21 -0000	1.130
@@ -13806,7 +13806,7 @@
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-11-10 07:11:24.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if	2007-11-10 09:11:11.000000000 -0500
 @@ -26,7 +26,8 @@
  	type $1_chkpwd_t, can_read_shadow_passwords;
  	application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -13870,7 +13870,7 @@
  	selinux_get_fs_mount($1)
  	selinux_validate_context($1)
  	selinux_compute_access_vector($1)
-@@ -196,20 +218,41 @@
+@@ -196,20 +218,42 @@
  	mls_fd_share_all_levels($1)
  
  	auth_domtrans_chk_passwd($1)
@@ -13905,6 +13905,7 @@
 +
 +	optional_policy(`
 +		nis_authenticate($1)
++	')
 +
 +	optional_policy(`
 +		unconfined_set_rlimitnh($1)
@@ -13913,7 +13914,7 @@
  	tunable_policy(`allow_polyinstantiation',`
  		files_polyinstantiate_all($1)
  	')
-@@ -309,9 +352,6 @@
+@@ -309,9 +353,6 @@
  		type system_chkpwd_t, chkpwd_exec_t, shadow_t;
  	')
  
@@ -13923,7 +13924,7 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
  
-@@ -329,6 +369,8 @@
+@@ -329,6 +370,8 @@
  
  	optional_policy(`
  		kerberos_use($1)
@@ -13932,7 +13933,7 @@
  	')
  
  	optional_policy(`
-@@ -347,6 +389,37 @@
+@@ -347,6 +390,37 @@
  
  ########################################
  ## <summary>
@@ -13970,7 +13971,7 @@
  ##	Get the attributes of the shadow passwords file.
  ## </summary>
  ## <param name="domain">
-@@ -695,6 +768,24 @@
+@@ -695,6 +769,24 @@
  
  ########################################
  ## <summary>
@@ -13995,7 +13996,7 @@
  ##	Execute pam programs in the PAM domain.
  ## </summary>
  ## <param name="domain">
-@@ -1318,16 +1409,14 @@
+@@ -1318,16 +1410,14 @@
  ## </param>
  #
  interface(`auth_use_nsswitch',`
@@ -14015,7 +14016,7 @@
  	miscfiles_read_certs($1)
  
  	sysnet_dns_name_resolve($1)
-@@ -1347,6 +1436,8 @@
+@@ -1347,6 +1437,8 @@
  
  	optional_policy(`
  		samba_stream_connect_winbind($1)
@@ -14024,7 +14025,7 @@
  	')
  ')
  
-@@ -1381,3 +1472,181 @@
+@@ -1381,3 +1473,181 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')


