rpms/selinux-policy/F-8 policy-20070703.patch,1.134,1.135
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Nov 14 17:29:32 UTC 2007
- Previous message (by thread): rpms/selinux-policy/F-8 policy-20070703.patch, 1.133, 1.134 selinux-policy.spec, 1.576, 1.577
- Next message (by thread): rpms/bodhi/F-7 .cvsignore, 1.5, 1.6 bodhi.spec, 1.5, 1.6 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4169
Modified Files:
policy-20070703.patch
Log Message:
* Mon Nov 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-54
- Allow cyrus to authenticate via sasl
- Allow sshd to work in tunnel mode
- Allow sshd to use -R
- Allow ssh to read user homedirs
- Add /var/lib/tftp to tftp.fc
- Add labels for /dev/dmmdi and /dev/admmdi
- Allow postmap to be run by unconfined_t
- Allow dictd to write pid file
- Allow bluetooth to connectto unix_stream_sockets
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.134
retrieving revision 1.135
diff -u -r1.134 -r1.135
--- policy-20070703.patch 14 Nov 2007 17:16:05 -0000 1.134
+++ policy-20070703.patch 14 Nov 2007 17:29:28 -0000 1.135
@@ -7957,12 +7957,12 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.0.8/policy/modules/services/dictd.fc
--- nsaserefpolicy/policy/modules/services/dictd.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dictd.fc 2007-11-14 11:37:22.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/dictd.fc 2007-11-14 12:26:30.000000000 -0500
@@ -4,3 +4,4 @@
/usr/sbin/dictd -- gen_context(system_u:object_r:dictd_exec_t,s0)
/var/lib/dictd(/.*)? gen_context(system_u:object_r:dictd_var_lib_t,s0)
-+/var/run/dictd\.pid -- gen_context(system_u:object_r:dictd_exec_t,s0)
++/var/run/dictd\.pid -- gen_context(system_u:object_r:dictd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.0.8/policy/modules/services/dictd.te
--- nsaserefpolicy/policy/modules/services/dictd.te 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/dictd.te 2007-11-14 11:32:53.000000000 -0500
@@ -9163,7 +9163,7 @@
+term_search_ptys(ktalkd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.0.8/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ldap.te 2007-11-08 13:37:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/ldap.te 2007-11-14 12:20:04.000000000 -0500
@@ -42,7 +42,6 @@
dontaudit slapd_t self:capability sys_tty_config;
allow slapd_t self:process setsched;
@@ -9734,7 +9734,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.0.8/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mysql.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mysql.te 2007-11-14 12:17:52.000000000 -0500
@@ -25,6 +25,9 @@
type mysqld_tmp_t;
files_tmp_file(mysqld_tmp_t)
@@ -18235,7 +18235,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-10 07:24:23.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-14 12:20:47.000000000 -0500
@@ -29,8 +29,9 @@
')
@@ -19221,7 +19221,23 @@
')
files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4609,11 +4741,29 @@
+@@ -4410,6 +4542,7 @@
+ ')
+
+ dontaudit $1 sysadm_home_dir_t:dir getattr;
++ userdom_dontaudit_search_all_users_home_content($1)
+ ')
+
+ ########################################
+@@ -4574,6 +4707,7 @@
+ allow $1 { sysadm_home_dir_t sysadm_home_t }:dir list_dir_perms;
+ read_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
+ read_lnk_files_pattern($1,{ sysadm_home_dir_t sysadm_home_t },sysadm_home_t)
++ userdom_read_unpriv_users_home_content_files($1)
+ ')
+
+ ########################################
+@@ -4609,11 +4743,29 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -19252,7 +19268,7 @@
')
########################################
-@@ -4633,6 +4783,14 @@
+@@ -4633,6 +4785,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -19267,7 +19283,7 @@
')
########################################
-@@ -5323,7 +5481,7 @@
+@@ -5323,7 +5483,7 @@
attribute user_tmpfile;
')
@@ -19276,7 +19292,7 @@
')
########################################
-@@ -5346,6 +5504,25 @@
+@@ -5346,6 +5506,25 @@
########################################
## <summary>
@@ -19302,7 +19318,7 @@
## Write all unprivileged users files in /tmp
## </summary>
## <param name="domain">
-@@ -5529,6 +5706,24 @@
+@@ -5529,6 +5708,24 @@
########################################
## <summary>
@@ -19327,7 +19343,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5559,3 +5754,379 @@
+@@ -5559,3 +5756,379 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
- Previous message (by thread): rpms/selinux-policy/F-8 policy-20070703.patch, 1.133, 1.134 selinux-policy.spec, 1.576, 1.577
- Next message (by thread): rpms/bodhi/F-7 .cvsignore, 1.5, 1.6 bodhi.spec, 1.5, 1.6 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list