rpms/selinux-policy/F-8 policy-20070703.patch,1.134,1.135

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Wed Nov 14 17:29:32 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4169

Modified Files:
	policy-20070703.patch 
Log Message:
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.134
retrieving revision 1.135
diff -u -r1.134 -r1.135
--- policy-20070703.patch	14 Nov 2007 17:16:05 -0000	1.134
+++ policy-20070703.patch	14 Nov 2007 17:29:28 -0000	1.135
@@ -7957,12 +7957,12 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.0.8/policy/modules/services/dictd.fc
 --- nsaserefpolicy/policy/modules/services/dictd.fc	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dictd.fc	2007-11-14 11:37:22.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dictd.fc	2007-11-14 12:26:30.000000000 -0500
 @@ -4,3 +4,4 @@
  /usr/sbin/dictd		--	gen_context(system_u:object_r:dictd_exec_t,s0)
  
  /var/lib/dictd(/.*)?		gen_context(system_u:object_r:dictd_var_lib_t,s0)
-+/var/run/dictd\.pid	--	gen_context(system_u:object_r:dictd_exec_t,s0)
++/var/run/dictd\.pid	--	gen_context(system_u:object_r:dictd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.0.8/policy/modules/services/dictd.te
 --- nsaserefpolicy/policy/modules/services/dictd.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/dictd.te	2007-11-14 11:32:53.000000000 -0500
@@ -9163,7 +9163,7 @@
 +term_search_ptys(ktalkd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.0.8/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ldap.te	2007-11-08 13:37:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/ldap.te	2007-11-14 12:20:04.000000000 -0500
 @@ -42,7 +42,6 @@
  dontaudit slapd_t self:capability sys_tty_config;
  allow slapd_t self:process setsched;
@@ -9734,7 +9734,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.0.8/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mysql.te	2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mysql.te	2007-11-14 12:17:52.000000000 -0500
 @@ -25,6 +25,9 @@
  type mysqld_tmp_t;
  files_tmp_file(mysqld_tmp_t)
@@ -18235,7 +18235,7 @@
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-10 07:24:23.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2007-11-14 12:20:47.000000000 -0500
 @@ -29,8 +29,9 @@
  	')
  
@@ -19221,7 +19221,23 @@
  	')
  
  	files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4609,11 +4741,29 @@
+@@ -4410,6 +4542,7 @@
+ 	')
+ 
+ 	dontaudit $1 sysadm_home_dir_t:dir getattr;
++	userdom_dontaudit_search_all_users_home_content($1)
+ ')
+ 
+ ########################################
+@@ -4574,6 +4707,7 @@
+ 	allow $1 { sysadm_home_dir_t sysadm_home_t }:dir list_dir_perms;
+ 	read_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
+ 	read_lnk_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
++	userdom_read_unpriv_users_home_content_files($1)
+ ')
+ 
+ ########################################
+@@ -4609,11 +4743,29 @@
  #
  interface(`userdom_search_all_users_home_dirs',`
  	gen_require(`
@@ -19252,7 +19268,7 @@
  ')
  
  ########################################
-@@ -4633,6 +4783,14 @@
+@@ -4633,6 +4785,14 @@
  
  	files_list_home($1)
  	allow $1 home_dir_type:dir list_dir_perms;
@@ -19267,7 +19283,7 @@
  ')
  
  ########################################
-@@ -5323,7 +5481,7 @@
+@@ -5323,7 +5483,7 @@
  		attribute user_tmpfile;
  	')
  
@@ -19276,7 +19292,7 @@
  ')
  
  ########################################
-@@ -5346,6 +5504,25 @@
+@@ -5346,6 +5506,25 @@
  
  ########################################
  ## <summary>
@@ -19302,7 +19318,7 @@
  ##	Write all unprivileged users files in /tmp
  ## </summary>
  ## <param name="domain">
-@@ -5529,6 +5706,24 @@
+@@ -5529,6 +5708,24 @@
  
  ########################################
  ## <summary>
@@ -19327,7 +19343,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5559,3 +5754,379 @@
+@@ -5559,3 +5756,379 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')

More information about the fedora-extras-commits mailing list