rpms/selinux-policy/F-8 policy-20070703.patch, 1.136, 1.137 selinux-policy.spec, 1.578, 1.579
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Nov 15 21:24:56 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17033
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
- Remove /usr/sbin/gdm label
- Label gstreamer codecs in homedir as textrel_shlib_t
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- policy-20070703.patch 15 Nov 2007 15:39:43 -0000 1.136
+++ policy-20070703.patch 15 Nov 2007 21:24:52 -0000 1.137
@@ -13462,7 +13462,7 @@
dev_read_sysfs(xfs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.0.8/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.fc 2007-11-12 11:55:40.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.fc 2007-11-15 11:35:32.000000000 -0500
@@ -32,11 +32,6 @@
/etc/X11/wdm/Xstartup.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/X11/Xsession[^/]* -- gen_context(system_u:object_r:xsession_exec_t,s0)
@@ -13475,15 +13475,7 @@
#
# /opt
#
-@@ -59,6 +54,7 @@
-
- /usr/(s)?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
-+/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
- /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
- /usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
-@@ -91,14 +87,19 @@
+@@ -91,14 +86,19 @@
/var/lib/[xkw]dm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
/var/lib/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
@@ -13956,7 +13948,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-11-14 11:22:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-11-15 16:23:05.000000000 -0500
@@ -16,6 +16,13 @@
## <desc>
@@ -14000,15 +13992,16 @@
allow xdm_t self:fifo_file rw_fifo_file_perms;
allow xdm_t self:shm create_shm_perms;
allow xdm_t self:sem create_sem_perms;
-@@ -110,6 +123,7 @@
+@@ -110,6 +123,8 @@
allow xdm_t self:key { search link write };
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
-+read_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
++manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
++manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -132,15 +146,20 @@
+@@ -132,15 +147,20 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -14030,7 +14023,7 @@
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -185,6 +204,7 @@
+@@ -185,6 +205,7 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_all_nodes(xdm_t)
corenet_udp_bind_all_nodes(xdm_t)
@@ -14038,7 +14031,7 @@
corenet_tcp_connect_all_ports(xdm_t)
corenet_sendrecv_all_client_packets(xdm_t)
# xdm tries to bind to biff_port_t
-@@ -197,6 +217,7 @@
+@@ -197,6 +218,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -14046,7 +14039,7 @@
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -209,8 +230,8 @@
+@@ -209,8 +231,8 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -14057,7 +14050,7 @@
dev_getattr_power_mgmt_dev(xdm_t)
dev_setattr_power_mgmt_dev(xdm_t)
-@@ -246,6 +267,7 @@
+@@ -246,6 +268,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -14065,7 +14058,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -257,6 +279,7 @@
+@@ -257,6 +280,7 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -14073,7 +14066,7 @@
miscfiles_read_localization(xdm_t)
miscfiles_read_fonts(xdm_t)
-@@ -268,9 +291,14 @@
+@@ -268,9 +292,14 @@
userdom_create_all_users_keys(xdm_t)
# for .dmrc
userdom_read_unpriv_users_home_content_files(xdm_t)
@@ -14088,7 +14081,7 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -306,6 +334,11 @@
+@@ -306,6 +335,11 @@
optional_policy(`
consolekit_dbus_chat(xdm_t)
@@ -14100,7 +14093,7 @@
')
optional_policy(`
-@@ -348,12 +381,8 @@
+@@ -348,12 +382,8 @@
')
optional_policy(`
@@ -14114,7 +14107,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -385,7 +414,7 @@
+@@ -385,7 +415,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -14123,7 +14116,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -397,6 +426,15 @@
+@@ -397,6 +427,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -14139,7 +14132,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -425,6 +463,14 @@
+@@ -425,6 +464,14 @@
')
optional_policy(`
@@ -14154,7 +14147,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -434,47 +480,26 @@
+@@ -434,47 +481,26 @@
')
optional_policy(`
@@ -15603,7 +15596,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2007-11-14 10:14:51.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2007-11-15 16:02:47.000000000 -0500
@@ -65,11 +65,13 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -15650,7 +15643,15 @@
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -236,6 +243,8 @@
+@@ -223,6 +230,7 @@
+ /usr/lib(64)?/libmp3lame\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ # Flash plugin, Macromedia
++HOME_DIR/\.gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -236,6 +244,8 @@
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -15659,7 +15660,7 @@
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
-@@ -284,3 +293,10 @@
+@@ -284,3 +294,10 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.578
retrieving revision 1.579
diff -u -r1.578 -r1.579
--- selinux-policy.spec 15 Nov 2007 15:39:43 -0000 1.578
+++ selinux-policy.spec 15 Nov 2007 21:24:52 -0000 1.579
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 55%{?dist}
+Release: 56%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,6 +380,10 @@
%endif
%changelog
+* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-56
+- Remove /usr/sbin/gdm label
+- Label gstreamer codecs in homedir as textrel_shlib_t
+
* Wed Nov 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-55
- Allow spamd to manage razor files
More information about the fedora-extras-commits
mailing list