rpms/selinux-policy/F-8 policy-20070703.patch,1.138,1.139
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sat Nov 17 12:26:42 UTC 2007
- Previous message (by thread): rpms/selinux-policy/F-8 booleans-targeted.conf, 1.34, 1.35 policy-20070703.patch, 1.137, 1.138 selinux-policy.spec, 1.579, 1.580
- Next message (by thread): rpms/rhythmbox/F-8 rb-fix-broken-daap-playback.patch, NONE, 1.1 rhythmbox.spec, 1.145, 1.146 rb-disable-broken-daap-stream-playback.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26772
Modified Files:
policy-20070703.patch
Log Message:
* Fri Nov 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
xguest_mount_media
xguest_connect_network
xguest_use_bluetooth
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.138
retrieving revision 1.139
diff -u -r1.138 -r1.139
--- policy-20070703.patch 17 Nov 2007 11:30:22 -0000 1.138
+++ policy-20070703.patch 17 Nov 2007 12:26:40 -0000 1.139
@@ -1272,8 +1272,8 @@
+/var/log/kismet(/.*)? gen_context(system_u:object_r:kismet_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.0.8/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2007-10-29 23:59:29.000000000 -0400
-@@ -0,0 +1,276 @@
++++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2007-11-17 07:11:45.000000000 -0500
+@@ -0,0 +1,277 @@
+
+## <summary>policy for kismet</summary>
+
@@ -1475,9 +1475,10 @@
+ type kismet_log_t;
+ ')
+
-+ manage_dirs_pattern($1,kismet_log_t,kismet_log_t)
-+ manage_files_pattern($1,kismet_log_t,kismet_log_t)
-+ manage_lnk_files_pattern($1,kismet_log_t,kismet_log_t)
++ logging_search_logs($1)
++ manage_dirs_pattern($1,kismet_log_t,kismet_log_t)
++ manage_files_pattern($1,kismet_log_t,kismet_log_t)
++ manage_lnk_files_pattern($1,kismet_log_t,kismet_log_t)
+')
+
+########################################
@@ -2261,7 +2262,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te 2007-11-01 11:49:52.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te 2007-11-17 07:10:47.000000000 -0500
@@ -28,6 +28,7 @@
files_purge_tmp(tmpreaper_t)
# why does it need setattr?
@@ -18042,7 +18043,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.8/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.te 2007-11-13 14:37:46.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.te 2007-11-17 07:01:29.000000000 -0500
@@ -5,36 +5,52 @@
#
# Declarations
@@ -18103,7 +18104,7 @@
libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
-@@ -42,37 +58,39 @@
+@@ -42,37 +58,40 @@
logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -18149,10 +18150,11 @@
unconfined_domain(unconfined_crond_t)
+ unconfined_domain(unconfined_crontab_t)
+ role system_r types unconfined_crontab_t;
++ rpm_transition_script(unconfined_crond_t)
')
optional_policy(`
-@@ -107,22 +125,22 @@
+@@ -107,22 +126,22 @@
optional_policy(`
oddjob_dbus_chat(unconfined_t)
')
@@ -18181,7 +18183,7 @@
')
optional_policy(`
-@@ -130,15 +148,10 @@
+@@ -130,15 +149,10 @@
')
optional_policy(`
@@ -18199,7 +18201,7 @@
')
optional_policy(`
-@@ -154,33 +167,20 @@
+@@ -154,33 +168,20 @@
')
optional_policy(`
@@ -18237,7 +18239,7 @@
')
optional_policy(`
-@@ -205,11 +205,22 @@
+@@ -205,11 +206,22 @@
')
optional_policy(`
@@ -18262,7 +18264,7 @@
')
########################################
-@@ -219,14 +230,28 @@
+@@ -219,14 +231,28 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
@@ -18302,7 +18304,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-16 17:13:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-17 07:03:58.000000000 -0500
@@ -29,8 +29,9 @@
')
@@ -19596,7 +19598,7 @@
+#
+template(`userdom_restricted_xwindows_user_template', `
+
-+userdom_unpriv_login_user($1)
++userdom_restricted_user_template($1)
+# Should be optional but policy will not build because of compiler problems
+# Must be before xwindows calls
+#optional_policy(`
@@ -20216,7 +20218,7 @@
+## <summary>Policy for guest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.8/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/guest.te 2007-11-16 17:15:41.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/users/guest.te 2007-11-17 06:47:50.000000000 -0500
@@ -0,0 +1,4 @@
+policy_module(guest,1.0.1)
+userdom_restricted_user_template(guest)
@@ -20234,8 +20236,8 @@
+## <summary>Policy for logadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.8/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/logadm.te 2007-10-29 23:59:29.000000000 -0400
-@@ -0,0 +1,12 @@
++++ serefpolicy-3.0.8/policy/modules/users/logadm.te 2007-11-17 06:46:41.000000000 -0500
+@@ -0,0 +1,11 @@
+policy_module(logadm,1.0.0)
+
+########################################
@@ -20246,8 +20248,7 @@
+
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
-+logging_syslog_admin(logadm, logadm_t, logadm_r)
-+logging_audit_admin(logadm, logadm_t, logadm_r)
++logging_admin(logadm_t, logadm_r, { logadm_tty_device_t logadm_devpts_t })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.0.8/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.8/policy/modules/users/metadata.xml 2007-10-29 23:59:29.000000000 -0400
@@ -20265,7 +20266,7 @@
+## <summary>Policy for webadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.0.8/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/webadm.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/users/webadm.te 2007-11-17 06:49:48.000000000 -0500
@@ -0,0 +1,42 @@
+policy_module(webadm,1.0.0)
+
@@ -20275,6 +20276,7 @@
+#
+
+userdom_base_user_template(webadm)
++
+allow webadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
+bool webadm_read_user_files false;
@@ -20292,7 +20294,6 @@
+}
+
+files_dontaudit_search_all_dirs(webadm_t)
-+files_manage_generic_locks(webadm_t)
+files_list_var(webadm_t)
+selinux_get_enforce_mode(webadm_t)
+seutil_domtrans_setfiles(webadm_t)
@@ -20302,7 +20303,7 @@
+userdom_dontaudit_search_sysadm_home_dirs(webadm_t)
+userdom_dontaudit_search_generic_user_home_dirs(webadm_t)
+
-+apache_admin(webadm, webadm_t, webadm_r)
++apache_admin(webadm_t, webadm_r, { webadm_tty_device_t webadm_devpts_t })
+
+gen_require(`
+ type gadmin_t;
- Previous message (by thread): rpms/selinux-policy/F-8 booleans-targeted.conf, 1.34, 1.35 policy-20070703.patch, 1.137, 1.138 selinux-policy.spec, 1.579, 1.580
- Next message (by thread): rpms/rhythmbox/F-8 rb-fix-broken-daap-playback.patch, NONE, 1.1 rhythmbox.spec, 1.145, 1.146 rb-disable-broken-daap-stream-playback.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list