rpms/selinux-policy/F-8 policy-20070703.patch, 1.136, 1.137 selinux-policy.spec, 1.578, 1.579

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Nov 15 21:24:56 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17033

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- policy-20070703.patch	15 Nov 2007 15:39:43 -0000	1.136
+++ policy-20070703.patch	15 Nov 2007 21:24:52 -0000	1.137
@@ -13462,7 +13462,7 @@
  dev_read_sysfs(xfs_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.0.8/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.fc	2007-11-12 11:55:40.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.fc	2007-11-15 11:35:32.000000000 -0500
 @@ -32,11 +32,6 @@
  /etc/X11/wdm/Xstartup.*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
  /etc/X11/Xsession[^/]*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
@@ -13475,15 +13475,7 @@
  #
  # /opt
  #
-@@ -59,6 +54,7 @@
- 
- /usr/(s)?bin/gdm-binary	--	gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/[xgkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)
-+/usr/sbin/gdm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/iceauth		--	gen_context(system_u:object_r:iceauth_exec_t,s0)
- /usr/bin/Xair		--	gen_context(system_u:object_r:xserver_exec_t,s0)
-@@ -91,14 +87,19 @@
+@@ -91,14 +86,19 @@
  
  /var/lib/[xkw]dm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
  /var/lib/xkb(/.*)?		gen_context(system_u:object_r:xkb_var_lib_t,s0)
@@ -13956,7 +13948,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-11-14 11:22:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-11-15 16:23:05.000000000 -0500
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -14000,15 +13992,16 @@
  allow xdm_t self:fifo_file rw_fifo_file_perms;
  allow xdm_t self:shm create_shm_perms;
  allow xdm_t self:sem create_sem_perms;
-@@ -110,6 +123,7 @@
+@@ -110,6 +123,8 @@
  allow xdm_t self:key { search link write };
  
  allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
-+read_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
++manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
++manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
  
  # Allow gdm to run gdm-binary
  can_exec(xdm_t, xdm_exec_t)
-@@ -132,15 +146,20 @@
+@@ -132,15 +147,20 @@
  manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -14030,7 +14023,7 @@
  
  allow xdm_t xdm_xserver_t:process signal;
  allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -185,6 +204,7 @@
+@@ -185,6 +205,7 @@
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_all_nodes(xdm_t)
  corenet_udp_bind_all_nodes(xdm_t)
@@ -14038,7 +14031,7 @@
  corenet_tcp_connect_all_ports(xdm_t)
  corenet_sendrecv_all_client_packets(xdm_t)
  # xdm tries to bind to biff_port_t
-@@ -197,6 +217,7 @@
+@@ -197,6 +218,7 @@
  dev_getattr_mouse_dev(xdm_t)
  dev_setattr_mouse_dev(xdm_t)
  dev_rw_apm_bios(xdm_t)
@@ -14046,7 +14039,7 @@
  dev_setattr_apm_bios_dev(xdm_t)
  dev_rw_dri(xdm_t)
  dev_rw_agp(xdm_t)
-@@ -209,8 +230,8 @@
+@@ -209,8 +231,8 @@
  dev_setattr_video_dev(xdm_t)
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
@@ -14057,7 +14050,7 @@
  dev_getattr_power_mgmt_dev(xdm_t)
  dev_setattr_power_mgmt_dev(xdm_t)
  
-@@ -246,6 +267,7 @@
+@@ -246,6 +268,7 @@
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -14065,7 +14058,7 @@
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -257,6 +279,7 @@
+@@ -257,6 +280,7 @@
  libs_exec_lib_files(xdm_t)
  
  logging_read_generic_logs(xdm_t)
@@ -14073,7 +14066,7 @@
  
  miscfiles_read_localization(xdm_t)
  miscfiles_read_fonts(xdm_t)
-@@ -268,9 +291,14 @@
+@@ -268,9 +292,14 @@
  userdom_create_all_users_keys(xdm_t)
  # for .dmrc
  userdom_read_unpriv_users_home_content_files(xdm_t)
@@ -14088,7 +14081,7 @@
  
  xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
  
-@@ -306,6 +334,11 @@
+@@ -306,6 +335,11 @@
  
  optional_policy(`
  	consolekit_dbus_chat(xdm_t)
@@ -14100,7 +14093,7 @@
  ')
  
  optional_policy(`
-@@ -348,12 +381,8 @@
+@@ -348,12 +382,8 @@
  ')
  
  optional_policy(`
@@ -14114,7 +14107,7 @@
  
  	ifdef(`distro_rhel4',`
  		allow xdm_t self:process { execheap execmem };
-@@ -385,7 +414,7 @@
+@@ -385,7 +415,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -14123,7 +14116,7 @@
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +426,15 @@
+@@ -397,6 +427,15 @@
  can_exec(xdm_xserver_t, xkb_var_lib_t)
  files_search_var_lib(xdm_xserver_t)
  
@@ -14139,7 +14132,7 @@
  # VNC v4 module in X server
  corenet_tcp_bind_vnc_port(xdm_xserver_t)
  
-@@ -425,6 +463,14 @@
+@@ -425,6 +464,14 @@
  ')
  
  optional_policy(`
@@ -14154,7 +14147,7 @@
  	resmgr_stream_connect(xdm_t)
  ')
  
-@@ -434,47 +480,26 @@
+@@ -434,47 +481,26 @@
  ')
  
  optional_policy(`
@@ -15603,7 +15596,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc	2007-11-14 10:14:51.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc	2007-11-15 16:02:47.000000000 -0500
 @@ -65,11 +65,13 @@
  /opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
  /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -15650,7 +15643,15 @@
  
  /usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/libXvMCNVIDIA\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -236,6 +243,8 @@
+@@ -223,6 +230,7 @@
+ /usr/lib(64)?/libmp3lame\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Flash plugin, Macromedia
++HOME_DIR/\.gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/.*/plugins/libflashplayer\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/.*/libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -236,6 +244,8 @@
  /usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libdivxencore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -15659,7 +15660,7 @@
  /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  # vmware 
-@@ -284,3 +293,10 @@
+@@ -284,3 +294,10 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.578
retrieving revision 1.579
diff -u -r1.578 -r1.579
--- selinux-policy.spec	15 Nov 2007 15:39:43 -0000	1.578
+++ selinux-policy.spec	15 Nov 2007 21:24:52 -0000	1.579
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 55%{?dist}
+Release: 56%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -380,6 +380,10 @@
 %endif
 
 %changelog
+* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
+- Remove /usr/sbin/gdm label
+- Label gstreamer codecs in homedir as textrel_shlib_t
+
 * Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
 - Allow spamd to manage razor files

More information about the fedora-extras-commits mailing list