rpms/selinux-policy/F-8 policy-20070703.patch,1.132,1.133
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Nov 12 22:46:30 UTC 2007
- Previous message (by thread): rpms/qca-gnupg/F-8 qca-gnupg-includes.patch, NONE, 1.1 qca-gnupg.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/selinux-policy/devel policy-20071023.patch,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10906
Modified Files:
policy-20070703.patch
Log Message:
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-53
- Allow bugzilla policy to connect to postgresql and mysql on other machines
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- policy-20070703.patch 12 Nov 2007 21:51:05 -0000 1.132
+++ policy-20070703.patch 12 Nov 2007 22:46:23 -0000 1.133
@@ -5807,7 +5807,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te 2007-11-12 15:10:54.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/apache.te 2007-11-12 17:44:48.000000000 -0500
@@ -20,6 +20,9 @@
# Declarations
#
@@ -6266,7 +6266,7 @@
+
+manage_dirs_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
+manage_files_pattern(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,httpd_bugzilla_tmp_t)
-+files_tmp_filetrans(httpd_bugzilla_script_t,httpd_bugzilla_t,{ file dir })
++files_tmp_filetrans(httpd_bugzilla_script_t,httpd_bugzilla_tmp_t,{ file dir })
+
+files_search_var_lib(httpd_bugzilla_script_t)
+
@@ -7309,7 +7309,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-11-08 13:32:45.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-11-12 17:21:56.000000000 -0500
@@ -48,9 +48,8 @@
type hplip_t;
type hplip_exec_t;
@@ -7420,7 +7420,7 @@
init_exec_script_files(cupsd_t)
-@@ -221,17 +222,37 @@
+@@ -221,17 +222,38 @@
sysnet_read_config(cupsd_t)
@@ -7444,6 +7444,7 @@
+ init_stream_connect_script(cupsd_t)
+
+ unconfined_rw_pipes(cupsd_t)
++ unconfined_rw_stream_sockets(cupsd_t)
+
+ optional_policy(`
+ init_dbus_chat_script(cupsd_t)
@@ -7458,7 +7459,7 @@
apm_domtrans_client(cupsd_t)
')
-@@ -263,16 +284,16 @@
+@@ -263,16 +285,16 @@
')
optional_policy(`
@@ -7479,7 +7480,7 @@
seutil_sigchld_newrole(cupsd_t)
')
-@@ -331,6 +352,7 @@
+@@ -331,6 +353,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -7487,7 +7488,7 @@
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -377,6 +399,14 @@
+@@ -377,6 +400,14 @@
')
optional_policy(`
@@ -7502,7 +7503,7 @@
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -393,6 +423,7 @@
+@@ -393,6 +424,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -7510,7 +7511,7 @@
')
optional_policy(`
-@@ -482,6 +513,8 @@
+@@ -482,6 +514,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -7519,7 +7520,7 @@
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -489,22 +522,12 @@
+@@ -489,22 +523,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -7542,7 +7543,7 @@
########################################
#
# HPLIP local policy
-@@ -525,11 +548,9 @@
+@@ -525,11 +549,9 @@
allow hplip_t cupsd_etc_t:dir search;
cups_stream_connect(hplip_t)
@@ -7557,7 +7558,7 @@
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +581,9 @@
+@@ -560,7 +582,9 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -7568,7 +7569,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,8 +610,6 @@
+@@ -587,8 +611,6 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -7577,7 +7578,7 @@
optional_policy(`
seutil_sigchld_newrole(hplip_t)
')
-@@ -668,3 +689,15 @@
+@@ -668,3 +690,15 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -14695,7 +14696,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.if 2007-11-12 17:20:37.000000000 -0500
@@ -211,6 +211,21 @@
kernel_dontaudit_use_fds($1)
')
@@ -17424,7 +17425,7 @@
+/usr/bin/sbcl -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.8/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2007-11-01 13:52:56.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2007-11-12 17:22:08.000000000 -0500
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -17497,7 +17498,34 @@
########################################
## <summary>
## Connect to the unconfined domain using
-@@ -558,7 +562,7 @@
+@@ -437,6 +441,26 @@
+
+ ########################################
+ ## <summary>
++## Allow the specified domain to read/write to
++## unconfined with a unix domain stream sockets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`unconfined_rw_stream_sockets',`
++ gen_require(`
++ type unconfined_t;
++ ')
++
++ allow $1 unconfined_t:unix_stream_socket { read write };
++')
++
++
++########################################
++## <summary>
+ ## Do not audit attempts to read or write
+ ## unconfined domain tcp sockets.
+ ## </summary>
+@@ -558,7 +582,7 @@
')
files_search_home($1)
@@ -17506,7 +17534,7 @@
read_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
read_lnk_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
')
-@@ -601,3 +605,216 @@
+@@ -601,3 +625,216 @@
allow $1 unconfined_tmp_t:file { getattr write append };
')
- Previous message (by thread): rpms/qca-gnupg/F-8 qca-gnupg-includes.patch, NONE, 1.1 qca-gnupg.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/selinux-policy/devel policy-20071023.patch,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list