rpms/selinux-policy/F-8 policy-20070703.patch,1.132,1.133

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Nov 12 22:46:30 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10906

Modified Files:
	policy-20070703.patch 
Log Message:
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- policy-20070703.patch	12 Nov 2007 21:51:05 -0000	1.132
+++ policy-20070703.patch	12 Nov 2007 22:46:23 -0000	1.133
@@ -5807,7 +5807,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-11-12 15:10:54.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-11-12 17:44:48.000000000 -0500
 @@ -20,6 +20,9 @@
  # Declarations
  #
@@ -6266,7 +6266,7 @@
 +
 +manage_dirs_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
 +manage_files_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
-+files_tmp_filetrans(httpd_bugzilla_script_t,httpd_bugzilla_t,{ file dir })
++files_tmp_filetrans(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,{ file dir })
 +
 +files_search_var_lib(httpd_bugzilla_script_t)
 +
@@ -7309,7 +7309,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te	2007-11-08 13:32:45.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cups.te	2007-11-12 17:21:56.000000000 -0500
 @@ -48,9 +48,8 @@
  type hplip_t;
  type hplip_exec_t;
@@ -7420,7 +7420,7 @@
  
  init_exec_script_files(cupsd_t)
  
-@@ -221,17 +222,37 @@
+@@ -221,17 +222,38 @@
  
  sysnet_read_config(cupsd_t)
  
@@ -7444,6 +7444,7 @@
 +	init_stream_connect_script(cupsd_t)
 +
 +	unconfined_rw_pipes(cupsd_t)
++	unconfined_rw_stream_sockets(cupsd_t)
 +
 +	optional_policy(`
 +		init_dbus_chat_script(cupsd_t)
@@ -7458,7 +7459,7 @@
  	apm_domtrans_client(cupsd_t)
  ')
  
-@@ -263,16 +284,16 @@
+@@ -263,16 +285,16 @@
  ')
  
  optional_policy(`
@@ -7479,7 +7480,7 @@
  	seutil_sigchld_newrole(cupsd_t)
  ')
  
-@@ -331,6 +352,7 @@
+@@ -331,6 +353,7 @@
  dev_read_sysfs(cupsd_config_t)
  dev_read_urand(cupsd_config_t)
  dev_read_rand(cupsd_config_t)
@@ -7487,7 +7488,7 @@
  
  fs_getattr_all_fs(cupsd_config_t)
  fs_search_auto_mountpoints(cupsd_config_t)
-@@ -377,6 +399,14 @@
+@@ -377,6 +400,14 @@
  ')
  
  optional_policy(`
@@ -7502,7 +7503,7 @@
  	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
  ')
  
-@@ -393,6 +423,7 @@
+@@ -393,6 +424,7 @@
  optional_policy(`
  	hal_domtrans(cupsd_config_t)
  	hal_read_tmp_files(cupsd_config_t)
@@ -7510,7 +7511,7 @@
  ')
  
  optional_policy(`
-@@ -482,6 +513,8 @@
+@@ -482,6 +514,8 @@
  
  files_read_etc_files(cupsd_lpd_t)
  
@@ -7519,7 +7520,7 @@
  libs_use_ld_so(cupsd_lpd_t)
  libs_use_shared_libs(cupsd_lpd_t)
  
-@@ -489,22 +522,12 @@
+@@ -489,22 +523,12 @@
  
  miscfiles_read_localization(cupsd_lpd_t)
  
@@ -7542,7 +7543,7 @@
  ########################################
  #
  # HPLIP local policy
-@@ -525,11 +548,9 @@
+@@ -525,11 +549,9 @@
  allow hplip_t cupsd_etc_t:dir search;
  
  cups_stream_connect(hplip_t)
@@ -7557,7 +7558,7 @@
  
  manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
  files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +581,9 @@
+@@ -560,7 +582,9 @@
  dev_read_urand(hplip_t)
  dev_read_rand(hplip_t)
  dev_rw_generic_usb_dev(hplip_t)
@@ -7568,7 +7569,7 @@
  
  fs_getattr_all_fs(hplip_t)
  fs_search_auto_mountpoints(hplip_t)
-@@ -587,8 +610,6 @@
+@@ -587,8 +611,6 @@
  userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
  userdom_dontaudit_search_all_users_home_content(hplip_t)
  
@@ -7577,7 +7578,7 @@
  optional_policy(`
  	seutil_sigchld_newrole(hplip_t)
  ')
-@@ -668,3 +689,15 @@
+@@ -668,3 +690,15 @@
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
@@ -14695,7 +14696,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.if	2007-11-12 17:20:37.000000000 -0500
 @@ -211,6 +211,21 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -17424,7 +17425,7 @@
 +/usr/bin/sbcl			    --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.8/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.if	2007-11-01 13:52:56.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.if	2007-11-12 17:22:08.000000000 -0500
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -17497,7 +17498,34 @@
  ########################################
  ## <summary>
  ##	Connect to the unconfined domain using
-@@ -558,7 +562,7 @@
+@@ -437,6 +441,26 @@
+ 
+ ########################################
+ ## <summary>
++##	Allow the specified domain to read/write to
++##	unconfined with a unix domain stream sockets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_rw_stream_sockets',`
++	gen_require(`
++		type unconfined_t;
++	')
++
++	allow $1 unconfined_t:unix_stream_socket { read write };
++')
++
++
++########################################
++## <summary>
+ ##	Do not audit attempts to read or write
+ ##	unconfined domain tcp sockets.
+ ## </summary>
+@@ -558,7 +582,7 @@
  	')
  
  	files_search_home($1)
@@ -17506,7 +17534,7 @@
  	read_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
  	read_lnk_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
  ')
-@@ -601,3 +605,216 @@
+@@ -601,3 +625,216 @@
  
  	allow $1 unconfined_tmp_t:file { getattr write append };
  ')

More information about the fedora-extras-commits mailing list