rpms/selinux-policy/F-7 policy-20070501.patch, 1.77, 1.78 selinux-policy.spec, 1.507, 1.508

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Nov 26 16:04:18 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24586

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-59
- Allow udev to relabel lnk_files on /dev


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- policy-20070501.patch	20 Nov 2007 12:11:26 -0000	1.77
+++ policy-20070501.patch	26 Nov 2007 16:04:14 -0000	1.78
@@ -2124,7 +2124,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-10-18 17:12:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-11-20 08:25:59.000000000 -0500
 @@ -12,6 +12,7 @@
  /dev/atibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/audio.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
@@ -2142,7 +2142,15 @@
  /dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
  /dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
  /dev/hw_random		-c	gen_context(system_u:object_r:random_device_t,s0)
-@@ -52,7 +55,7 @@
+@@ -28,6 +31,7 @@
+ /dev/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/kmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+ /dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
++/dev/lircm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/logibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
+ /dev/mcelog		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+@@ -52,7 +56,7 @@
  /dev/radio.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/random		-c	gen_context(system_u:object_r:random_device_t,s0)
  /dev/raw1394.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
@@ -2151,7 +2159,7 @@
  /dev/sequencer		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/sequencer2		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/smpte.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -63,7 +66,9 @@
+@@ -63,7 +67,9 @@
  /dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
@@ -2161,7 +2169,7 @@
  /dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  ifdef(`distro_suse', `
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -81,6 +86,8 @@
+@@ -81,6 +87,8 @@
  
  /dev/bus/usb/.*/[0-9]+	-c	gen_context(system_u:object_r:usb_device_t,s0)
  
@@ -2170,7 +2178,7 @@
  /dev/cpu/.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
  /dev/cpu/mtrr		-c	gen_context(system_u:object_r:mtrr_device_t,s0)
  
-@@ -92,6 +99,7 @@
+@@ -92,6 +100,7 @@
  /dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
  /dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/input/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
@@ -2178,7 +2186,7 @@
  
  /dev/mapper/control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
  
-@@ -107,6 +115,10 @@
+@@ -107,6 +116,10 @@
  /dev/xen/blktap.*	-c	gen_context(system_u:object_r:xen_device_t,s0)
  /dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
  
@@ -2191,7 +2199,7 @@
  /lib/udev/devices	-d		gen_context(system_u:object_r:device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if	2007-11-01 14:04:31.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if	2007-11-26 10:03:12.000000000 -0500
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -5839,7 +5847,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-2.6.4/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/exim.if	2007-10-05 09:28:30.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/exim.if	2007-11-26 11:02:37.000000000 -0500
 @@ -0,0 +1,157 @@
 +## <summary>Exim service</summary>
 +
@@ -5860,7 +5868,7 @@
 +	')
 +
 +	corecmd_search_sbin($1)
-+	domtrans_pattern($1, exim_t, exim_exec_t)
++	domtrans_pattern($1, exim_exec_t, exim_t)
 +')
 +
 +########################################
@@ -8660,8 +8668,16 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.6.4/policy/modules/services/rhgb.te
 --- nsaserefpolicy/policy/modules/services/rhgb.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rhgb.te	2007-08-07 09:42:35.000000000 -0400
-@@ -105,6 +105,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/rhgb.te	2007-11-20 07:03:48.000000000 -0500
+@@ -73,6 +73,7 @@
+ fs_mount_ramfs(rhgb_t)
+ fs_unmount_ramfs(rhgb_t)
+ fs_getattr_tmpfs(rhgb_t)
++fs_getattr_xattr_fs(rhgb_t)
+ # for ramfs file systems
+ fs_manage_ramfs_dirs(rhgb_t)
+ fs_manage_ramfs_files(rhgb_t)
+@@ -105,6 +106,7 @@
  
  userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
  userdom_dontaudit_search_sysadm_home_dirs(rhgb_t)
@@ -12102,7 +12118,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.6.4/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/init.te	2007-11-16 09:39:37.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/system/init.te	2007-11-20 07:09:04.000000000 -0500
 @@ -10,13 +10,20 @@
  # Declarations
  #
@@ -12223,15 +12239,11 @@
  ')
  
  optional_policy(`
-@@ -786,3 +815,8 @@
+@@ -786,3 +815,4 @@
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')
 +
-+optional_policy(`
-+	rpm_dontaudit_rw_pipes(daemon)
-+')
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.6.4/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/ipsec.if	2007-08-07 09:42:35.000000000 -0400
@@ -12337,8 +12349,18 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc	2007-11-08 16:05:30.000000000 -0500
-@@ -81,8 +81,10 @@
++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc	2007-11-23 05:59:39.000000000 -0500
+@@ -9,6 +9,9 @@
+ /emul/ia32-linux/lib/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:shlib_t,s0)
+ /emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
+ ')
++/opt/Adobe(/.*?)/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/firefox-[^/]/plugins/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/mozilla/plugins/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ ifdef(`distro_gentoo',`
+ /emul/linux/x86/usr(/.*)?/lib(/.*)?		gen_context(system_u:object_r:lib_t,s0)
+@@ -81,8 +84,10 @@
  /opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/cxoffice/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12350,7 +12372,7 @@
  
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
-@@ -132,13 +134,16 @@
+@@ -132,13 +137,16 @@
  
  /usr/(.*/)?nvidia/.+\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -12368,7 +12390,7 @@
  /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -157,6 +162,8 @@
+@@ -157,6 +165,8 @@
  /usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12377,7 +12399,7 @@
  
  /usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/libXvMCNVIDIA\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -254,6 +261,8 @@
+@@ -254,6 +264,8 @@
  /usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libdivxencore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -12386,6 +12408,11 @@
  /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  # vmware 
+@@ -306,3 +318,4 @@
+ /var/spool/postfix/lib(64)?/lib.*\.so.*	--	gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/devfsd/.+\.so.* --	gen_context(system_u:object_r:shlib_t,s0)
++/opt/Adobe/Reader8/Reader/intellinux/plug_ins/.*\.api	 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/libraries.te	2007-08-20 17:13:12.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.507
retrieving revision 1.508
diff -u -r1.507 -r1.508
--- selinux-policy.spec	20 Nov 2007 12:11:27 -0000	1.507
+++ selinux-policy.spec	26 Nov 2007 16:04:14 -0000	1.508
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 58%{?dist}
+Release: 59%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@
 %endif
 
 %changelog
+* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-59
+- Allow udev to relabel lnk_files on /dev
+
 * Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-58
 - Allow rhgb to getattr on filesystems
 - Allow dictd to use /var/run direcory

More information about the fedora-extras-commits mailing list