rpms/selinux-policy/F-8 policy-20070703.patch, 1.142, 1.143 selinux-policy.spec, 1.583, 1.584
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Nov 21 22:21:23 UTC 2007
- Previous message (by thread): rpms/gtkterm/FC-6 gtkterm-0.99.5-sendhex.patch, NONE, 1.1 gtkterm.spec, 1.11, 1.12
- Next message (by thread): rpms/libdvdnav/devel libdvdnav-destdir.patch, NONE, 1.1 libdvdnav-libdir.patch, NONE, 1.1 libdvdnav-soname.patch, NONE, 1.1 libdvdnav-svn.patch, NONE, 1.1 libdvdnav-version.patch, NONE, 1.1 libdvdnav.spec, 1.1, 1.2 libdvdnav-dvdread-udf.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8439
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
- Allow cupsd to sigkill hplip_t
- Allow automount to create fifo files
- Allow xguest to mount hal devices and read/write file systems
- that do not support extended attributes. Allows kiosk users to
- copy to usb media
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- policy-20070703.patch 20 Nov 2007 22:25:54 -0000 1.142
+++ policy-20070703.patch 21 Nov 2007 22:21:19 -0000 1.143
@@ -6463,6 +6463,17 @@
dev_read_sound(entropyd_t)
fs_getattr_all_fs(entropyd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.0.8/policy/modules/services/automount.fc
+--- nsaserefpolicy/policy/modules/services/automount.fc 2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/automount.fc 2007-11-21 12:28:02.000000000 -0500
+@@ -12,4 +12,6 @@
+ # /var
+ #
+
+-/var/run/autofs(/.*)? gen_context(system_u:object_r:automount_var_run_t,s0)
++/var/run/autofs.* gen_context(system_u:object_r:automount_var_run_t,s0)
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.0.8/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/automount.if 2007-10-29 23:59:29.000000000 -0400
@@ -6490,14 +6501,14 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.0.8/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/automount.te 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/automount.te 2007-11-21 12:31:35.000000000 -0500
@@ -52,7 +52,8 @@
files_root_filetrans(automount_t,automount_tmp_t,dir)
manage_files_pattern(automount_t,automount_var_run_t,automount_var_run_t)
-files_pid_filetrans(automount_t,automount_var_run_t,file)
-+manage_sock_files_pattern(automount_t,automount_var_run_t,automount_var_run_t)
-+files_pid_filetrans(automount_t,automount_var_run_t,{ file sock_file })
++manage_fifo_files_pattern(automount_t,automount_var_run_t,automount_var_run_t)
++files_pid_filetrans(automount_t,automount_var_run_t,{ file fifo_file })
kernel_read_kernel_sysctls(automount_t)
kernel_read_irq_sysctls(automount_t)
@@ -7438,7 +7449,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-11-12 17:21:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-11-21 09:29:27.000000000 -0500
@@ -48,9 +48,8 @@
type hplip_t;
type hplip_exec_t;
@@ -7474,12 +7485,13 @@
allow cupsd_t cupsd_exec_t:lnk_file read;
manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
-@@ -122,13 +120,13 @@
+@@ -122,13 +120,14 @@
manage_sock_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
-read_files_pattern(cupsd_t,hplip_etc_t,hplip_etc_t)
-
++allow cupsd_t hplip_t:process sigkill;
allow cupsd_t hplip_var_run_t:file { read getattr };
stream_connect_pattern(cupsd_t,ptal_var_run_t,ptal_var_run_t,ptal_t)
@@ -7490,7 +7502,7 @@
kernel_read_system_state(cupsd_t)
kernel_read_network_state(cupsd_t)
kernel_read_all_sysctls(cupsd_t)
-@@ -150,21 +148,26 @@
+@@ -150,21 +149,26 @@
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
@@ -7518,7 +7530,7 @@
mls_file_downgrade(cupsd_t)
mls_file_write_all_levels(cupsd_t)
mls_file_read_all_levels(cupsd_t)
-@@ -174,6 +177,7 @@
+@@ -174,6 +178,7 @@
term_search_ptys(cupsd_t)
auth_domtrans_chk_passwd(cupsd_t)
@@ -7526,7 +7538,7 @@
