rpms/selinux-policy/F-7 policy-20070501.patch, 1.77, 1.78 selinux-policy.spec, 1.507, 1.508
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Nov 26 16:04:18 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24586
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-59
- Allow udev to relabel lnk_files on /dev
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- policy-20070501.patch 20 Nov 2007 12:11:26 -0000 1.77
+++ policy-20070501.patch 26 Nov 2007 16:04:14 -0000 1.78
@@ -2124,7 +2124,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-10-18 17:12:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-11-20 08:25:59.000000000 -0500
@@ -12,6 +12,7 @@
/dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -2142,7 +2142,15 @@
/dev/hiddev.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/hpet -c gen_context(system_u:object_r:clock_device_t,s0)
/dev/hw_random -c gen_context(system_u:object_r:random_device_t,s0)
-@@ -52,7 +55,7 @@
+@@ -28,6 +31,7 @@
+ /dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+ /dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
++/dev/lircm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
+ /dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+@@ -52,7 +56,7 @@
/dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/dev/raw1394.* -c gen_context(system_u:object_r:v4l_device_t,s0)
@@ -2151,7 +2159,7 @@
/dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0)
-@@ -63,7 +66,9 @@
+@@ -63,7 +67,9 @@
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
@@ -2161,7 +2169,7 @@
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -81,6 +86,8 @@
+@@ -81,6 +87,8 @@
/dev/bus/usb/.*/[0-9]+ -c gen_context(system_u:object_r:usb_device_t,s0)
@@ -2170,7 +2178,7 @@
/dev/cpu/.* -c gen_context(system_u:object_r:cpu_device_t,s0)
/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0)
-@@ -92,6 +99,7 @@
+@@ -92,6 +100,7 @@
/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0)
/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
@@ -2178,7 +2186,7 @@
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
-@@ -107,6 +115,10 @@
+@@ -107,6 +116,10 @@
/dev/xen/blktap.* -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/xen/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
@@ -2191,7 +2199,7 @@
/lib/udev/devices -d gen_context(system_u:object_r:device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-11-01 14:04:31.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-11-26 10:03:12.000000000 -0500
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -5839,7 +5847,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-2.6.4/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/exim.if 2007-10-05 09:28:30.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/exim.if 2007-11-26 11:02:37.000000000 -0500
@@ -0,0 +1,157 @@
+## <summary>Exim service</summary>
+
@@ -5860,7 +5868,7 @@
+ ')
+
+ corecmd_search_sbin($1)
-+ domtrans_pattern($1, exim_t, exim_exec_t)
++ domtrans_pattern($1, exim_exec_t, exim_t)
+')
+
+########################################
@@ -8660,8 +8668,16 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.6.4/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-08-07 09:42:35.000000000 -0400
-@@ -105,6 +105,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-11-20 07:03:48.000000000 -0500
+@@ -73,6 +73,7 @@
+ fs_mount_ramfs(rhgb_t)
+ fs_unmount_ramfs(rhgb_t)
+ fs_getattr_tmpfs(rhgb_t)
++fs_getattr_xattr_fs(rhgb_t)
+ # for ramfs file systems
+ fs_manage_ramfs_dirs(rhgb_t)
+ fs_manage_ramfs_files(rhgb_t)
+@@ -105,6 +106,7 @@
userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
userdom_dontaudit_search_sysadm_home_dirs(rhgb_t)
@@ -12102,7 +12118,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.6.4/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-11-16 09:39:37.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-11-20 07:09:04.000000000 -0500
@@ -10,13 +10,20 @@
# Declarations
#
@@ -12223,15 +12239,11 @@
')
optional_policy(`
-@@ -786,3 +815,8 @@
+@@ -786,3 +815,4 @@
optional_policy(`
zebra_read_config(initrc_t)
')
+
-+optional_policy(`
-+ rpm_dontaudit_rw_pipes(daemon)
-+')
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.6.4/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/system/ipsec.if 2007-08-07 09:42:35.000000000 -0400
@@ -12337,8 +12349,18 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-11-08 16:05:30.000000000 -0500
-@@ -81,8 +81,10 @@
++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-11-23 05:59:39.000000000 -0500
+@@ -9,6 +9,9 @@
+ /emul/ia32-linux/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
+ /emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
+ ')
++/opt/Adobe(/.*?)/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/firefox-[^/]/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ ifdef(`distro_gentoo',`
+ /emul/linux/x86/usr(/.*)?/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
+@@ -81,8 +84,10 @@
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12350,7 +12372,7 @@
ifdef(`distro_gentoo',`
# despite the extensions, they are actually libs
-@@ -132,13 +134,16 @@
+@@ -132,13 +137,16 @@
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12368,7 +12390,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -157,6 +162,8 @@
+@@ -157,6 +165,8 @@
/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12377,7 +12399,7 @@
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -254,6 +261,8 @@
+@@ -254,6 +264,8 @@
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -12386,6 +12408,11 @@
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
+@@ -306,3 +318,4 @@
+ /var/spool/postfix/lib(64)?/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/devfsd/.+\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
++/opt/Adobe/Reader8/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-08-20 17:13:12.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.507
retrieving revision 1.508
diff -u -r1.507 -r1.508
--- selinux-policy.spec 20 Nov 2007 12:11:27 -0000 1.507
+++ selinux-policy.spec 26 Nov 2007 16:04:14 -0000 1.508
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 58%{?dist}
+Release: 59%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -363,6 +363,9 @@
%endif
%changelog
+* Mon Nov 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-59
+- Allow udev to relabel lnk_files on /dev
+
* Tue Nov 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-58
- Allow rhgb to getattr on filesystems
- Allow dictd to use /var/run direcory
More information about the fedora-extras-commits
mailing list