auth_dontaudit_read_pam_pid(cupsd_t)
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-@@ -187,7 +191,7 @@
+@@ -187,7 +192,7 @@
# read python modules
files_read_usr_files(cupsd_t)
# for /var/lib/defoma
@@ -7535,7 +7547,7 @@
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
-@@ -196,12 +200,9 @@
+@@ -196,12 +201,9 @@
files_read_var_symlinks(cupsd_t)
# for /etc/printcap
files_dontaudit_write_etc_files(cupsd_t)
@@ -7549,7 +7561,7 @@
init_exec_script_files(cupsd_t)
-@@ -221,17 +222,38 @@
+@@ -221,17 +223,38 @@
sysnet_read_config(cupsd_t)
@@ -7588,7 +7600,7 @@
apm_domtrans_client(cupsd_t)
')
-@@ -263,16 +285,16 @@
+@@ -263,16 +286,16 @@
')
optional_policy(`
@@ -7609,7 +7621,7 @@
seutil_sigchld_newrole(cupsd_t)
')
-@@ -331,6 +353,7 @@
+@@ -331,6 +354,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -7617,7 +7629,7 @@
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -377,6 +400,14 @@
+@@ -377,6 +401,14 @@
')
optional_policy(`
@@ -7632,7 +7644,7 @@
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -393,6 +424,7 @@
+@@ -393,6 +425,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -7640,7 +7652,7 @@
')
optional_policy(`
-@@ -482,6 +514,8 @@
+@@ -482,6 +515,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -7649,7 +7661,7 @@
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -489,22 +523,12 @@
+@@ -489,22 +524,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -7672,7 +7684,7 @@
########################################
#
# HPLIP local policy
-@@ -525,11 +549,9 @@
+@@ -525,11 +550,9 @@
allow hplip_t cupsd_etc_t:dir search;
cups_stream_connect(hplip_t)
@@ -7687,7 +7699,7 @@
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +582,9 @@
+@@ -560,7 +583,9 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -7698,7 +7710,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,8 +611,6 @@
+@@ -587,8 +612,6 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -7707,7 +7719,7 @@
optional_policy(`
seutil_sigchld_newrole(hplip_t)
')
-@@ -668,3 +690,15 @@
+@@ -668,3 +691,15 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -18444,7 +18456,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-20 17:17:41.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-11-20 17:23:44.000000000 -0500
@@ -29,8 +29,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.583
retrieving revision 1.584
diff -u -r1.583 -r1.584
--- selinux-policy.spec 20 Nov 2007 22:25:54 -0000 1.583
+++ selinux-policy.spec 21 Nov 2007 22:21:19 -0000 1.584
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 59%{?dist}
+Release: 60%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -303,7 +303,7 @@
exit 0
-%triggerpostun targeted -- selinux-policy-targeted < 3.0.8-44-1
+%triggerpostun targeted -- selinux-policy-targeted =< 3.0.8-59-1
semanage user -m -r s0-s0:c0.c1023 unconfined_u 2> /dev/null
exit 0
@@ -380,6 +380,13 @@
%endif
%changelog
+* Wed Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-60
+- Allow cupsd to sigkill hplip_t
+- Allow automount to create fifo files
+- Allow xguest to mount hal devices and read/write file systems
+- that do not support extended attributes. Allows kiosk users to
+- copy to usb media
+
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-59
- Allow logwatch to search all directories
- Allow sendmail to use sasl
- Previous message (by thread): rpms/gtkterm/FC-6 gtkterm-0.99.5-sendhex.patch, NONE, 1.1 gtkterm.spec, 1.11, 1.12
- Next message (by thread): rpms/libdvdnav/devel libdvdnav-destdir.patch, NONE, 1.1 libdvdnav-libdir.patch, NONE, 1.1 libdvdnav-soname.patch, NONE, 1.1 libdvdnav-svn.patch, NONE, 1.1 libdvdnav-version.patch, NONE, 1.1 libdvdnav.spec, 1.1, 1.2 libdvdnav-dvdread-udf.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list